Alert Logic Threat Manager release notes

Alert Logic Threat Manager release notes

Release date: July 23, 2019- Agent Version 2.9.10 (event log collector only)

Bug fixes

  • Fixed resource DLL cache leaks after load errors.
  • Fixed invalid parameter errors for resource DLLs in default search path.
  • Fixed spurious errors from trying to open event logs we are not going to collect (disabled or analytic/debug).

Release date: July 2, 2019- Agent Version 2.9.9

Features

Cached appliance configurations containing sensitive data (usernames, passwords and private keys) are encrypted at rest.

Bug fixes

  • Corrected the usage of SNI header in TLS connections, which caused some proxies to misroute agent requests to data centers.
  • Master agent periodically retries failed restarts of crashed collectors, instead of leaving them stopped.
  • Fixed incorrect formatting of event log messages with certain patterns and publishers.
  • Fixed collection of non-ASCII event log stream names.
  • TM appliance agent periodically retries configuring the balancer framework if this fails.

Release date: May 21, 2019- Agent Version 2.9.8

Bug fixes

Fixed memory leak in metadata transport procedure, causing master agent to exceed the memory limits defined for ECS and K8s jobs with frequently updated metadata.

Release date: April 30, 2019- Agent Version 2.9.7

Bug fixes

  • Updated Npcap installer from version 0.99-r7 to 0.993 to support Windows versions 1809 and above.
  • Fixed handling of configuration items larger than 8 KB (e.g. long whitelists), which previously resulted in config failures and no service on Windows.

Release date: April 26, 2019- Agent Version 2.9.6

Bug fixes

Fixed expired code signing certificate for Windows exes and package.

Release date: March 12, 2019- Agent Version 2.9.5

Features

Health errors and warning codes now use unique values, allowing them to be mapped unambiguously to remediation actions for NG offering.

Release date: December 14, 2018- Agent Version 2.9.4

Bug fixes

  • Docker container log collection is now controlled by a separate protocol setting, without depending on TCP collection policy setting.
  • Fixed possible crash with > FD_SETSIZE connections and a problem with docker container socket re-use.

Release date: November 16, 2018- Agent Version 2.9.3

Features

  • The Windows version of the universal agent now installs Npcap OEM instead of WinPcap where needed (and supported). If already installed, the agent will work with either Npcap or WinPcap. Npcap is preferred if both are installed.
  • Master and updater support for alternative version and install commands for each component (needed for Npcap support).

Release date: November 6, 2018- Agent Version 2.9.2

Bug fixes

  • Fixed resource leak with Azure provisioning requests.

Release date: October 25, 2018- Agent Version 2.9.1 (Legacy Threat Manager and new customers only)

Features

  • Provided agent IP address and hostname info with data center (standalone) provisioning requests.
  • Adapted al-scanappliance agent to work on legacy Threat Manager appliances.

Release date: October 3, 2018- Agent Version 2.9.0

Features

  • Added Docker container log collection support to the al-agent syslog collector. The agent automatically discovers new containers, opens their log streams, and forwards their logs to Log Manager.

Release date: June 13, 2018- Agent Version 2.8.2

Bug fixes

  • Alert Logic can now extract Docker metadata without lags while a container is being stopped.
  • Protection goes into effect with fewer delays when multiple new Docker containers are spinning up in the same cluster.

Release date: May 31, 2018- Agent Version 2.8.1

Bug fixes

  • Custom containerized deployments of the agent now run as expected. Be sure your containers are assigned a SYS_ADMIN capability or run in privileged mode.

Release date: May 17, 2018- Agent Version 2.8.0

Bug fixes

None

Features

  • This release adds support for the ingest transport channel. The agent will receive and store ingest transport configuration from the back-end controller and will transport the host metadata directly to the ingest service if possible, unless configured otherwise at install time.
  • This release extends Azure metadata support. The agent will utilize the recently introduced Azure instance metadata service to collect additional metadata for Azure deployments.
  • This release phases out the previous private PKI for TLS certificate chain validation, and replaces it with a public CA bundle and CN/SAN validation.

Security

None

Changes

None

Notice

None

Release date: March 8, 2018- Framework Version 4.2.1

Bug fixes

  • Remediated an issue that can lead to duplicate post data in a deny log
  • Remediated an issue that resulted in a memory leak
  • Remediated an issue where the PWAF module would block the framework from functioning properly

Features

None

Security

None

Changes

None

Notice

None

Release date: February 22, 2018 (UK); March 1, 2018 (US)

Bug fixes

  • This release resolves an issue where customers could not save Threat Manager configurations on newly spun up appliances. With this release, Threat Manager configurations can be saved, even if the appliance does not have a monitoring policy.

Features

None

Security

None

Changes

None

Notice

None

Release Date: October 20, 2017 – Version 2.6.0

Bug fixes

  • Specifying backup controller host/port no longer triggers a bogus error state on fail-over

Features

  • The Threat Manager agent no longer waits several minutes until its next check-in to fail over to other appliances in its assignment policy in case its preferred appliance is unavailable (fail-over happens without back-end intervention)
  • A configured but freshly restarted Threat Manager agent no longer depends on the back-end availability to connect to appliances (locally cached config is used to connect to appliances immediately in assignment policy order, starting with the preferred appliance)
  • Agent provisioning is more robust against intermittent or persistent failures (agents will now use limited retries for provisioning errors)

Security

None

Changes

None

Notice

None

Release Date: June 11, 2017 – Version 2.5.1

Bug fixes

  • Amazon Inspector no longer detects the agent as a medium vulnerability due to the lack of stack security cookies in Linux executables.

Features

None

Security

None

Changes

None

Notice

  • Product Management authored a notification released to specific customers who had inquired about the vulnerability when it appeared in scanning reports.

Release Date: April 13, 2017 – Version 2.5.0

Bug fixes

None

Features

  • Detection of container IP addresses for Universal Agent hosts running Docker (required in order to analyze traffic generated in Docker containers by Threat Manager appliances).

Security

None

Changes

None

Notice

None

Release Date: March 16 and 17, 2017 – Versions 2.4.0 and 2.4.1

Bug fixes

  • Removed a retry-loop logic bug which was causing very rapid connections to provisioning service and had the possibility of causing a provisioning outage (v2.4.1).

Features

  • Auto-claim functionality to Threat Manager and Log Manager appliances and agents deployed in converged AWSand Azure cloud environments. Agents and appliances deployed in such environments no longer require a provisioning key to claim (v2.4.0).

Security

None

Changes

None

Notice

  • Product Management authored two unique notification released to customers two weeks prior to the generally available release.

Release date: August 18, 2016

Bug fixes

  • None

Features

  • The feature for Agent Alerting is specific to Threat Manager Agents, which have never had the ability to have alert rules associated with them to notify customers when service impacting issues occur. This new feature enables customers to use the Alert Logic console to configure alerts for their agents, and these alerts will notify customers when agents suffer the following conditions:
    • Agent Health State changes to:
      • Offline
      • Error
    • Agents cannot communicate with
      • The appliance
      • The backend

  • The goal is to provide early indication of a problem so that it may be addressed as soon as possible. This feature is necessary because the Alert Logic NOC/TOC does not monitor the status of agents due to the nature of their behavior.

Security

  • None

Changes

  • UI level changes with a new configuration UI to configure collection alerts for Threat Manager agents.

Notice

  • Outreach should occur to existing customers who have mentioned the lack of this functionality. We should work to get a small number of those customers configured properly, and once complete, we should work on broader outreach to the rest of our Threat Manager customer base.

  • public marketing will be done for this feature.

Release date

April 5, 2016

Bug fixes

  • Resolved issue with WSM customers seeing 0.0.0.0 source address for some messages.
  • Improved several out-of-order and other packet handling scenarios (primarily for Web Security Manager).
  • Added several statistics to logs for decrypted traffic.

Security

Release of several shared packages with Web Security Manager:

  • al-threat-sensor-2.2.1-17
  • al-tm-balancer-2.4.9
  • al-tm-decrypter-2.2.72.g38bcc80-2