ยซ Changelog History


ElastiFlow v4.0.1 Release Notes

Release Date: 2020-08-12 // about 3 years ago

  • โš  > WARNING! - If you are using a 3.x or earlier release, please refer to the v4.0.0 Breaking Changes.

    ๐Ÿš€ ElastiFlow v4.0.1 is a minor release. No migration of data from v4.0.0 to v4.0.1 is required.

    โšก๏ธ Updates

    • โšก๏ธ Update IP reputation dictionary

    ๐Ÿ›  Fixes

    • ๐Ÿ›  Netflow v5 sources reporting zero bytes and packets in ECS fields has been fixed.
    • TSVB visualizations displaying data in bits/s now use the new bitd custom formatter.

Previous changes from v4.0.0

  • โš  > WARNING! - ElastiFlow v4.0.0 is a major release, and now supports Elastic Common Schema (ECS). Due to significant data model changes there is no upgrade/migration from ElastiFlow 3.x. You should either remove all 3.x indices or deploy ElastiFlow 4.0.0 to a separate environment.

    ๐Ÿ’ฅ Breaking Changes

    ๐Ÿš€ ElastiFlow v4.0.0 is built for Elasticsearch and Kibana 7.8.1 and later. No earlier versions will be supported. Please use a prior ElastiFlow release if you cannot yet upgrade to Elastic Stack 7.8.1+.

    ๐Ÿš€ ElastiFlow v4.0.0 takes advantage of X-Pack Basic features, such as the Maps, SIEM and Logs apps, as well as Index Lifecycle Management (ILM). This means that you must use at least the X-Pack Basic licensed release of the Elastic Stack. The pure Apache 2.0 licensed release of the Elastic Stack will not work without disabling many features.

    ๐Ÿ†• New Features

    • Data model has changed to leverage ECS 1.5.
    • ๐ŸŒฒ Flow data can now be analyzed using the Kibana SIEM and Log apps.
    • 0๏ธโƒฃ Optional resolution of MAC OUIs to vendor names (disabled by default).
    • ๐Ÿ‘ Kibana dark theme is now supported.
    • Geo IP dashboards now leverage the new Kibana Maps app.
    • Applications can now be defined manually by IP address and port number.
    • Palo Alto virtual interface indexes are translated to interfaces names.
    • ๐Ÿ‘Œ Support for VeloCloud, Calix and various Cisco SD-WAN information elements.
    • 0๏ธโƒฃ KQL is now default

    โšก๏ธ Updates

    • ๐ŸŽ Pipeline refactored to simplify various logic, which might improve performance and throughput for some users.
    • ๐Ÿšš YAML dictionaries intended for customization by users have been moved to the logstash/elastiflow/user_settings path.
    • โšก๏ธ Update IP reputation dictionary

    ๐Ÿ›  Fixes

    • Client/Server detection using TCP flags is improved.