Updated the evaluation licensing system allowing the product to request trials for Firewall, O365, Defender, and VPN modules.
Updated EULA agreement.
Log Configurations
CheckPoint
Updated CheckPoint configuration to make use of new session capabilities.
BlueCoat
Added new BlueCoat configuration using new parser system.
Reporting
Visualizer
Added event logging reporting for interface logons and report generation requests.
Parser
Updated parser to allow for import of records that contain just application name and no URL.
Session
Updated parser to be able to identify and update log entries that belong to the same session. This includes updating the session end time and the number of bytes that was transferred for example.
Templates
Updated the template audit section to sort additional number fields as descending by default.
Added ability to filter based on session duration by seconds.
FortiGate
Added ability to disabled session tracking for faster start and stop time lookup.
Added throttling to prevent resource starvation when importing session data.
Data Management
Log Data Setup
Added ability to use epoch time in seconds instead of just milliseconds and nanoseconds.
Corrections
User Management
Groups and IDs
AD import
Changed Permission Group label to Security Group to align with industry standard.
Logon Accounts
Corrected 2-factor authentication issue with newly created AD accounts that prevent logging in.
Data Management
Log Data Setup
Fixed the date time configuration for data source to properly adjust the timezone based on the system default.
Logfile Viewer
Prevent screen from showing license upgrade required for older configurations.
Reporting
No longer not excluding category or application for configurations for records that do not contain URL.
Templates
Corrected issue that doubled the configured fields in the section when editing an Audit section.
Added communication client to talk to Wavecrest App Center.
Added communication for requesting evaluation license for Reporting modules (Firewall, O365,etc etc).
Reporting
Templates
When creating audit section and sorting by Bytes, order by Bytes descending instead of default of Date ascending.
Log Configurations
Updated FortiGate parser to properly handle Web session logging in FortiGate where multiple URLs are visited during a single session. Byte field is calculated for each request during the session (if present).
Firewall Reporting
Templates
Added FortiGate option for Data Type in Report Templates to create sections for FortiGate firewall data.
Data Management
Log Data Setup
Updated configuration wizard to allow customer to choose Wavecrest categories or the categories contained in the device log (if present).
Added ability to enable or disable firewall data collection.
If License upgrade is required for Firewall module, a link is provided to request a free trial using new Secure Communication component.
Added ability to define timezone when no timezone is configured in the device log.
Corrections
Reports
Fixed the total row in the Top Classifications table in Site Analysis report to display the word Total instead of Neutral.
Added ability to customize Application/Sites categorization by either editing existing Application/Sites urls or creating a custom Application/Site.
User Management
Logon Accounts
Added 2-factor authentication to logon accounts. When enabled for an account using the edit Logon Account screen, an email code is sent to the corresponding email address each time that user logs on.
Reports
Application/Sites Sessions
New Web Session reporting. Added web data analyzer to identify user Web Sessions based on a user’s activity to an application. Analyzer is scheduled to run daily to identify sessions for the previous day. Added session fields of Session Start Time, Session Stop time and Session Hits to template reporting and pre-configured Dashboard and panels to Visualizer to display User Session information.
Settings
Session Analyzer
Added new screen to adjust the configurations used by the Session Analyzer. In addition, you can also re-analyze the web data for a given configuration.
Corrections
Health
Corrected problem with lingering connections to metric server leading to performance degradation.
Arrays
Fixed product update instructions to propagating to array members.
Added ability to customize Application/Sites categorization by either editing existing Application/Sites urls or creating a custom Application/Site.
User Management
Logon Accounts
Added 2-factor authentication to logon accounts. When enabled for an account using the edit Logon Account screen, an email code is sent to the corresponding email address each time that user logs on.
Reports
Application/Sites Sessions
New Web Session reporting. Added web data analyzer to identify user Web Sessions based on a user’s activity to an application. Analyzer is scheduled to run daily to identify sessions for the previous day. Added session fields of Session Start Time, Session Stop time and Session Hits to template reporting and pre-configured Dashboard and panels to Visualizer to display User Session information.
Settings
Session Analyzer
Added new screen to adjust the configurations used by the Session Analyzer. In addition, you can also re-analyze the web data for a given configuration.
Data Management
Log Types
Updated CheckPoint parser to be able to parse additional types of records.
Updated Zscaler to:
parse CSV export and Event format.
include additional fields like Super Category.
Removed None as valid application.
Removed default browser value.
Added Tunnel protocol mapping to https
Updated Palo Alto parser to include better header record matching. Prevents issues where URL field is misconfigured.
Parser
Updated parser to properly handle records that have duplicate keys by validating the value.
Updated parser to allow protocol mapping to convert field value to http or https protocol.
Corrections
Health
Corrected problem with lingering connections to metric server leading to performance degradation.
Arrays
Fixed product update instructions to propagating to array members.
Added new Health status page to display the current state of different components in the product through Health Modules. These modules can be configured to trigger notification alert emails when an error is detected. The following modules are currently available:
License Expiration – Checks the number of days left on the license and can trigger warning and error notifications based on days left.
Syslog Inactivity – Checks active syslog ports for data being sent and triggers alert when no data is received in a configurable time period. Module also checks for valid data being received instead of just any data and triggers different error alert accordingly.
Reporting
Dashboard
Visualizer
Added an extensive library of preconfigured charts for users to select when creating new panels.
Library
Updated product to use most recent MySQL library (8.0.33).
Corrections
Dashboard
Removed “AVG Daily Usage” and “AVG Daily Ingestion” tiles because metric is not useful when combined with metric data removal as it is currently. Results include large possible negative numbers.
Added new Health status page to display the current state of different components in the product through Health Modules. These modules can be configured to trigger notification alert emails when an error is detected. The following modules are currently available:
License Expiration – Checks the number of days left on the license and can trigger warning and error notifications based on days left.
Syslog Inactivity – Checks active syslog ports for data being sent and triggers alert when no data is received in a configurable time period. Module also checks for valid data being received instead of just any data and triggers different error alert accordingly.
Reporting
Dashboard
Visualizer
Added an extensive library of preconfigured charts for users to select when creating new panels.
Library
Updated product to use most recent MySQL library (8.0.33).
Corrections
Dashboard
Removed “AVG Daily Usage” and “AVG Daily Ingestion” tiles because metric is not useful when combined with metric data removal as it is currently. Results include large possible negative numbers.
Corrected issue that could cause direct syslog imports to stop working upon a service restart. The file writer continued to work, just the metric server stop receiving the data directly. This was caused by the syslog server attempting to start before the importer had been initialized.