Skip to content
This repository has been archived by the owner on Mar 22, 2024. It is now read-only.

ElastiFlow v3.4.2
Compare
Choose a tag to compare
@robcowart robcowart released this 03 May 17:43
· 156 commits to master since this release
v3.4.2
89b7797
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

v3.4.2 is a minor release. No migration of data from v3.4.1 to v3.4.2 is required.

Breaking Changes

If you are upgrading from a release prior to 3.4.0, see the Breaking Changes notice for v3.4.0 below.

New Features

  • Added support for Cisco AVC flow records (normalized to ElastiFlow schema)
  • Determine client/server based on SYN+RST TCP flags
  • Support for Elastic Stack 6.7.x

Updates

  • Added A LOT of new Fortinet App IDs
  • Index Pattern now includes all fields from codec definitions
  • Updated GeoLite2-City and GeoLite2-ASN DBs
  • Updated IP Reputation dictionary

Fixes

  • Numerous index template fixes
  • Removed duplicate TCP service names
  • Fixed instances of double close brackets
Assets 2
Loading