Table of Contents¶
- 1. Release Note for GCENTER 2.5.3.101
- 2. New features
- 2.1. ELK update
- 2.2. KIBANA table update
- 2.3. Malcore update
- 2.4. SSH pre-authentication banner
- 2.5. Support for detection rules per monitoring interface and per VLAN (multi-tenancy)
- 2.6. Log export
- 2.7. API
- 2.8. GUM - Cumulative Hotfix
- 2.9. Deep Scan Shellcode
- 2.10. Shellcode and powershell engine
- 2.11. New protocol support
- 2.12. Secure monitoring service
- 2.13. WebUI evolution
- 2.14. GCap profile
- 2.15. Tech Support
- 2.16. GApps Management - Restart GApp
- 3. Patches
- 4. Known problems
- 4.1. Status of last updates
- 4.2. Pairing to a GCAP not possible if no gateway indicated for VPN interface
- 4.3. Pairing to a GCap not possible after GCenter network configuration has been changed
- 4.4. LastInfoSec rules
- 4.5. GUM error management in Local or Online mode
- 4.6. Double booting
- 4.7. Machine Learning engine and CIE editing
- 4.8. Self-signed certificate
- 4.9. Netdata export - temporary lack of information
- 4.10. Netdata export - Incompatibility with Netdata versions higher than 1.19
- 4.11. GUM - Configuration Frequency is not preserved after upgrade
- 4.12. GScan - Edition Critical Infrastructure Edition (CIE)
- 4.13. Sigflow Manager - Transform Category
- 4.14. Sigflow Manager - Error 500 when adding a rule to a custom source
- 4.15. Sigflow Manager - Inconsistency in the display of the number of categories and rules of a category
- 4.16. DGA - Field not present
- 4.17. Third Party - Intelligence
- 4.18. Kibana - Inaccessible tables
- 4.19. Kibana - inconsistency between timestamp fields
- 4.20. Kibana - “Not ready yet”
- 4.21. Kibana - Maps GeoIP
- 4.22. Kibana - UPGRADE
- 4.23. Malcore - Profiles not saved post upgrade
- 4.24. Malcore - not working after a version update
- 4.25. Malcore Management - GScan Profile
- 4.26. Malcore - Incorrect healthcheck status in Critical Infrastructure Edition (CIE) license
- 4.27. Malcore - Analysis unavailable during upgrade
- 4.28. Malcore - File analysis
- 4.29. Malcore - No flow_id
- 4.30. Malcore - Black/White list configuration and application
- 4.31. Malcore - Duplicate Analysis
- 4.32. Malcore - Engine crash due to an overload
- 4.33. Malcore - Analysis engine saturation
- 4.34. Malcore - Service stop due to saturation
- 4.35. Malcore - AV engine deactivation
- 4.36. Malcore - Log export with flow_id=0
- 4.37. Malcore - Inconsistency between webui healthcheck and updates status
- 4.38. Malcore - Error code 3
- 4.39. Malcore - Error code 10
- 4.40. Malcore error filling app_proto field
- 4.41. API - Authentication parameter
- 4.42. API - endpoint /api/alerts not working
- 4.43. Payload and Payload printable options - Drop events
- 4.44. Proxy - Error 500 if unable to resolve name
- 4.45. Gcenter-setup - error message
- 4.46. LDAP Configuration - TLS
- 4.47. LDAP with SSL or STARTTLS
- 4.48. LDAP - GCenter doesn’t close connections
- 4.49. API unavailable during use of LDAP module
- 4.50. Syslog Export - False Enrichment
- 4.51. Syslog export: no malcore analysis of “unknown” files
- 4.52. Syslog export: behaviour during saturations
- 4.53. Syslog export - maximum size of exported logs
- 4.54. Syslog export - Exceptions in log formats
- 4.55. Syslog export - duplicate sigflow alerts
- 4.56. Wrong redirect between Trackwatch logs and dasbboard Syslog
- 4.57. Exception caused by the megaraid driver
- 4.58. Blocked Powershell analysis
- 4.59. Cold or hot data handling exception
- 4.60. Filebeat instability
- 4.61. Default accounts reactivation
- 4.62. GSCAN - maximum analyzed file size
- 4.63. CIP/ENIP protocol activation by default
- 4.64. Display bug to add IPs in external_net
- 4.65. IPsec - Can not establish IPsec link in NAT network
- 5. Hotfix
- 6. Offline version note