Table of Contents¶
- 1. Presentation of GCenter version 2.5.3.102
- 2. New features and improvements
- 3. Patches
- 3.1. Status of the latest updates
- 3.2. Pairing to a GCAP is not possible if there is no gateway set for the VPN interface
- 3.3. Pairing to a GCAP is not possible after the GCenter network configuration has been changed
- 3.4. LastInfoSec rules
- 3.5. Machine Learning engine and CIE editing
- 3.6. Netdata Export - Netdata versions higher than 1.19 are not compatible
- 3.7. GScan - Edition Critical Infrastructure Edition (CIE)
- 3.8. DGA - Field not present
- 3.9. Third Party - Intelligence
- 3.10. Kibana - Inaccessible tables
- 3.11. Kibana - “Not ready yet”
- 3.12. Malcore Management - GScan Profile
- 3.13. Malcore - Incorrect healthcheck status in Critical Infrastructure Edition (CIE) license
- 3.14. Malcore - No flow_id
- 3.15. Malcore - Duplicate Analysis
- 3.16. Malcore - Engine crash due to an overload
- 3.17. Malcore - analysis engine saturation
- 3.18. Malcore - Service discontinued due to saturation
- 3.19. Malcore - Disabling an antivirus engine
- 3.20. Malcore - Export logs with flow_id=0
- 3.21. Malcore - Inconsistent healthcheck webui and update status
- 3.22. Malcore enrichment error on the
app_proto
field - 3.23. Inconsistency in the Malcore alerts on the
total_found
field - 3.24. API - Authentication parameter
- 3.25. API - endpoint /api/alerts not working
- 3.26. Proxy - Error 500 if unable to resolve name
- 3.27. Gcenter-setup - error message
- 3.28. LDAP Configuration - TLS
- 3.29. LDAP with SSL or STARTTLS
- 3.30. Syslog export: no Malcore analysis of “unknown” files
- 3.31. Syslog export: behaviour during saturations
- 3.32. Syslog export - Exceptions in log formats
- 3.33. Syslog export - duplicate sigflow alerts
- 3.34. Redirect Trackwatch Logs to the Syslog dashboard
- 3.35. Default accounts reactivated
- 3.36. Default activation of the CIP/ENIP protocol
- 3.37. Display bug for adding IPs in the external_net section
- 4. Known problems and limitations
- 4.1. Netdata export - temporary lack of information
- 4.2. GCenter Backup/Restore - Error management
- 4.3. GCenter Backup/Restore - Pairing GCap
- 4.4. Disable LDAP configuration with LDAP server off
- 4.5. Incorrect GCap status after updating the GCenter
- 4.6. Kibana - Maps GeoIP
- 4.7. Sigflow Manager - Transform Category
- 4.8. Sigflow Manager - Error 500 when adding a rule to a custom source
- 4.9. Sigflow Manager - Inconsistency in the display of the number of categories and rules of a category
- 4.10. LDAP configuration made in v2.5.3.100 and never modified since generates an error
- 4.11. Sigflow configuration - custom source name cannot contain space
- 4.12. Not enought storage for ElasticSearch indices
- 4.13. A component crashes when it receives an empty evelog
- 4.14. ActiveHunt - Problem with SID duplication
- 4.15. LDAP - Problem to activate the module
- 4.16. GCenter Backup/Restore - Problem with NDR dashobards
- 4.17. GCenter Backup/Restore - network configuration
- 4.18. GCenter Backup/Restore - error with FQDN
- 4.19. GCenter Backup/Restore - build number
- 4.20. NDR - data deletion
- 4.21. WebUI - Access problem when MTU is modified
- 4.22. Upgrade - problem with the counters of files waiting to be analyzed
- 4.23. Upgrade - problem when Codebreaker processes payloads
- 4.24. Upgrade - problem with Syslog export when TLS is enabled
- 4.25. Upgrade - problem of communication between internal components
- 4.26. WebUI - problem when a search is performed with a specific date range
- 4.27. WebUI - problem to update password and user profil
- 4.28. WebUI - display problem when some specific protocols are enabled
- 4.29. Error code 500 after the modification of the storage for ES data
- 4.30. Kibana - problem with shortcuts generated through NDR interface
- 5. Software compatibility
- 6. Hardware compatibility
- 7. Hotfix
- 8. V101 to V102 upgrade procedure