Table of Contents

• 1. Presentation of GCenter version 2.5.3.102 HF3
• 2. New features and improvements
  • 2.1. WebUI - New NDR interfaces and options
  • 2.2. WebUI – Administration
  • 2.3. Analysis / CTI features
  • 2.4. Detection
  • 2.5. API
  • 2.6. System
• 3. Patches
  • 3.1. Status of the latest updates
  • 3.2. Pairing to a GCAP is not possible if there is no gateway set for the VPN interface
  • 3.3. Pairing to a GCAP is not possible after the GCenter network configuration has been changed
  • 3.4. LastInfoSec rules
  • 3.5. Machine Learning engine and CIE editing
  • 3.6. Netdata Export - Netdata versions higher than 1.19 are not compatible
  • 3.7. GScan - Edition Critical Infrastructure Edition (CIE)
  • 3.8. DGA - Field not present
  • 3.9. Third Party - Intelligence
  • 3.10. Kibana - Inaccessible tables
  • 3.11. Kibana - "Not ready yet"
  • 3.12. Malcore Management - GScan Profile
  • 3.13. Malcore - Incorrect healthcheck status in Critical Infrastructure Edition (CIE) licence
  • 3.14. Malcore - No flow_id
  • 3.15. Malcore - Duplicate Analysis
  • 3.16. Malcore - Engine crash due to an overload
  • 3.17. Malcore - analysis engine saturation
  • 3.18. Malcore - Service discontinued due to saturation
  • 3.19. Malcore - Disabling an antivirus engine
  • 3.20. Malcore - Export logs with flow_id=0
  • 3.21. Malcore - Inconsistent healthcheck WebUI and update status
  • 3.22. Malcore enrichment error on the `app_proto` field
  • 3.23. Inconsistency in the Malcore alerts on the `total_found` field
  • 3.24. API - Authentication parameter
  • 3.25. API - endpoint /api/alerts not working
  • 3.26. Proxy - Error 500 if unable to resolve name
  • 3.27. GCenter-setup - error message
  • 3.28. LDAP Configuration - TLS
  • 3.29. LDAP with SSL or STARTTLS
  • 3.30. Syslog export: no Malcore analysis of "unknown" files
  • 3.31. Syslog export: behavior during saturations
  • 3.32. Syslog export - Exceptions in log formats
  • 3.33. Syslog export - duplicate Sigflow alerts
  • 3.34. Redirect Trackwatch Logs to the Syslog dashboard
  • 3.35. Default accounts reactivated
  • 3.36. Default activation of the CIP/ENIP protocol
  • 3.37. Display bug for adding IPs in the external_net section
• 4. Known problems and limitations
  • 4.1. Netdata export - temporary lack of information
  • 4.2. GCenter Backup/Restore - Error management
  • 4.3. GCenter Backup/Restore - Pairing GCap
  • 4.4. Disable LDAP configuration with LDAP server off
  • 4.5. Incorrect GCap status after updating the GCenter
  • 4.6. Kibana - GeoIP Maps
  • 4.7. Sigflow Manager - Transform Category
  • 4.8. Sigflow Manager - Error 500 when adding a rule to a custom source
  • 4.9. Sigflow Manager - Inconsistency in the display of the number of categories and rules of a category
  • 4.10. Upgrade - LDAP configuration made in v2.5.3.100 and never modified since generates an error
  • 4.11. Sigflow configuration - Custom source name cannot contain space
  • 4.12. Limiting storage of indexed data in ElasticSearch
  • 4.13. A component crashes when it receives an empty evelog
  • 4.14. ActiveHunt - Problem with SID duplication
  • 4.15. LDAP - Problem to activate the module
  • 4.16. GCenter Backup/Restore - Problem with NDR dashboards
  • 4.17. GCenter Backup/Restore - Network configuration
  • 4.18. GCenter Backup/Restore - Error with FQDN
  • 4.19. GCenter Backup/Restore - Build number
  • 4.20. NDR - data deletion
  • 4.21. WebUI - Access problem when MTU is modified
  • 4.22. Upgrade - Problem with the counters of files waiting to be analyzed
  • 4.23. Upgrade - Problem when Codebreaker processes payloads
  • 4.24. Upgrade - Problem with Syslog export when TLS is enabled
  • 4.25. Upgrade - Problem of communication between internal components
  • 4.26. WebUI - Problem when a search is performed with a specific date range
  • 4.27. WebUI - Problem to update password and user profil
  • 4.28. WebUI - Display problem when some specific protocols are enabled
  • 4.29. Error code 500 after the modification of the storage for ES data
  • 4.30. Kibana - Problem with shortcuts generated through NDR interface
  • 4.31. Sigflow Manager - Problem importing rules with an existing SID
  • 4.32. Network - Problem when configuring two interfaces on the same subnet
  • 4.33. File management - Improved management of truncated files
  • 4.34. LDAP - Problem with a configuration input error
  • 4.35. `Backup/Restore` - Authentication problem when restoring a backup
  • 4.36. GCap pairing - OTP generation problem
  • 4.37. Yara rules - Problem triggering Yara rules
  • 4.38. `GCaps profiles` - Problem with advanced variable base configuration
  • 4.39. GCTI - Generation of DNS rules with a detection range that is too wide
  • 4.40. WebUI - Error when using the Chrome V113+ browser
  • 4.41. Migration - Wrong default value
  • 4.42. Migration - Making migration more reliable
  • 4.43. GPS - Improvement to the PowerShell analysis module
  • 4.44. Migration - Error when entering an incorrect value in the Netdata configuration
  • 4.45. `CGaps profiles` - Errors when configuring Net variables
  • 4.46. Malcore - Error in the event type of the "File is lost" event
  • 4.47. `Emergency Mode` - Problem running the service
  • 4.48. `Backup/Restore` - Problem with Sigflow Manager when restoring certain categories
  • 4.49. `Main menu` of the setup account - Display problem
  • 4.50. `Backup/Restore` - Local accounts are not restored correctly
  • 4.51. WebUI - Problems with the display of IP addresses in the hostname column of the NDR dashboards
  • 4.52. Eve logs - Problem with the component that receives eve logs
  • 4.53. Migration - Error using IDMEF in syslog export
  • 4.54. Update - Error during successive updates since v2.5.3.10
• 5. Software compatibility
  • 5.1. Compatibility with the GCap
• 6. Hardware compatibility
• 7. Hotfix
  • 7.1. Package 1
  • 7.2. Package 2
  • 7.3. Package 3
• 8. V101 to V102 upgrade procedure
  • 8.1. Prerequisites
  • 8.2. Retained data
  • 8.3. Installation procedure with data retention
  • 8.4. Installation procedure without data retention

PDF Release Note