Version 19.2.0 - May 2022

Plixer Scrutinizer

New Features

- Added option to toggle how device group hierarchy is displayed (153)
- Prioritize exporters that get disabled last in the event that a license overage causes some exporters to be disabled (203)
- Ship Scrutinizer with sysbench and a test script in files (1269)
- Expand CEF message content to include ports and usernames (2001)
- Improve messaging on “Unapproved Transport Protocols” alarm page (2161)
- AWS flowlogs: add support for new version 5 fields (2410)
- Workflow Issue: Unapproved Protocol Policy report pivot should include protocol filter (2426)
- AWS S3 Test Button: test the required permissions (2428)
- Improved alarm policies report link filters (2468)
- Run Report on Packet Flood event does not filter on the traffic that triggered the alert (2499)
- Don’t use unencrypted connections for upgrades (port 80) (2607)
- Include shortened report URL in Report Threshold policy (2636)
- Create some new AWS reports for v5 elements (2651):
- Audit log entries for key management/encryption changes (2723)
- Ability to set a key lifetime (2724)
- VPC flow logs now require interface-id and flow-direction. (2817)

Fixes

- Addressed various security issues
- Fixed issue where configuration wouldn’t synchronize when all settings are removed (473)
- Admin > Settings > Proxy Server has been renamed ‘Google Maps Proxy Server’ (941)
- PDFs for large reports show the “painting a Plixer” screen for the report screen shot (1054)
- Device tree hierarchy doesn’t carry over to usergroups with explicit device group permissions (1500)
- Restore username details to alarm notifications (1999)
- Distributed data expiry errors without events/trends (2190)
- Deactivate Sliding Windows when FA algos are disabled (2310)
- ACL ‘Like’ filters don’t work for ACL Descriptions (2312)
- DDoS and DRDoS alarms no longer present CSV access to the offender source list (2343)
- AWS S3 Test Button: test from the specified collector (2355)
- Improved Incident Correlation Algorithm (2380)
- Emailed reports from Report Threshold alert sometimes have incomplete report images (2413)
- ipfixify-template filepath updated in manual (2445)
- Unable to Export Report to PDF or Email Report for SSL not using port 443 (2463)
- “Report Direct Link” doesn’t work for on-demand emailed reports (2485)
- Run Report option in Report Threshold Violation event list does not use the saved report filters (2491)
- Unable to export saved reports to CSV with space in saved report name (2506)
- Report Threshold Violation Email’s URL should load the timeframe of the violation (2539)
- inserter.pm stops polling for SAFs, sampled SAFs, totals if the database is temporarily unavailable (2556)
- Graph and Table show in different timezones (2562)
- Top asn overstates exporter count (2595)
- Proxy server support needed for online upgrades (2608)
- Remove ICMP Ping check from upgrades and pass through variables (2609)
- Enable SSL as the default for offline repo servers (2618)
- SonicWALL IPFIX extension templates not being read correctly in v19.X (2622)
- AWS Flow reports - can’t filter on the interface (2630)
- AWS flowlogs temp dir missing after upgrade to 19.1.0 (2670)
- allowed transports aren’t sync’d to all collector nodes (2675)
- FA NULL scan Algo doesn’t exclude destinations (2681)
- scrut_util –enable ram_spools blows away /etc/fstab (2684)
- Sflow inserting - Extra data after last expected column (2697)
- Latency Value ingesting from Ixia not show up properly on Scrutinizer UI (2709)
- Special case sFlow interface instances missing (2712)
- FA Worm Algos don’t exclude hosts (2732)
- Update docs.plixer.com to reflect how syslog alerts are configured (2773)
- events.backfill_summaries() crashing with ddos events (2774)
- FA Breach algo doesn’t exclude servers (2805)
- An offline update server with self signed certificates may try http (rather than https) and fail (2812)
- Host Index is now configured in Flow Analytics (2856)
- %m in syslog notifications includes CEF (2870)
- Reparser will not redefine templates without hard restart (2882)
- Running single direction report via the top interfaces view returns ‘No Template’ (2883)
- Scrutinizer device inactivity threshold is not triggering violations (2890)
- Remove plixer_syslogd from systemctl on upgrade (2892)
- FCGI Timeout settings removed after upgrade (2893)
- Install fails with dependency error on ‘device-mapper-multipath’ (2905)
- Distributed Upgrade hanging at TASK [Gathering Facts] (2907)
- Disabling an Algorithm does not remove its exporters from plixer.streams_config (2944)
- FA Reverse Shell doesn’t exclude source (2952)
- Low spool disk space “FA streaming was disabled” does not disabe FA streaming (2979)
- Event Policy Customization Improvements (2985)
- Events with empty target/violator lists crash the policy view (3010)

Plixer Scrutinizer UI

New Features

- Unapproved Protocol Policy third donut chart now has top hosts using protocol (966)
- Include Time Zone in the report date/time display (1012)
- Monitor -> Network Maps Grid view delete option (1030)
- Better DNS Resolve Setting description (1053)
- Latest alarm message to events table (1199)
- CSV links in Policy entity (1207)

Fixes

- Naming a dashboard “Network” in V19.0.2 renames it to “Subnet” (909)
- History Navigation shows Alarms by ID instead of English Description (924)
- Navigating into alarm monitor sometimes throws an ExpiredRequestID error (975)
- inbound and outbound interface reports from explore device tab do not apply the correct filter (988)
- Regression: Traffic %, Other, and Total displaying for sFlow reports (1004)
- New UI doesn’t use the time zone user preference in reports (1013)
- Time Stamps on Line and Step Stacked 1m data source, 1m resolution overlap (1017)
- Deleting the default collection causes “notExists” error when trying to add to the default collection (1027)
- Host Entity View -Top Alarms bell icon mouseover text does not align with click action. (1029)
- Reports against an exporter with no current flow data does not allow for timeframe changes. (1031)
- New UI | Explore -> Interfaces -> Refresh Rate is not saved (1033)
- Changing Report Options triggers direction back to INBOUND when bidirectional is allowed (1038)
- Clicking the add or remove selected buttons keeps the tooltip on screen (1050)
- Recent Alarms Dashboard gadget shows UTC timestamp for Last Event and Last Notification (1112)
- Explore: Devices not using User Default Unit setting - Shows Percent always (1113)
- Toggling Hostname resolution does not change IPs to hostnames in alarm policy views (1135)
- Device/Interface report filter inconsistent with the Show DNS or IP modes (1216)
- Host to Host Index search doesn’t render a report menu when clicking exporter hyperlinks (1218)
- Alarms Monitor Filtering Option by Violators/Targets returning “noDataAvailable” (1221)
- CSV export of a report loses DNS names (1241)
- PDF export of report only shows 10 lines (1242)
- Peak and 95th Percentile not showing on saved reports (1244)
- Report filters not showing up in the “Additional Filters” drop down (1259)
- Show Others displaying when set to No (1267)

Machine Learning Engine

New Features

- Add ML Engine metrics to Vitals reports (338)
- Support high availability (419)
- Support Zerologon detection (446)
- Support SIGRed detection (447)