Scrutinizer changelogs#
Changelog entries are displayed in the format DESCRIPTION (Ticket Number).
Note
For more information on Scrutinizer and the Plixer One platform, visit www.plixer.com or contact Plixer Technical Support.
Please refer to our End of Life Policy for EOL schedule details.
Scrutinizer v19.8.0 - July 2026#
Changelog
New features
Ability to POLL SNMP from a different IP Address than the one sending to Scrutinizer
Ability to use IP Groups to define Replicator policies
Add PCAP Download from any FlowPro alarm
AI: Compliance Standards Knowledgebase
AI Insights tab under Alarm Monitor
AI Insights UI driven by NetOps and SecOps agents
Authenticate to GCP using Workload Identity Federation
Auto-add new exporters to Host Indexing
Data history settings per collector or exporter
Embed runbook / network security docs for AI
GCP-Ready Image for Scrutinizer and Replicator
General Components: AI magic buttons
Improved data retention options
Improved history auto-trimming
Multi-tier storage support
NetOps and SecOps FLOWScore (beta)
Support for Zscaler Web Log ingestion
Support Syslogs over TCP for RFC 5425 - TLS
System health UI
Enhancements
2x improvement in reporting speeds for large reports
Add FlowPro settings tray
Added the ability to specify CEF version and framing to use
Added troubleshooting guides to Scrutinizer AI
AI: MCP Tooling for user->IP knowledge
Alarms: Show more prominent routes for the investigations in Auto Investigate
Allow license save on under spec machine, but alert
Certificate scrut_util improvements
Collections workflow via star icon
Detect meta sync latency in LEDs
Diagnostic Views added under Admin Menu
Expandable tree and group, exporter, interface quick search
General Components: Move AI button to the left nav bar
Improved backup process (beta)
Last activity date filter in Admin > Manage Exporters
LIKE filters in Interface gadget filter
Mapping: Ability to change size and font for links & labels
Missing permission controls for creating, viewing, and editing Collections
Proxy PCAP through Scrutinizer instead of going to the FlowPro for the file
Re-designed Auto Replicate
Report links from Alarms
Report threshold tray now shows table data
Reporting API Minimal JSON data return
Reports | Keep Available Reports tray opened when Other Options link is clicked
Support SNMP polling of the same IP twice
Support STIX/TAXII v2.1
Updated Admin Type of Service
Updated MAC Address Naming in Admin UI
Updated Report Designer
Warn when deleting a saved report that has a gadget associated with it
Fixes
Addressed various security issues
Admin: Flow Analytics Algorithms - Add exporters tray width increases after opening Flow Reports Thresholds (2984)
Admin > SNMP Credentials: Cannot remove devices in the Usage dropdown by unchecking (2966)
Admin: Truncation in Users Groups & Users (3171)
Admin: User Groups - Using the bulk-select checkbox will submit request to the unselected “Administrators” group (2934)
Administrators can’t change/reset a local user’s password if they don’t know the user’s current password (2993)
Advanced filters infinite scroll broken (2858)
AI seems to pick random times when you ask for a specific time range (5144)
Alarm Exclusion from Alarm Monitor > Policies not working (5631)
Breach attempt tooltip references obsolete threshold (5713)
Can`t use BOGON ipgroup in report filters (5283)
Cisco FMC 7.6.2+ eStreamer events (beta) (5258)
Ctrl-C during set password webui leaves terminal in a bad state (5286)
Dashboards: Truncation issues (3167)
Dashboards | Interactive Gadgets: A lot of deadzone in pie graphs (3082)
DDOS / DrDOS triggering when disabled (5456)
Delayed service starts cause scrut_util errors with register collector and rotate certs (5482)
Deleted filters are not displayed in filter widget’s selected list (2878)
DNS expiry date being set too far out (5652)
DNS names not resolving when first viewed in the exporters UI (5653)
Entity Views: Pie chart scaling issue (3067)
Explore Event Traffic stalls with many targets/violators coming from some scanning algorithms (5639)
Explore: Exporters - Filter tooltip shows group ID instead of name (3139)
Explore: Exporters - Tag filtering doesn’t work on spaces (2997)
Exporter interfaces tray scrollbar not rendering in Chrome (3162)
Font on the ML Engine Auth Token is hard to read (3033)
General Components: Add IP address and title tags to alarm-monitor-host-information (3039)
General Components: Issues with a number of graphs (2969)
Host Indexing: Host to Host indexing disabled error does not mention the new setting (2992)
Include rsync in our repo (5339)
Incorrect config sync date when promoting a secondary reporter to primary (5535)
Interfaces gadget graphic oscillating at certain dimensions (2886)
Investigate > Host: Top Applications data is not displayed (3096)
Investigate | Collections - Attempting to delete row(s) from a profile deletes the entire collection (3113)
LEDS do not update when collector service is down (5375)
Less aggressively cache Defined IPGroup names (5148)
Lollipop Legend doesn’t seem right (2961)
MappingGroups: Clicking Add New Object after creating a new group shows the wrong inner tray (3006)
Missing Alarm Policies for Persistent Flow Risk algorithms (5701)
Non-standard SnmpTrap notification ports no longer being automatically added to firewall rules (5582)
No Templates Found when ingress and egress data is in separate templates (5215)
pg_repack package being installed would block upgrades (5321)
Report menu from group filters with no-interface exporters aren’t working (3001)
Reporting | No Other Options available for IPv6 report host in Available Reports tray (2883)
Run Report - Report description on-hover tooltips contain html tags (3189)
scrut_util UI Timeout command not working (5494)
Security group updates don’t update FA streams (5475)
SNMP BulkWalk Errors (maxRepetitions too high for some devices) (5553)
SNMP Credentials: Non-default port config is not used, packets always sent on 161 (5692)
SNMP Credentials: SNMPv3 context value is not used (5737)
Some log files were missing logrotate configs (5476)
SSS packages missing for 19.7.2 (5473)
Standalone Replicator UI | No visible path or link in UI to setup an email server (5691)
Subnet Exclude Filter on AWS flowlog reports not working (4861)
Subnet include/exclude filter has no effect with v4 addresses embedded in v6 (5525)
Summary Reports: Cannot apply filter after report loads (2935)
TCP Flags filter issue (4807)
Top Applications: Clicking undefined and user-defined applications causes errors (2938)
Topology View Connection Reports generate incorrect filter resulting in empty reports (5484)
Unmonitored Hosts/Interfaces do not always show the expected behavior page (2745)
Usergroups not showing post secondary reporter promotion (5537)
Scrutinizer v19.7.2 - January 2026#
Changelog
New features
Add local replication to P1, P1-Core, and P1-Enterprise keys
Fixes
Allow outbound connection to Cisco Secure FMC eStreamer endpoints (5381)
Duplicate rows in Admin > Exporters and Admin > Interfaces when exporters sent to multiple collectors (5354)
Entering invalid subnet for IP Group rule causes errors (5386)
Flow collector can hang on /tmp/aws permissions (5309)
Interface descriptions missing for filters (3029)
Save As not working correctly for summary reports (3021)
scrut_tmp/collector_plixer being unmounted in AWS (5369)
SNMP details duplicated in admin views (5353)
SNMP discovery not always detecting new devices (5332)
SNMP names/speeds sometimes missing after upgrade to 19.7.1 from 19.6 (5330)
SNMP service panic when sysuptime is not returned (5361
Scrutinizer v19.7.1 - November 2025#
Changelog
Fixes
Addressed various security issues
19.7.0 configuration migrator wipes historical data on the destination (5255)
Issues with report menu from Host Indexing (5244)
Protocol incorrect for undefined WKPs (5247)
Remove duplicate plixer.column_index entries on upgrade (5261)
Scrutinizer v19.7.0 - October 2025#
Changelog
New features
Ability to filter ‘Ungrouped’ Device Group from the Explore Tab
Ability to Specify custom LDAP attributes (support for eDirectory LDAP)
Admin: Resources: SNMP Credentials
AI Assistant (Requires Plixer One Core or Plixer One Enterprise licensing and updated key)
Capture Netflow Info From Kubernetes Workloads
Experimental multi-tier storage support
Flow Hopper to the New UI
General Components: Context menu with copy & new window functions
Support for AES256 in SNMPv3
Support for Zscaler ZIA and ZPA
Topology: Primary view for beta feature
Enhancements
Ability to add multiple IP group definitions all at once
Ability to export the entire list of manage exporters as a CSV
Add firewall rules for outbound connections
Added details for report buttons in the Host entity view
Admin: Authentication Tokens filters
Admin: Direct links from the Configuration Checklist into the application
Always show what the report menu will filter on
Display timezone in the date selector
Endace Pivot for host pairs
General Components: Change branding and show licenses
Remember table column selects per user
Simplify the AI Settings
Fixes
Addressed various security issues
–set timezone writes to wrong configuration file (5059)
Admin > Alarm Monitor > ML Dimensions page table shows Protocol value of “ALL” as “HOPOPT” (2827)
Admin: Exporters and Interfaces - can disable all columns in table (2792)
Admin: FlowPro Probes - cannot save edits to settings without editing APM License Key for table entries (2702)
Admin: Mapping Groups ‘Make Default’ slider in Settings doesn’t update the table (2759)
Admin: Menu search bug (2660)
After removing a report gadget from all dashboards, the “Edit Gadget” menu in the Export tray changes to “Add to Dashboard” (2744)
Allow port numbers over for 45435 for syslog notifications (5060)
Auto-created Endace pivot (EndaceProbe P2P) does not work in New UI (1240)
AWS integration: Fix plxr_awss3 process memory leak (4975)
AWS integration: Scrutinizer Integration page bug with multiple S3 buckets (2722)
Bidirectional CSV Export only exporting single direction (5023)
Can’t see the exporter IP in a Report filter (2903)
Change default report time to “last X” instead of “custom” (2398)
Cloud icons on maps are chopped off on the left and right (2742)
Collections: Adding an unsaved report to a collection causes all future unsaved reports to appear as added (2890)
CSV Exported Client Server report displays EPOCH time (4422)
Customer Interface Gadget issue with filtering (4758)
Dashboard Differences - font sizes and text box colors not changeable in Maps (2679)
Dashboards: Custom Gadget External URLs allowed by default (2791)
Dashboards: Disable iframe gadget input if external URLs aren’t enabled (2846)
Dashboards: Problems with Double Sankey gadgets (2723)
Excessive stray files (5176)
Existing report names can be edited to include invalid characters (2752)
Explore: Exporters | Exporter tray Interfaces section broken link and errors (2898)
Explore>Entities: Filters do not stay cleared after clicking the active table again (2629)
Explore>Exporters: Packets and Flows columns sort incorrectly (2626)
Exported csv file name differences between hosts tab and policies tab (1807)
Filters are too persistent (2496)
Flow Rate under manage exporters doesn’t match vitals (4988)
FlowView isn’t hiding the last graph (2843)
Forecast Table Data Understated when reporting on Rate (2802)
Forecasts: Duplicate forecast creation is not restricted (1536)
gettingstarted.sh doesn’t use the custom SSL details entered (219)
Google Maps - View child map button not working (5149)
Interface Threshold Alarm Reports expiring quickly (5047)
Investigate>Alarm: Risk column sorting incorrectly (2616)
Issues with Syslog, SNMP Trap, and CEF test buttons (2819)
Investigate>Hosts: Underscores in IP Group names are replaced with spaces in src/dst charts (2079)
lang_key issue with designed reports “Custom_XXX” in report type drop down (4775)
Manage exporters flow rate does not match vitals reports (4980)
Mapping: Ampersand in report name displays as encoded “&” (2832)
Mapping: Remove duplicate refresh button (2717)
Mapping: Reports fail to load if report name contains parentheses (2845)
Mapping: Thresholds missing units and column information (2831)
Mapping: Usability issues with saved report connections (2850)
MappingObjects: Link for icon type objects cannot be modified (2704)
MappingObjects: Map does not update after Apply changes to a Text Box object (2777)
Missing checkbox for IAM authentication in 19.6.0 (4835)
Monitor > Dashboards: Cannot modify existing dashboard to default or read-only without renaming (1842)
Monitor: Alarms by Hosts - Show Host Names toggle not respected (2669)
Naming AWS vpc exporters reverts to vpc Id (4937)
NAT All Details report needs a column removed to work with Palo Alto (4563)
Old Host Indexing “first seen” data unavailable after upgrade (4011)
Reindexing error doesn’t halt upgrade (5179)
Report wizard “Run Report” button doesn’t activate (2649)
Reporting: Incorrect sorting on report name (2892)
Reporting: Summary Reports save differences (2813)
Reports requiring collector to collector communication (4940)
Reports that should default to stacked graph loading unstacked on first load (4647)
Reports | Other Options links open in new tab and new window, broken Report to ISP link (2900)
Reports: Avg Pkt Size report changes graph type when the report is re-run. (2678)
Reports: Cannot switch between Report Type if report has parentheses in the title (2863)
Reports: Sankey graph doesn’t render correctly on the last few pages of report (1781)
Reports: Sankey graphs are not adjusting correctly to container height (2712)
Reports: Should not be able to create a gadget from a Summary Report. (2653)
Reports: Summary reports do not populate/update Last Run timestamp. (2652)
Saved report contents disappear on dashboard refresh (2708)
Source Hosts and Destination Hosts reports both named hosts reports in the tray menu (2774)
Terminal Icons (on maps) display unkonwn icon when changing status (984)
Top Interfaces click on sparkline is broken (2902)
Top Interfaces Report: exclude filters shouldn’t be an option (2206)
UI allows emailing and scheduling reports with no email server configured (2849)
Unable to ingest VPC flow logs from AWS bucket that contains “reject-reason” information field (4858)
VA disk could fill with logs when deployed, but not configured for weeks (5130)
Scrutinizer v19.6.1 - June 2025#
Changelog
Fixes
Device group filter is not displayed correctly (4878)
New deployments don’t default to slim navigation (4889)
PDF report generation not working in 19.6.0 (4863)
Reparser crashes when sFlow is missing L2 header data in sample (4842)
Saving a user with some missing preferences results in losing all preferences (4915)
Some combinations of protocol exclusions can result in collector crash (4866)
Unreadable map labels in dark theme (2754)
Scrutinizer v19.6.0 - March 2025#
Changelog
New features
“DHCP Servers” and “LDAP Servers” IP Groups for ML Exclusion management
Ability to run reports menu from the host entity view
Ability to specify number of rows in a report gadget
Add support for Azure VNet Flow Logs
Add/Update support for Cisco VXlan IEs
Added additional CloudGenix / PaloAlto SDWAN reports
Additional support for additional Keysight
Admin UI for FlowPro Capture Rules
An interfaces tab to the host entity view when host is an exporter
Audit Report to Admin UI
Collect VPC Flow Logs from Google Cloud Platform
Direct links to Exporters and Interfaces in Explore
Disk space calculator as part of data settings under admin
Edit gadget features from Dashboards
External NAT filter
Full screen mode for Dashboards
Interactive configuration checklist
Interface entity view
LIKE/NOT LIKE filters to Alarm Monitor, Explore, and Admin views
Lollipop chart reporting graph type
MITRE ATT&CK dashboard gadget
ML behavior data in Alarm Monitor workflows
ML Exclusions Admin View
Move feature resources under system performance so it is per server
New Dashboard workflows
New report folder management workflows
New top interfaces dashboard gadget
Option to include full Interface names in reports
Oracle flow log ingestion
Reporting on VXLAN from sFlow samples
Reporting: Line Item gadget type
Ridgeline graph type
Ring Gauge reporting graph type
Scheduled Reports view
Slim navigation mode with vertical navigation bar
Support for TLS v1.3 with LDAP integration
Top Exporter report type
Top N dashboard gadgets
User behavior reports
User configurable horizon in report forecasting
Zabbix client package in our repositories
Enhancements
Add “Last Year” & “This Year” options to report custom time ranges
Add exclusion workflow from alarm monitor - front end
Add Google API key from mapping UI
Add link to host entity view in “Other Options” under report menu
Add link to user settings in the user menu
Add option to report on all interfaces bi-directionally
Admin menu search
Always search for report types in all report groups
Auto-expand active filter sections in tray
Entities: filter on click from host to alarm
External custom gadget URLs preference
FA setting to exclude internal or external communication for lateral movement
General components: improved severity display
General components: add plixTips when slimNav is collapsed and title tags when expanded
Include technology in the alarm monitor view somehow
Informative detailed error messages when UI can’t communicate with a reporter
Lateral movement FA algorithms and preferences
Mapping automatic grid layout
Mapping icons updated
Mapping workflows
New mapping workflows
Provide interface names in Sankey graph tooltips
Recategorized system preferences
Remember selected columns in alarm monitor
Rename “Favorites” to “Recent” in report menu
Report description tooltip issues
Report menu search by description and information element
Reports: hidden graph button shouldn’t be there if we don’t have a graph available
Reports: make the saved reports title clickable
Saved reports view
sFlow 801.2ah header support
Show active filter status for alarm monitor and reporting
Support newer versions of Cisco ISE for user name reporting
Workflows in manage exporters
Workflows in manage interfaces
Fixes
Addressed various security issues
‘Client Server’ report failure while filtering for domain (4068)
Ability to edit Flow Analytics Configuration rules in the new UI (4179)
Ability to save a key with an unsupported feature_set (4091)
Adding IP Group with Subnet Rules didn’t save mask selection on initial save (4439)
Admin: Guest users need these routes inaccessible (2243)
Admin: Set LEDs to refresh every 30 seconds and on click (2220)
Admin: Users & Usergroups not respecting routing (2080)
Apache server version is shown in header responses (4326)
Apply button for Single Host-Index search not functioning (1981)
automatic template naming (3154)
Azure NSG exporter naming for distributed collection (3989)
Azure NSG flow log bi-flow support (3993)
Changes made in the oldUI manage interfaces tab are not saved (4301)
Cleaned up Host Index Max Disk Space error when increasing too much (4219)
Collections: No Results Found still shown after creating a collection (2582)
Collector won’t run if the reporter is down (4147)
Copying or refreshing reporting URLs displays error (2108)
Dashboards: map resize on gadget resize (2075)
Date selector doesn’t always allow for shifting the date forward (2236)
Destination AS filter fails on top interfaces report (4309)
Editing an applied filter does not provide enough space (1996)
Expire history failing in some cases after upgrade (4376)
Explore > Exporters > Interfaces should prefer ifAlias over ifDesc (4397)
Exported PDF report has Subscription ending message (1359)
External links using the search route (2105)
Flow Analytics Admin workflow issues (2153)
Flow Version is not visible in new UI (2196)
FlowHopper can’t find flow starting from sFlow (4711)
Full Interface name in reports, sporadically displays (4230)
General Components: Adjust ML graph to take in entire time period, not just data extents (2211)
General Components: app-table pagination skip buttons (2116)
General Components: Inconsistent table header behavior (2047)
Gigamon tcpcontrolbits exceeding smallint value (4374)
Grafana Plugin (443)
Having a “/” in a report name breaks the ability to run that report from an alarm (4327)
Hidden interfaces showing in reports (4100)
Internal Server Error when editing Network Map connections (4063)
Investigate > Host: Learn More button “Host Details” option has no function, related observations (2491)
IP Groups, adding a child group displays wrong selection (4440)
IP V6 import hostfile is broken (4142)
IP/DNS in Flow Analytics Configuration (2014)
IPv6 Exporters don’t retain snmp configuration (2865)
Issues when graphing Silverpeak performance reports (microsecond values) (4657)
LDAP login slow with 100K+ group definitions (4038)
Less Than & Greater Than options missing from Advanced Filters (2299)
Manage Exporters & Explore Exporters – Slow / Not loading (4080)
Missing some country codes (4532)
Newline characters in report threshold alarm messages (4037)
Nightly clean all task is removing valid snmp credentials (4419)
Non-Admin users not able to run reports from alarm pages (4263)
Old Host Indexing “first seen” data is unavailable after upgrading. - Import From History Option (4011)
Other options menu opens new window (1965)
Out of file descriptor errors (3941)
Provide description of timeframes for top interfaces and exporters view in Explore (2224)
Recent and Recommended report groups need to show the group details (2536)
Report JSON link returns unnecessary data (2199)
Reports: Saving a report as ‘testSave’ results in ‘Test and Save’ in header name (2445)
Restore Manage Exporters view in the Classic UI (4317)
Saved Reports - Host filters get removed when pivoting (2322)
Scheduled email reports have the license subscription ending soon warning (4082)
Scheduled Traffic Volume reports revert to Line graph when set to Step (3962)
SSL langkey is blank in serverprefs after running set ssl on (4019)
Sync Primary taking too long in some cases (3384)
sysbench package should be installed (4682)
Targets CSV file has ‘violators’ in the name (2194)
Threats Domains temp directory is not always being cleaned out (4395)
Unable to zoom in on TopN report graph (2043)
Update certificate scripts for Oracle Linux (4468)
Usability issues with usergroup permissions in the new UI (1264)
User able to set ‘unlicensed’ in Manage Exporters (4362)
Usergroup Permissions do not carry over to new UI when editing saved reports (1316)
Web certificate paths changed back to pre-19.5 location (4359)
When changing an alarm notification frequency to “Rate”, it reverts back to “Each Observation” (3906)
Deprecated
Remove “Additional notes” input from new object form
Scrutinizer v19.5.4 - November 2024#
Changelog
Note
This release addresses CentOS going EOL. To migrate the OS to Oracle Linux 9, Scrutinizer must be on version 19.4.0. Please contact Plixer Technical Support with any questions.
New features
FlowPro 20.1 compatibility
Support for AWS OL9 AMI
Support for additional Palo Alto Prisma information elements
Support for additional Keysight information elements
Fixes
Addressed various security issues
CyberArk Dependencies missing (4497)
Collector fails to start when the primary reporter is down (4552)
ML Heartbeat can prevent registering of Plixer ML Engine (4556)
Scrutinizer v19.5.3 - October 2024#
Changelog
Note
This release addresses CentOS going EOL. To migrate the OS to Oracle Linux 9, Scrutinizer must be on version 19.4.0. Please contact Plixer Technical Support with any questions.
New features
Oracle Linux v9.4
System Migration Utility
Fixes
Addressed various security issues
Filtering issue with NSG FlowLogs (4225)
Primary server being down prevented collector services from restarting (4147)
Slow load times for Admin > Manage Exporters (4080)
Scrutinizer v19.5.2 - July 2024#
Changelog
Note
This release addresses CentOS going EOL. To migrate the OS to Oracle Linux 9, Scrutinizer must be on version 19.4.0. Please contact Plixer Technical Support with any questions.
AWS instances of Scrutinizer use Amazon Linux 2 and do not need to be updated to 19.5.2. A later release, which will include new features and bug fixes, will be made available for Scrutinizer deployments on AWS.
New features
Proxmox support
Fixes
Addressed various security issues
Data migration fails when destination expires history (4364)
Memory leak (4363)
Missing AS and country names (4353)
SNMP polling issue (4364)
Scrutinizer v19.5.1 - June 2024#
Changelog
Note
This release addresses CentOS going EOL. To migrate the OS to Oracle Linux 9, Scrutinizer must be on version 19.4.0. Please contact Plixer Technical Support with any questions.
New features
Automatic disabling of root login in olmigrate
Check for multiple interfaces in olmigrate
Check for supported CPU architecture in olmigrate
Fixes
Addressed an issue where a recursive directory is created if olmigrate is run more than once for the same upgrade stage
Scrutinizer v19.5.0 - May 2024#
Changelog
Note
This release addresses CentOS going EOL. To migrate the OS to Oracle Linux 9, Scrutinizer must be on version 19.4.0. Please contact Plixer Technical Support with any questions.
New features
Oracle Linux v9.4
System Migration Utility
Fixes
Addressed various security issues
Filtering issue with NSG FlowLogs (4225)
Primary server being down prevented collector services from restarting (4147)
Slow load times for Admin > Manage Exporters (4080)
Scrutinizer v19.4.0 - October 2023#
Changelog
New features
AWS Flowlog consumption 35x faster
AWS Flowlog consumption and processing can be spread across multiple collectors
Azure flow log ingestion
Azure NSG Reports
Connections graph type in reporting
Default Flow Analytics Exclusion Groups under IP Groups
Endpoint Analytics Risk and details into Alarm Monitor views
Host entity alarm timeline view
Include Custom Designed Reports in Scrutinizer Configuration Backup
Include port name in DrDoS alarm messages
Merged target and violator alarm views into consolidated hosts view
Multiple new Alarm Monitor visualizations
New Admin interfaces
Security Groups for enabling groups of Exporters in Flow Analytics
sFlow vlan/sub-interface report
Support 18.20 -> 19.X offline upgrades where the repo server is the Scrutinizer server
Support for FlowPro version 20
Userpreferences Modifiable Template
Fixes
Addressed various security issues
Acknowledged Alarms View Doesn’t auto-refresh (1417)
Added paged requests to LDAP authentication to handle large lists of Active Directory Security Groups (3481)
Admin: Default Status, Tab & View (1591)
Alarms: Show DNS & IP information in messages (1252)
AWS Upgrade package dependency problem (3862)
Change Endpoint “Identity Score” to “Profile Match” (1617)
Clean history table orphans in batches (3555)
CSV export column header shifted by one position for Connection reports (3400)
Dashboard Recent Alarms gadget is out of sync with current alarms (1114)
Dashboards: Too much air in vitals (1054)
Default map defined for user does not open when accessing Network Maps in new UI (1598)
distributed_stats_exporters wasn’t being cleaned out (3931)
Distributed Upgrade Installer handle proxy configuration prompt (3339)
Distributed upgrades should have collectors run a curl check for Internet access (2958)
Don’t allow “Host Index Max Disk Space” setting to exceed available disk space (3779)
Double quotes in SSL serverprefs (2927)
Editing FA host exclusions doesn’t update caches (3332)
Escape special characters in interface details (3636)
Event severity timeline (3329)
Exported CSV from Entities page displays host names with ‘Show Host Names’ deselected. (1463)
Explore Event Traffic links do not respect PlixCal filter (1441)
Explore>Entities: “dbQueryError” seen in console when applying filters (1574)
Exporters Not Deleting with Domain Exclusions (3110)
Filter all FA sliding windows by streamexporter (3377)
Fix a logs-based disk space leak (3667)
Fix overstated utilization when sFlow counters are dropped (3485)
Implement sFlow version 4 (3357)
Issue with displaying child groups with a parent group filter (1877)
Issue with units label for application latency report threshold messages (3471)
Legacy Baselining is now EOL (3704)
Made UDP receive buffers configurable (3711)
Manage Exporters and Manage Collectors were removed from the classic Admin UI (3808)
Mixing include and exclude advanced filters could restrict more results than necessary (3757)
Monitor.top_stdout Parsing Errors (3828)
Move slog directory out from under html (3882)
No packet or octet values for exporter sending samplingpacketspace of 0 (3903)
On demand PDF/email/csv use server time zone when they should use user time zone (1069)
Optimize Explore By Exporters view (3541)
Optimize FlowPro FA algorithms (3695)
Optimize Packet Flood FA algorithm (3699)
Optimize Slow Port Scan Algorithm (3700)
Optimize TCP/UDP FA algorithms (2695)
RADIUS shared secret needed to be re-entered after v19.3 upgrade (3591)
Reporting: Phantom selected select box (1712)
Reporting - Source / Destination Port EXCLUDE Port Range - Error: “report failed” (3402)
Reports: Restructure to allow proper placement of app-page-toolbar and tray (1001)
scrut_util check heartbeat database as root user error (3873)
scrut_util ‘set ssl on/off’ requires root - but should not be run as root (3624)
Setting timezone can pause alarms (3405)
set myaddress fails on Hardware appliances (3386)
Spatial Map: Modified timestamp gets wrongly updated to all the existing maps (1498)
Store AWS interface in the aws_interface element - don’t map to ingressinterface (3687)
System Performance View shows red when resources exceed the matrix (3351)
Turning SSL off breaks the UI (2728)
Scrutinizer v19.3.2 - September 2023#
Changelog
Fixes
Addressed various security issues
AWS Upgrade package dependency problem (3826)
Scrutinizer v19.3.1 - April 2023#
Changelog
Fixes
Addressed various security issues
AWS interface IDs no longer used as observation domain (3568)
Changed default view for Explore to Top Interfaces (3703)
Deleting collector log wouldn’t always return diskspace (3667)
Optimized query for Explore exporter view (3684)
Reduced output to logfile for Feature Resources (3675)
Upgrades needed a forced reboot for chromium (3692)
Update LDAP login to get the
defaultRoutepreference (3697)
Scrutinizer v19.3.0 - December 2022#
Changelog
New features
Ability to pass custom parameters when opening ServiceNow issues
LRFM: no audit trail from manual enable/disable
MITRE ATT&CK details for notification profiles
MITRE ATT&CK visualization
sFlow: add support for VLAN tags in sampled Ethernet headers
sFlow: support for sampled IPv6 headers
Support for using hostname when configuring an ML Engine
Support for redirecting to a proxy address after single sign-on
Fixes
Add search.html type route to the new UI (3234)
Adding Show Interface option to a report shows outbound exporter as NA (3263)
Admin Tab permission is required to logout (1269)
CEF: timestamps for start/end times (3369)
CSV export of Volume reports shows incorrect rate data when resolution doesn’t match datasource (3226)
Dashboard issues: Excessive scroll bars on Windows and report gadget graph legends difficult to read (1602)
Error when filtering alarms by violator (3230)
Entities: Alarms: Events: Incidence correlation resize scrollbar (1336)
FA Configuration > DRDoS > Settings is missing details (1391)
Flow Collection Resumed Message Displays First Message instead of Last Message (3292)
Host Index cleanup tasks fail if H2H Index is turned off (3498)
Host Index searches show ‘first_seen’ as the date of the host_index import (3334)
Kafka logging can crash server processes (3437)
LDAP Authentication Fails due to Primary Key Duplicate Restraints (3281)
Moloch Integration Link not clickable in the new UI (1035)
Report Data Source Values Show Twice (1374)
Report links from Host Index would pop up a broken window (3483)
Report selection stuck open without selection (1372)
S3 Integration: Fix a crash when the database disappears at certain times (3235)
Setting custom interface speed to 0 to override displaying as percent utilization (1416)
Severity card time frames don’t match date selector (3434)
Support multiple usernames per host in alarms (3372)
Top Interfaces are duplicated for exporters in multiple device groups (3204)
Top Src/Dst Host pivot from an IP Group entity view opens a Username Entity view (1412)
Totals values could be doubled when an interface is metered both ingress and egress (3370)
Undefined Error when modifying Guest Permissions (3219)
Scrutinizer v19.2.2 - September 2022#
Changelog
Fixes
Addressed various security issues
AWS Upgrade package dependency problem (3826)
Scrutinizer v19.2.0 - May 2022#
Changelog
New features
Ability to set a key lifetime (2724)
Add ML Engine metrics to Vitals reports (338)
Added option to toggle how device group hierarchy is displayed (153)
Audit log entries for key management/encryption changes (2723)
AWS flowlogs: add support for new version 5 fields (2410)
AWS S3 test button: test the required permissions (2428)
Better DNS Resolve Setting description (1053)
Create some new AWS reports for v5 elements (2651)
CSV links in Policy entity (1207)
Don’t use unencrypted connections for upgrades (port 80) (2607)
Expand CEF message content to include ports and usernames (2001)
Improve messaging on “Unapproved Transport Protocols” alarm page (2161)
Improved alarm policies report link filters (2468)
Include shortened report URL in report threshold policy (2636)
Include Time Zone in the report date/time display (1012)
Latest alarm message to events table (1199)
Monitor -> Network Maps Grid view delete option (1030)
Prioritize exporters that get disabled last in the event that a license overage causes some exporters to be disabled (203)
Run report on packet flood event does not filter on the traffic that triggered the alert (2499)
Ship Scrutinizer with sysbench and a test script in files (1269)
Support high availability (419)
Support SIGRed detection (447)
Support Zerologon detection (446)
Unapproved Protocol Policy third donut chart now has top hosts using protocol (966)
VPC flow logs now require interface-id and flow-direction (2817)
Workflow issue: unapproved protocol policy report pivot should include protocol filter (2426)
Fixes
Addressed various security issues
%min syslog notifications includes CEF (2870)ACL ‘like’ filters don’t work for ACL descriptions (2312)
Admin > settings > proxy server has been renamed ‘Google Maps Proxy Server’ (941)
Alarms Monitor Filtering Option by Violators/Targets returning “noDataAvailable” (1221)
Allowed transports aren’t sync’d to all collector nodes (2675)
An offline update server with self signed certificates may try http (rather than https) and fail (2812)
AWS flow reports - can’t filter on the interface (2630)
AWS flowlogs temp dir missing after upgrade to 19.1.0 (2670)
AWS S3 test button: test from the specified collector (2355)
Changing Report Options triggers direction back to INBOUND when bidirectional is allowed (1038)
Clicking the add or remove selected buttons keeps the tooltip on screen (1050)
CSV export of a report loses DNS names (1241)
DDoS and DRDoS alarms no longer present CSV access to the offender source list (2343)
Deactivate sliding windows when FA algos are disabled (2310)
Deleting the default collection causes “notExists” error when trying to add to the default collection (1027)
Device/Interface report filter inconsistent with the Show DNS or IP modes (1216)
Device tree hierarchy doesn’t carry over to user groups with explicit device group permissions (1500)
Disabling an algorithm does not remove its exporters from plixer.streams_config (2944)
Distributed data expiry errors without events/trends (2190)
Distributed upgrade hanging at TASK [Gathering Facts] (2907)
Emailed reports from report threshold alert sometimes have incomplete report images (2413)
Enable SSL as the default for offline repo servers (2618)
events.backfill_summaries() crashing with ddos events (2774)
Event policy customization improvements (2985)
Events with empty target/violator lists crash the policy view (3010)
Explore: Devices not using User Default Unit setting - Shows Percent always (1113)
FA breach algo doesn’t exclude servers (2805)
FA NULL scan algo doesn’t exclude destinations (2681)
FA reverse shell doesn’t exclude source (2952)
FA worm algos don’t exclude hosts (2732)
FCGI timeout settings removed after upgrade (2893)
Fixed issue where configuration wouldn’t synchronize when all settings are removed (473)
Graph and table show in different timezones (2562)
History Navigation shows Alarms by ID instead of English Description (924)
Host Entity View -Top Alarms bell icon mouseover text does not align with click action. (1029)
Host to Host Index search doesn’t render a report menu when clicking exporter hyperlinks (1218)
Host index is now configured in flow analytics (2856)
Improved incident correlation algorithm (2380)
Inbound and outbound interface reports from explore device tab do not apply the correct filter (988)
inserter.pm stops polling for SAFs, sampled SAFs, totals if the database is temporarily unavailable (2556)
Install fails with dependency error on ‘device-mapper-multipath’ (2905)
ipfixify-template filepath updated in manual (2445)
Latency value ingesting from Ixia not show up properly on Scrutinizer UI (2709)
Low spool disk space “FA Streaming was disabled” does not disable FA streaming (2979)
Naming a dashboard “Network” in v19.0.2 renames it to “Subnet” (909)
Navigating into alarm monitor sometimes throws an ExpiredRequestID error (975)
New UI doesn’t use the time zone user preference in reports (1013)
New UI | Explore -> Interfaces -> Refresh Rate is not saved (1033)
PDF export of report only shows 10 lines (1242)
Peak and 95th Percentile not showing on saved reports (1244)
PDFs for large reports show the “painting a Plixer” screen for the report screen shot (1054)
Proxy server support needed for online upgrades (2608)
Recent Alarms Dashboard gadget shows UTC timestamp for Last Event and Last Notification (1112)
Regression: Traffic %, Other, and Total displaying for sFlow reports (1004)
Remove ICMP ping check from upgrades and pass through variables (2609)
Remove plixer_syslogd from systemctl on upgrade (2892)
Reparser will not redefine templates without hard restart (2882)
“Report Direct Link” doesn’t work for on-demand emailed reports (2485)
Report filters not showing up in the “Additional Filters” drop down (1259)
Reports against an exporter with no current flow data does not allow for timeframe changes. (1031)
Report threshold violation email’s URL should load the timeframe of the violation (2539)
Restore username details to alarm notifications (1999)
Run report option in report threshold violation event list does not use the saved report filters (2491)
Running single direction report via the top interfaces view returns ‘No Template’ (2883)
scrut_util –enable ram_spools blows away /etc/fstab (2684)
Scrutinizer device inactivity threshold is not triggering violations (2890)
Sflow inserting - extra data after last expected column (2697)
Show Others displaying when set to No (1267)
SonicWALL IPFIX extension templates not being read correctly in v19.X (2622)
Special case sFlow interface instances missing (2712)
Time Stamps on Line and Step Stacked 1m data source, 1m resolution overlap (1017)
Toggling Hostname resolution does not change IPs to hostnames in alarm policy views (1135)
Top asn overstates exporter count (2595)
Unable to export report to PDF or email report for SSL not using port 443 (2463)
Unable to export saved reports to CSV with space in saved report name (2506)
Update docs.plixer.com to reflect how syslog alerts are configured (2773)
Scrutinizer v19.1.1 - September 2021#
Changelog
New features
Automatically shut down non-critical features when systems are overwhelmed (2703)
Fixes
Addressed various security issues
“Sizing your environment” guide
AMI didn’t have spools on RAM disk / tuning didn’t run on AMI deployment (2646)
Changing Report Options triggers direction back to INBOUND (1060)
Character encoding issues synchronizing binary data (2794)
Flow data with a single direction could break the gear menu (1062)
Full alarm message not getting into ServiceNOW tickets (2640)
Graph and tables in a report could show different timezones (1059)
Inefficiency in building TopN view (2710)
Line and step graphs wouldn’t load after switch from a Traffic Volume report (1032)
Max locks wasn’t set high enough for some upgrades from v18 (2751)
Performance issues with host_index process (2701)
Pulling STIX TAXII threat list (2831)
Registering a new collector could overwrite meta data on the primary (2788)
Report links from threshold violations had the wrong timeframe (2785)
Resizing disks with AWS C5 instances (2696)
Timeout when migrating large historical host_index tables (2337)
Upgrades didn’t stop on database upgrade error (2638)
URL too long error from report wizard with large exporter counts (852)
Scrutinizer v19.1.0 - May 2021#
Changelog
New features
Ability to set Alarm policies to inactive or store (2231)
Autoreplicate support for multiple replicators (encrypt multiple passwords) (2111)
Cisco SDWan (Viptela) integration updated to support version 20 (2374)
Client - Server reports (261)
Copy to clipboard button to api json tab (733)
Encrypt stored keys (516)
Expanded and reworked Host Index and H2H Search (883)
Flexible notification policies based on event criteria (2060)
Include collector IP address in all vitals reports for grouping and filtering(1971)
Option to toggle Show System Policies (786)
Refactor Alarms backend for better performance (2053)
root login disabled on new deployments (2361)
Scrutinizer services not required to run as root (187)
Show Host Names and Show Acknowledged Events for Alarms(948)
Target / Violator views and filtering in Alarm Monitor(898)
Fixes
Addressed various security issues
Adding a notification profile to a saved report threshold doesn’t work (1977)
Addressed CVE-2021-28993 (2457)
AES key not syncing on upgrade affecting SNMP, AWS, and other credentials needed on a collector (2401)
Alarms takes too long to load and acknowledge (1586)
Child Groups not enforced for FA exclusion (2030)
Classic View option from user menu doesn’t work (893)
Custom URL Dashboard Gadgets not working (2214)
Fix incorrect or missing sFlow interface numbers for instances above 63 (2393)
Fix scrolling issues for Exporter Details list in Report Settings (939)
Flow collection doesn’t resume at the end of a network outage (2346)
Improve handling of truncated sFlow sampled headers (2336)
Invalid certificates in distributed upgrades (2273)
IP exclusion only checking source IP for RST/ACK and Host Reputation (2382)
LDAP login takes too long with a very large list of security groups (2300)
License Exceeded alarm detail shows no data in Alarm Monitor (2414)
Mapping: add checks and errors for duplicate map connections (313)
New UI reports do not display Host Names (793)
P2P Alarm report link not working (2307)
PDF Export of Summary Reports Top N and Overview failure (805)
Reparser crash when Linux ARP cache filled (1970)
Reverse DNS exclusions for alarms (1798)
Running out of file descriptors on heavily loaded systems (2250)
Set webui_timeout not working (2358)
Scheduled report tasks called wrong binary name after upgrade (2379)
Sorting by bytes does not account for units in Entity Views (724)
Stream bloat on heavily loaded systems could cause disk space problems (2235)
TopN views are not always populated (2279)
Valid licenses with Expired PNI/PSI eval’s prevent the upgrade from running (2217)
Vitals process crashing with extremely high MFSNs in flow streams (2090)
Scrutinizer v19.0.2 - January 2021#
Changelog
Fixes
Disabling User Does Not Invalidate Session (2075)
Distributed upgrade issue coming from 19.0.0 (2198)
Fresh v19.0.1 OVA does not use the 19.0.1 repository (2205)
Input validation needed in some forms (2076)
pg_cron memory leak (2202)
Postgres log noise from unnecessary scheduled analytics command (2118)
Session cookie value stored in local storage (2080)
Scrutinizer v19.0.1 - December 2020#
Changelog
New features
Add AWS Role Based Authentication for use in AWS (377)
Add “scrut_util –show datasize” to enumerate DB schemas and their disk usage. (1539)
Add Velocloud 4.0 IEs (tcpRttMs and tcpRetransmits) (1899)
Allow AWS flowlog polling at 1m frequency (940)
DDOS: Support IPv6 (12)
Define Allegro IEs (1633)
Document new AWS integration requirements (1992)
Enforce password policy on password change and restrict from using last four values (1235)
Entities: Hosts: Anomaly Chart (652)
Provide descriptions for AWS entity IDs (1891)
Support for new format of VPC flow logs (1890)
Summary Reports added to new UI (1459)
Summary Reports: Filtering (692)
Fixes
Alarm Report data interval default empty for large time frame events (1946)
Alarm when disabling algorithms or ML stream (1734)
Apache httpd: CWE-345: Insufficient verification of data authenticity (693)
Apache HTTP Server 2.4.0 - 2.4.39 Remote Open Redirect Vulnerability in mod_rewrite (739)
Autoreplicate support for multiple replicators (encrypt multiple passwords) (2111)
Awss3.pm:373 – get_flowlogs() encountered an error while processing s3_connection_list: Invalid data Invalid data(unknown) for aws_account_id (1942)
Cannot Filter on S3 Bucket Element aws_account_id in a designed report (765)
CEF notifications missing ‘Device Version’ (1988)
Closing the report modal doesn’t keep the report open (1917)
Collector log error sflow buffer overrun at ./protocol/sflow/buffer.hpp line 146 (1480)
Dashboards not deleted (685)
Devices blue after upgrade to version 19 (1840)
Distributed: AWS S3 secret failing when assigned to remote collector (2029)
Drilling into Policy from Collection loses consistency vs Monitor View (688)
Entity Views: sorting by bytes does not account for units (1918)
Fix rollup issue for droppedPacketDeltaCount<unsigned64> (1912)
Formula injection vulnerability in the ability to create third-party CrossCheck methods (2071)
get_flowlogs() encountered an error while processing s3_connection_list: Invalid data (-) @ 1084 for transform (1945)
Group Labels retain original input on Maps Dashboard Widget (1743)
Host2host and host index lookups to work in distributed setup (1744)
Interface names with special characters cause errors when triggering thresholds (1728)
Internal Server Error when emailing PDF report name includes / (1065)
Local file inclusion (2072)
Login banners are not working (1660)
Mapping: Show Utilization only works for percent (54)
Missing sflow records after an upgrade (2002)
multicast send failure 22: Invalid argument (1984)
NetFlow v5 sampling crashes postgres (1969)
No drill-down into Connection on Maps (1813)
Not excluding protocols by default (304)
Other Options > GeoIP links not working (1592)
pgbouncer wont start after yum update (1796)
Reparser freezes on error during minutely exporter status updates (1812)
Reparser memory leak in sFlow parser (1817)
Report filter descriptions don’t always fill in (657)
Reporting: No Data for Timeframe automatically sends to start report wizard (1879)
Reporting: Summary reports not stretching on page (744)
Report values as rates in tables are incorrect after drilling in on a graph (2021)
Secondary reporters show incorrect clock drift (696)
ServiceNow Integration doesn’t work when server response is too large (1842)
Set ‘ssl_prefer_server_ciphers’ by default (1994)
Sliding windows falling behind after upgrade to v19 (1911)
Some reports were unable to display in percent interface view (1797)
Stop ‘topping’ the graphs (765)
The application is running a vulnerable version of Apache (2068)
The application is running a vulnerable version of Perl (2069)
The plixer.idp.login_url field appears to be vestigial (1579)
Too many open files (1981)
Unable to disable unlicensed FA features (1930)
Unable to Exclude IP address from DDoS algorithim (1316)
Unrecognized key type: AWSLogs/xxxxxxxxxxx/ inc/lib/plixer/scrutinizer/awss3.pm line 547 (1941)
Using LDAP user is authenticated but never added to a group when group list was too long (1920)
VPC Flow Logs should be cleaned up more aggressively (1482)
XSS Vulnerability in old UI mechanism to create groups (2070)
Scrutinizer v19.0.0 - August 2020#
Changelog
Important
Custom alarm policies are no longer supported. The Report Threshold Violation policy can be assigned one notification profile only.
New features
Address data encryption in Scrutinizer (370)
Advanced security algorithms (903)
Advanced threat intelligence feeds (481)
CEF notification action (1411)
DDOS: Support IPv6 (12)
Domain reputation checking (1142)
Host to host flow connection search (783)
Initial Collections implementation (371)
JA3 fingerprinting support (1144)
Machine learning for network-specific events (1153)
Machine learning for security-specific events (1152)
magicbus_fdw: Avro serialization (476)
ML forecasting in Scrutinizer (1256)
New licensed features (1215)
New workflow-based user interface (9)
Plixer Replicator integration (784)
Require a license key for free mode (780)
ServiceNow integration (1258)
SNMP Enterprise MIB support for Viptela (717)
STIXV1 IP watchlist import (1006)
STIXV2 IP watchlist import (1007)
Streaming support for customer data lakes (782)
Support for content updates (781)
Support for new VeloCloud information elements (727)
TAXII 2 feed support for IP indicators (1008)
Update the Silverpeak IPFIX information elements (874)
Use tenant_id for db ROLE (740)
Fixes
Define missing Cisco IEs (unknown_9_20000) (820)
Define the unknown_elements for Viptela IPFIX exports (865)
Failed “system updates” report “no updates available” (541)
Insecure Direct Object Reference (749)
Saved Reports Folder changes are not audited (636)
scrut_util –collect db_size is timing out (1196)
scrut_util.exe –collect asa_acl gives error Use of uninitialized value $debug in concatenation (614)
Vitalser Memory Leak (767)
Scrutinizer v18.20 - April 2020#
Changelog
New features
CentOS 7 : kernel update (2176)
Change default eval key to 14 days (2190)
New VeloCloud information elements (2073)
Optimized sFlow collection (496)
PostgreSQL security release 10.12 (2177)
Security updates (2154)
SNMP Enterprise MIB support for Viptela (2164)
Updated Silverpeak IPFIX information elements (2165)
Fixes
Fixed issue with totals when both ingress and egress flows are exported (2196)
Reporting issues when 0 byte flows are excluded (2179)
Saved report dashboard gadgets always display in totals (2167)
sFlow traffic discrepancies (2156)
Scrutinizer v18.18 - December 2019#
Changelog
New features
Add SSO authentication method to the manual (2039)
Many updates, improvements, and clarifications in documentation (2051)
New VeloCloud reports (1939)
New Viptela reports (2124)
Option template based descriptions for VeloCloud LinkUUID (2133)
Set admin password to instance_id for AMIs (2036)
Fixes
255 character limitation for ‘Security Groups Allowed’ when configuring LDAP integration (1816)
Auto refreshing pages would prevent session timeout (1441)
Create scheduled reports was also requiring admin tab permission (421)
Expand Disk scrut_util commands now support NVME drives (2041)
Fixed memory leak in vitalser (2041)
If an IdP certificate is not provided, SAMLRequests should be unsigned (2106)
Improved column naming in some VeloCloud reports (1936)
PDF report displays no data when data is present (2040)
Protocol exclusions were not audited (1756)
Resolve a harmless UDP receive buffer error (1985)
Resolve timeout for FA reverse DNS exlusions wasn’t using setting from admin tab (1405)
Session timeout based on backend activity, not frontend activity (2030)
SSO - Submitting metadata XML via the admin view form incorrectly parses out tags (2107)
Viptela reports would sometimes not show all vEdge hosts (1992)
We now exclude 0 byte flows biFlow records for reporting and FA (1536)
Scrutinizer v18.16 - September 2019#
Changelog
New features
Ability to Add/remove/update Defined Applications via the API (891)
Alarm when authentication tokens will expire in 30 days or have expired (937)
Appliance self migration from CentOS 6 to CentOS 7 (826)
Audit logs can now be expired after a configurable duration (1171)
Changed AWS Flow Log collection to use S3 buckets and added support for multiple regions and customer IDs (378)
Deleting an exporter doesn’t block collection (992)
FDW option to Database migrator for faster PostgreSQL migrations (1205)
Flow inactivity alarms are now checked across a distributed cluster and are per exporter rather than per interface (1254)
Permission configuration on a role basis (270)
Removed device specific status notifications (1099)
Service Now Notification support (569)
Single-Sign-On support through SAML 2.0 (897)
Support for Fortinet application names (1425)
Support for Gigamon Application Intelligence (1832)
Support Nokia (formerly ‘Alcatel-Lucent’) IPFIX (1735)
VeloCloud SD-WAN reports (550)
Viptela SD-WAN reports (16)
Fixes
‘Truncate map labels’ was grabbing an extra character sometimes (700)
Added stray columnar file check and alarm policy (1231)
Addressed an issue with flow class sequence numbers with distributed upgrades (753)
Addressed issue with ASA ACL collection when the reporter can not communicate with all firewalls (1447)
Advanced TCP flag filters using strings would generate log noise (1527)
Allow snmpSystem details longer than 255 characters (1392)
AMI: set partitions doesn’t remount pg_stat_tmp as a RAM drive (1066)
Autofilling IP on host search from report tables (1140)
Backup method documentation on docs.plixer.com (1506)
Clarify several log error messages, and reduce their volume (846)
Collect support files includes the PostgreSQL log (1385)
Dashboards with multiple saved report gadgets cause oops errors (1544)
DB disk usage stats did not always expire on distributed installs (1322)
Defined application changes now realized on distributed collectors w/o a collector restarts (1297)
Developer tasks_view hours filter causes Internal Server Error (500) (1542)
Errors from set tuning when two changes require a collector restart (1422)
Getting Internal Server Error (500) when trying to access Maps > CrossCheck and Service Level Reports (1431)
Higher default timeouts for collect asa_acl task (1085)
Improved performance of Persistent Flow Risk algorithm (1536)
Issue where deleted exporters may not be cleared out of LED stats table (1079)
Issue where system updates could revert a setting causing “Panic: Can’t find temp dir” errors and the interface failing to load (1082)
Issue with alarm details and FQDN data for clusters using DB encryption (1314)
Issue with Auto SNMP Update not disabling all SNMP calls (1158)
Issue with LDAP/TACACS usernames being case sensitive (1458)
Issue with load time of Admin > Host names view (1272)
Issue with running yum update on AWS EC2 instances (1249)
Issue with special characters in PRTG integration (1117)
LDAP authentication was not failing over to try other servers (1489)
LDAP group checking was using sAMAccountName instead of the value specified in the configuration page (1668)
Map object icons change colors based on polling availability (1691)
Migrated totals tables have the wrong scrut_templateid (1556)
Migration from 16.3 mysql to 18.14 removed dashboard gadget permissions (1663)
Monitor association of /var/db/fast and RAM spools (1239)
New reparser performance (1632)
Payload size preventing CSV rendering of reports (1733)
Peak values being less then the total values in the volume -> traffic volume reports (1588)
PostgreSQL logs using too much disk space (1209)
Removed admin restriction on running group level reports (841)
Reporting across migrated data and new data doesn’t use the migrated totals tables (1553)
Saved reports belonging to users that no longer exist would not show up in report folders (1789)
Schedule emails will now use the theme from Admin > Settings > System Preferences (185)
Scheduled reports last sent time used incorrect (1142)
Some administrative changes for authentication did not generate audit events (1440)
Some English values in foreign language themes were out of date (1599)
Some Scrutinizer custom gadgets break the ability to add any gadget for all users (900)
Special characters in notification profile breaks threshold’s ‘save & edit policy’ option (1229)
SQL GROUP BY ERROR in the collector log (1145)
The ability to use an auth token with any URL (308)
The default group was not being set correctly for new users (1731)
UNION SELECT errors in migrator (1132)
UTF8 issue with Japanese characters in email alert notifications (636)
Warnings when an exporter sends the same multiplier data two different ways as long as what it sends is consistent (1120)
- NOTE: (1458)*
User accounts are no longer case sensitive when being checked on login. If multiple user accounts existed in Scrutinizer prior to the upgrade which were identical except for case, the excess accounts should be deleted from the interface.
Scrutinizer v18.14 - May 2019#
Changelog
New features
Now including cstore table conversion script in utils (873)
Improved default work_mem settings (951)
Fixes
“Save password” error when navigating from group membership (832)
‘unhandled multicast message’ in the collector log (714)
Acknowledging Multiple Pages of an Alarm, acknowledges all alarms (676)
A slow connection could impact API latency LED for other collectors (971)
Backup exporters count against licensing even if same IP is already active (851)
Cleanup logging for sFlow exports from Cumulus Router (895)
DB process needs priority over other processes when system runs out of memory (640)
Drilling in on an interval from volume reports could display the wrong timeframe (963)
Drilling into Palo Alto User Report generates a blank pop up (780)
Error when changing exporter status (850)
First time LDAP authentication would fail if local authentication is disabled (904)
Interface thresholds would only violate if there was both inbound and outbound traffic (872)
IP group detection not working for v6 addresses (894)
Issue when upgrading from version 16.7 (790)
Issue where exporters sending bad timestamps would freeze spool file processing (793)
Issue with business hours ending at midnight (903)
Issue with NTP daemon not starting automatically on some installs (990)
Issue with the scale APM outbound jitter was displayed in (1019)
Large number of DrDOS violations could crash process (849)
Not all interface names are collected from FireSIGHT (896)
One exporter not collecting when at maximum license count for exporters (1130)
Reparser could not connect to the DB with a space in the password (1063)
Report Designer not saving added row (778)
Scheduled reports attaching wrong pdf to email (956)
TACACS authentication would work if disabled but configured (1009)
Top Interfaces summarization timing out with high interface count (784)
Updated DRDOS thresholds to be ratios instead of fixed packet counts (1004)
Scrutinizer v18.12.14 - January 2019#
Changelog
New features
“User Accounts” permission to allow restriction of Scrutinizer user account creation (299)
Added option to disable CrossCheck threshold notifications (447)
FireSIGHT integration includes username support (111)
FireSIGHT integration includes interface names (112)
FQDN reports are back and better performing (87)
Group reports now include members of child groups (274)
Interface threshold checks are now done once a minute and check one minute of data (105)
Realtime DDOS and DRDOS detection before data is written to disk (10)
Fixes
Add Audit messages when connections to LDAP servers fail (26415)
Faster Defined Application tagging (26874)
Faster report CSV generation (132)
FireSIGHT integration detects connection loss and attempts to reconnect to FirePOWER (167)
Fixed username filtering when name is based on IPv6 address (26768)
Installer no longer displays post install script errors (319)
Link Back Host set to the wrong port on a deployed AMI (301)
PostgreSQL log rotation (263)
Rate values for Trend reports are now based on graph interval (267)
Top interfaces values were understated for sFlow exporters sending multiple totals flows per minute (177)
Scrutinizer v18.9 - September 2018#
Changelog
Fixes
Backslash in LDAP passwords caused issue on upgrade (26613)
Fixed issue editing designed reports with some manufactured columns in them (26650)
Fixed issue using Gmail to send emails (26579)
Fixed issue with editing designed reports (26602)
Fixed issue with emailing table views (26587)
Fixed issue with flow vitals when packets contain multiple flow sets for the same template (26699)
Fixed issue with interface permissions in mapping (26652)
Fixed issue with map labels in dashboards (26619)
Fixed issue with multiple defined applications on the same IP (26874)
Fixed issue with row limiting in CSV files (26655)
Fixed issue with threshold details not being cleared out when switching reports (26632)
Fixed issue with top N gadgets and exporters only sending egress flows (26550)
Fixed issue with TopN subnets gadget and SAF aggregation (26600)
Fixed the Analytics Violation Overview link on the Alarms tab (26557)
Improved contrast for some icons in dark themes (26511)
Multiple subnet filters issue in MySQL (26629)
Postgres installs - improved reporting temp table performance (26735)
Reporting: Top 10 rows on any page are now color coded as the graph (26731)
System user was counting against licensing limits (26536)
Scrutinizer v18.7 - July 2018#
Changelog
New features
Added QRadar Integration (23542)
Changed dashboard gadget behavior to improve usability and clearly display gadget titles (26194)
Numerous improvements to the manual (26310)
Fixes
Addressed upgrade issue related to DB locking (26350)
Audits from IPv6 hosts are now correctly received and recorded (26042)
AWS instances would not upgrade if on Postgres 9.5 (26370)
Could not generate PDFs of reports in Japanese (26372)
Decreased time necessary to run upgrades (26318)
Double tooltip when mousing over report graph (25504)
Fixed filtering on AS number under Admin > Definitions > Autonomous Systems (26431)
Fixed issue with Japanese characters in emailed reports (26373)
Fixed issue with making dashboards visible to a user group (26451)
Flickering issue with report graphs when loading a report (24546)
Forensic filters were not forcing change to forensic data (26406)
Formatting issues in Maps Tab alerts (25156)
Improved dashboard gadget behavior based on customer feedback (26358)
Issues with input parameters for the Users API (26298)
Links from alarms heatmap were not working (26342)
Maps couldn’t be saved in dashboard gadgets (26371)
Optimized rollups (26317)
Other Options > Search link not working (26395)
Peaks in totals tables were 5 minute byte counts rather than 1 minute byte counts (26399)
Reparser: Fix understatement of NetFlow v9 flow volume in vitals report (26360)
Tuning would too aggressively set roller memory (26345)
* This is the last supported release for the CentOS 6 and MariaDB platforms
Scrutinizer v18.6 - June 2018#
Changelog
New features
Ability to acknowledge alarms with any combination of filters (15154)
Ability to customize the login page (24452)
Ability to edit URLs for custom gadgets (24134)
Ability to exclude domain names from flow analytics (23924)
Ability to filter on a port range (21522)
Ability to grant dashboards to other users / groups (24661)
Ability to manage interface details via API (20068)
Ability to schedule operating system updates (26187)
All interface reports now account for metering on each interface in the report (21744)
Automatically detect which SNMP credentials to use for exporters (19981)
Columnar store support for AWS Scrutinizers (24297)
Default PostgreSQL datastore is columnar. Better disk space utilization and IO performance. (24781)
DrDoS detection for memcached and CLDAP attacks (25396)
Full back button support (18291)
Full foreign datastore support in collection and rollups (23478)
Host -> AS -> Host reports for additional BGP reporting (21770)
Improved support for configuration of multiple LDAP servers and domains (24600)
Major release upgrade to PostgreSQL 9.6 and 10 (22220)
Manufactured columns can be included in the report designer (17589)
Milliseconds now included with formatted timestamps where applicable (24164)
Performance improvements for flow class lookups (24948)
Report IP Group with protocol and defined applications (25216)
scrut_util command to enable/disable ipv6 (22773)
scrut_util command to disable ping for devices that have not responded (16826)
Support for Flowmon probe elements (25289)
Support IPv4-mapped IPv6 addresses in subnet and ipgroup filters (PostgreSQL) (25077)
Test button for LDAP/RADIUS/TACACS setup (9911)
User can be locked out after n failed login attempts (23267)
Fixes
‘cancel report’ button truly cancels backend reporting requests. (24899)
Addressed CVE-2014-8109 (25419)
Addressed issue reporting on multiple interfaces with different metering configured (24659)
Audit report times now display as clients timezone (25399)
Cleaned up log noise from Cisco ISE data collection (25027)
Device menu in Google maps (24993)
Donut/Pie Graph not available in Top -> Interfaces report (24875)
Flow metrics vitals times now align with ingestion time (12972)
FlowPro APM jitter report (25323)
Issue with generating PDF with device group filters (24703)
Issue with Queue Drops >> Queue Drops By Hierarchy (25660)
Latency reports per exporter (24115)
Map interface utilization arrows always pointed in the same direction (24893)
Remove memcached external exposure CVE-2017-9951 (25317)
Restrict PaloAlto username collection to only internal IPs (24790)
Scheduled reports font issue on AWS (25111)
Some timezones were duplicated in the selector (24107)
Stop showing disabled exporters in the exporters LED (22654)
Tidy up loose ends when deleting exporters. Deleted exporters will stay deleted. (22588)
Ungrouped now visible by non-admin users (22530)
Scrutinizer v17.11 - November 2017#
Changelog
New features
Support for Oracle cloud (24685)
Fixes
Collector appears down after Daylight Savings Time change (24616)
Localhost Unlicensed after upgrade to 17.10 (24586)
Potential short gap in rollups after collector restart (24647)
Save button for filters would go away if field was selected, but not changed (24560)
Vitals errors when a user with a long UID is created (24500)