Version 19.2.0 - May 2022

Plixer Scrutinizer

New Features

- Added option to toggle how device group hierarchy is displayed (153)

- Prioritize exporters that get disabled last in the event that a license overage causes some exporters to be disabled (203)

- Ship Scrutinizer with sysbench and a test script in files (1269)

- Expand CEF message content to include ports and usernames (2001)

- Improve messaging on “Unapproved Transport Protocols” alarm page (2161)

- AWS flowlogs: add support for new version 5 fields (2410)

- Workflow Issue: Unapproved Protocol Policy report pivot should include protocol filter (2426)

- AWS S3 Test Button: test the required permissions (2428)

- Improved alarm policies report link filters (2468)

- Run Report on Packet Flood event does not filter on the traffic that triggered the alert (2499)

- Don’t use unencrypted connections for upgrades (port 80) (2607)

- Include shortened report URL in Report Threshold policy (2636)

- Create some new AWS reports for v5 elements (2651):

- Audit log entries for key management/encryption changes (2723)

- Ability to set a key lifetime (2724)

- VPC flow logs now require interface-id and flow-direction. (2817)

Fixes

- Addressed various security issues

- Fixed issue where configuration wouldn’t synchronize when all settings are removed (473)

- Admin > Settings > Proxy Server has been renamed ‘Google Maps Proxy Server’ (941)

- PDFs for large reports show the “painting a Plixer” screen for the report screen shot (1054)

- Device tree hierarchy doesn’t carry over to usergroups with explicit device group permissions (1500)

- Restore username details to alarm notifications (1999)

- Distributed data expiry errors without events/trends (2190)

- Deactivate Sliding Windows when FA algos are disabled (2310)

- ACL ‘Like’ filters don’t work for ACL Descriptions (2312)

- DDoS and DRDoS alarms no longer present CSV access to the offender source list (2343)

- AWS S3 Test Button: test from the specified collector (2355)

- Improved Incident Correlation Algorithm (2380)

- Emailed reports from Report Threshold alert sometimes have incomplete report images (2413)

- ipfixify-template filepath updated in manual (2445)

- Unable to Export Report to PDF or Email Report for SSL not using port 443 (2463)

- “Report Direct Link” doesn’t work for on-demand emailed reports (2485)

- Run Report option in Report Threshold Violation event list does not use the saved report filters (2491)

- Unable to export saved reports to CSV with space in saved report name (2506)

- Report Threshold Violation Email’s URL should load the timeframe of the violation (2539)

- inserter.pm stops polling for SAFs, sampled SAFs, totals if the database is temporarily unavailable (2556)

- Graph and Table show in different timezones (2562)

- Top asn overstates exporter count (2595)

- Proxy server support needed for online upgrades (2608)

- Remove ICMP Ping check from upgrades and pass through variables (2609)

- Enable SSL as the default for offline repo servers (2618)

- SonicWALL IPFIX extension templates not being read correctly in v19.X (2622)

- AWS Flow reports - can’t filter on the interface (2630)

- AWS flowlogs temp dir missing after upgrade to 19.1.0 (2670)

- allowed transports aren’t sync’d to all collector nodes (2675)

- FA NULL scan Algo doesn’t exclude destinations (2681)

- scrut_util –enable ram_spools blows away /etc/fstab (2684)

- Sflow inserting - Extra data after last expected column (2697)

- Latency Value ingesting from Ixia not show up properly on Scrutinizer UI (2709)

- Special case sFlow interface instances missing (2712)

- FA Worm Algos don’t exclude hosts (2732)

- Update docs.plixer.com to reflect how syslog alerts are configured (2773)

- events.backfill_summaries() crashing with ddos events (2774)

- FA Breach algo doesn’t exclude servers (2805)

- An offline update server with self signed certificates may try http (rather than https) and fail (2812)

- Host Index is now configured in Flow Analytics (2856)

- %m in syslog notifications includes CEF (2870)

- Reparser will not redefine templates without hard restart (2882)

- Running single direction report via the top interfaces view returns ‘No Template’ (2883)

- Scrutinizer device inactivity threshold is not triggering violations (2890)

- Remove plixer_syslogd from systemctl on upgrade (2892)

- FCGI Timeout settings removed after upgrade (2893)

- Install fails with dependency error on ‘device-mapper-multipath’ (2905)

- Distributed Upgrade hanging at TASK [Gathering Facts] (2907)

- Disabling an Algorithm does not remove its exporters from plixer.streams_config (2944)

- FA Reverse Shell doesn’t exclude source (2952)

- Low spool disk space “FA streaming was disabled” does not disabe FA streaming (2979)

- Event Policy Customization Improvements (2985)

- Events with empty target/violator lists crash the policy view (3010)

Plixer Scrutinizer UI

New Features

- Unapproved Protocol Policy third donut chart now has top hosts using protocol (966)

- Include Time Zone in the report date/time display (1012)

- Monitor -> Network Maps Grid view delete option (1030)

- Better DNS Resolve Setting description (1053)

- Latest alarm message to events table (1199)

- CSV links in Policy entity (1207)

Fixes

- Naming a dashboard “Network” in V19.0.2 renames it to “Subnet” (909)

- History Navigation shows Alarms by ID instead of English Description (924)

- Navigating into alarm monitor sometimes throws an ExpiredRequestID error (975)

- inbound and outbound interface reports from explore device tab do not apply the correct filter (988)

- Regression: Traffic %, Other, and Total displaying for sFlow reports (1004)

- New UI doesn’t use the time zone user preference in reports (1013)

- Time Stamps on Line and Step Stacked 1m data source, 1m resolution overlap (1017)

- Deleting the default collection causes “notExists” error when trying to add to the default collection (1027)

- Host Entity View -Top Alarms bell icon mouseover text does not align with click action. (1029)

- Reports against an exporter with no current flow data does not allow for timeframe changes. (1031)

- New UI | Explore -> Interfaces -> Refresh Rate is not saved (1033)

- Changing Report Options triggers direction back to INBOUND when bidirectional is allowed (1038)

- Clicking the add or remove selected buttons keeps the tooltip on screen (1050)

- Recent Alarms Dashboard gadget shows UTC timestamp for Last Event and Last Notification (1112)

- Explore: Devices not using User Default Unit setting - Shows Percent always (1113)

- Toggling Hostname resolution does not change IPs to hostnames in alarm policy views (1135)

- Device/Interface report filter inconsistent with the Show DNS or IP modes (1216)

- Host to Host Index search doesn’t render a report menu when clicking exporter hyperlinks (1218)

- Alarms Monitor Filtering Option by Violators/Targets returning “noDataAvailable” (1221)

- CSV export of a report loses DNS names (1241)

- PDF export of report only shows 10 lines (1242)

- Peak and 95th Percentile not showing on saved reports (1244)

- Report filters not showing up in the “Additional Filters” drop down (1259)

- Show Others displaying when set to No (1267)

Machine Learning Engine

New Features

- Add ML Engine metrics to Vitals reports (338)

- Support high availability (419)

- Support Zerologon detection (446)

- Support SIGRed detection (447)