For more details on the new features below, reference the Plixer website and Scrutinizer documentation.

KEY: ACTION: (Ticket Number) description

Ex. ADDED: (1640) Thresholds based on outbound traffic

Change Log History


Version 19.0.0 - August 2020


Custom alarm policies are no longer supported. The Report Threshold Violation policy can be assigned one notification profile only.

ADDED: (9) New workflow-based user interface
ADDED: (12) DDOS: Support IPv6
ADDED: (370) Address data encryption in Scrutinizer
ADDED: (371) Initial Collections implementation
ADDED: (476) magicbus_fdw: Avro serialization
ADDED: (481) Advanced threat intelligence feeds
ADDED: (717) SNMP Enterprise MIB support for Viptela
ADDED: (727) Support for new VeloCloud information elements
ADDED: (740) Use tenant_id for db ROLE
ADDED: (780) Require a license key for free mode
ADDED: (781) Support for content updates
ADDED: (782) Streaming support for customer data lakes
ADDED: (783) Host to host flow connection search
ADDED: (784) Plixer Replicator integration
ADDED: (874) Update the Silverpeak IPFIX information elements
ADDED: (903) Advanced security algorithms
ADDED: (1006) STIXV1 IP watchlist import
ADDED: (1007) STIXV2 IP watchlist import
ADDED: (1008) TAXII 2 feed support for IP indicators
ADDED: (1142) Domain reputation checking
ADDED: (1144) JA3 fingerprinting support
ADDED: (1152) Machine learning for security-specific events
ADDED: (1153) Machine learning for network-specific events
ADDED: (1215) New licensed features
ADDED: (1256) ML forecasting in Scrutinizer
ADDED: (1258) ServiceNow integration
ADDED: (1411) CEF notification action
FIXED: (541) Failed “system updates” report “no updates available”
FIXED: (614) scrut_util.exe –collect asa_acl gives error Use of uninitialized value $debug in concatenation
FIXED: (636) Saved Reports Folder changes are not audited
FIXED: (749) Insecure Direct Object Reference
FIXED: (767) Vitalser Memory Leak
FIXED: (820) Define missing Cisco IEs (unknown_9_20000)
FIXED: (865) Define the unknown_elements for Viptela IPFIX exports
FIXED: (1196) scrut_util –collect db_size is timing out

Version 18.20 - April 2020

ADDED: (496) Optimized sFlow collection
ADDED: (2073) New VeloCloud information elements
ADDED: (2154) Security updates
ADDED: (2164) SNMP Enterprise MIB support for Viptela
ADDED: (2165) Updated Silverpeak IPFIX information elements
ADDED: (2176) CentOS 7 : kernel update
ADDED: (2177) PostgreSQL security release 10.12
ADDED: (2190) Change default eval key to 14 days

FIXED: (2156) sFlow traffic discrepancies
FIXED: (2167) Saved report dashboard gadgets always display in totals
FIXED: (2179) Reporting issues when 0 byte flows are excluded
FIXED: (2196) Fixed issue with totals when both ingress and egress flows are exported

Version 18.18 - December 2019

ADDED: (1939) New VeloCloud reports
ADDED: (2036) Set admin password to instance_id for AMIs
ADDED: (2039) Add SSO authentication method to the manual
ADDED: (2051) Many updates, improvements, and clarifications in documentationi
ADDED: (2124) New Viptela reports
ADDED: (2133) Option template based descriptions for VeloCloud LinkUUID

FIXED: (421) Create scheduled reports was also requiring admin tab permission
FIXED: (1441) Auto refreshing pages would prevent session timeout
FIXED: (1405) Resolve timeout for FA reverse DNS exlusions wasn’t using setting from admin tab
FIXED: (1536) We now exclude 0 byte flows biFlow records for reporting and FA
FIXED: (1756) Protocol exclusions were not audited
FIXED: (1816) 255 character limitation for ‘Security Groups Allowed’ when configuring LDAP integration
FIXED: (1936) Improved column naming in some VeloCloud reports
FIXED: (1985) Resolve a harmless UDP receive buffer error
FIXED: (1992) Viptela reports would sometimes not show all vEdge hosts
FIXED: (2030) Session timeout based on backend activity, not frontend activity
FIXED: (2040) PDF report displays no data when data is present
FIXED: (2041) Expand Disk scrut_util commands now support NVME drives
FIXED: (2106) If an IdP certificate is not provided, SAMLRequests should be unsigned
FIXED: (2107) SSO - Submitting metadata XML via the admin view form incorrectly parses out tags
FIXED: (2041) Fixed memory leak in vitalser

Version 18.16 - September 2019

ADDED: (16) Viptela SD-WAN reports
ADDED: (270) Permission configuration on a role basis
ADDED: (378) Changed AWS Flow Log collection to use S3 buckets and added support for multiple regions and customer IDs
ADDED: (550) VeloCloud SD-WAN reports
ADDED: (569) Service Now Notification support
ADDED: (826) Appliance self migration from CentOS 6 to CentOS 7
ADDED: (891) Ability to Add/remove/update Defined Applications via the API
ADDED: (897) Single-Sign-On support through SAML 2.0
ADDED: (937) Alarm when authentication tokens will expire in 30 days or have expired
ADDED: (992) Deleting an exporter doesn’t block collection
ADDED: (1099) Removed device specific status notifications
ADDED: (1171) Audit logs can now be expired after a configurable duration
ADDED: (1205) FDW option to Database migrator for faster PostgreSQL migrations
ADDED: (1254) Flow inactivity alarms are now checked across a distributed cluster and are per exporter rather than per interface
ADDED: (1425) Support for Fortinet application names
ADDED: (1735) Support Nokia (formerly ‘Alcatel-Lucent’) IPFIX
ADDED: (1832) Support for Gigamon Application Intelligence
FIXED: (185) Schedule emails will now use the theme from Admin > Settings > System Preferences
FIXED: (308) The ability to use an auth token with any URL
FIXED: (636) UTF8 issue with Japanese characters in email alert notifications
FIXED: (700) ‘Truncate map labels’ was grabbing an extra character sometimes
FIXED: (753) Addressed an issue with flow class sequence numbers with distributed upgrades
FIXED: (841) Removed admin restriction on running group level reports
FIXED: (846) Clarify several log error messages, and reduce their volume
FIXED: (900) Some Scrutinizer custom gadgets break the ability to add any gadget for all users
FIXED: (1066) AMI: set partitions doesn’t remount pg_stat_tmp as a RAM drive
FIXED: (1079) Issue where deleted exporters may not be cleared out of LED stats table
FIXED: (1082) Issue where system updates could revert a setting causing “Panic: Can’t find temp dir” errors and the interface failing to load
FIXED: (1085) Higher default timeouts for collect asa_acl task
FIXED: (1117) Issue with special characters in PRTG integration
FIXED: (1120) Warnings when an exporter sends the same multiplier data two different ways as long as what it sends is consistent
FIXED: (1132) UNION SELECT errors in migrator
FIXED: (1140) Autofilling IP on host search from report tables
FIXED: (1142) Scheduled reports last sent time used incorrect
FIXED: (1145) SQL GROUP BY ERROR in the collector log
FIXED: (1158) Issue with Auto SNMP Update not disabling all SNMP calls
FIXED: (1209) PostgreSQL logs using too much disk space
FIXED: (1229) Special characters in notification profile breaks threshold’s ‘save & edit policy’ option
FIXED: (1231) Added stray columnar file check and alarm policy
FIXED: (1239) Monitor association of /var/db/fast and RAM spools
FIXED: (1249) Issue with running yum update on AWS EC2 instances
FIXED: (1272) Issue with load time of Admin > Host names view
FIXED: (1297) Defined application changes now realized on distributed collectors w/o a collector restarts
FIXED: (1314) Issue with alarm details and FQDN data for clusters using DB encryption
FIXED: (1322) DB disk usage stats did not always expire on distributed installs
FIXED: (1385) Collect support files includes the PostgreSQL log
FIXED: (1392) Allow snmpSystem details longer than 255 characters
FIXED: (1422) Errors from set tuning when two changes require a collector restart
FIXED: (1431) Getting Internal Server Error (500) when trying to access Maps > CrossCheck and Service Level Reports
FIXED: (1440) Some administrative changes for authentication did not generate audit events
FIXED: (1447) Addressed issue with ASA ACL collection when the reporter can not communicate with all firewalls
FIXED: (1458)* Issue with LDAP/TACACS usernames being case sensitive
FIXED: (1489) LDAP authentication was not failing over to try other servers
FIXED: (1506) Backup method documentation on
FIXED: (1527) Advanced TCP flag filters using strings would generate log noise
FIXED: (1536) Improved performance of Persistent Flow Risk algorithm
FIXED: (1542) Developer tasks_view hours filter causes Internal Server Error (500)
FIXED: (1544) Dashboards with multiple saved report gadgets cause oops errors
FIXED: (1553) Reporting across migrated data and new data doesn’t use the migrated totals tables
FIXED: (1556) Migrated totals tables have the wrong scrut_templateid
FIXED: (1588) Peak values being less then the total values in the volume -> traffic volume reports
FIXED: (1599) Some English values in foreign language themes were out of date
FIXED: (1632) New reparser performance
FIXED: (1663) Migration from 16.3 mysql to 18.14 removed dashboard gadget permissions
FIXED: (1668) LDAP group checking was using sAMAccountName instead of the value specified in the configuration page
FIXED: (1691) Map object icons change colors based on polling availability
FIXED: (1731) The default group was not being set correctly for new users
FIXED: (1733) Payload size preventing CSV rendering of reports
FIXED: (1789) Saved reports belonging to users that no longer exist would not show up in report folders
NOTE: (1458)*
User accounts are no longer case sensitive when being checked on login. If multiple user accounts existed in Scrutinizer prior to the upgrade which were identical except for case, the excess accounts should be deleted from the interface.

Version 18.14 - May 2019

ADDED: (873) Now including cstore table conversion script in utils
ADDED: (951) Improved default work_mem settings

FIXED: (640) DB process needs priority over other processes when system runs out of memory
FIXED: (676) Acknowledging Multiple Pages of an Alarm, acknowledges all alarms
FIXED: (714) ‘unhandled multicast message’ in the collector log
FIXED: (778) Report Designer not saving added row
FIXED: (780) Drilling into Palo Alto User Report generates a blank pop up
FIXED: (784) Top Interfaces summarization timing out with high interface count
FIXED: (790) Issue when upgrading from version 16.7
FIXED: (793) Issue where exporters sending bad timestamps would freeze spool file processing
FIXED: (832) “Save password” error when navigating from group membership
FIXED: (849) Large number of DrDOS violations could crash process
FIXED: (850) Error when changing exporter status
FIXED: (851) Backup exporters count against licensing even if same IP is already active
FIXED: (872) Interface thresholds would only violate if there was both inbound and outbound traffic
FIXED: (894) IP group detection not working for v6 addresses
FIXED: (895) Cleanup logging for sFlow exports from Cumulus Router
FIXED: (896) Not all interface names are collected from FireSIGHT
FIXED: (903) Issue with business hours ending at midnight
FIXED: (904) First time LDAP authentication would fail if local authentication is disabled
FIXED: (956) Scheduled reports attaching wrong pdf to email
FIXED: (963) Drilling in on an interval from volume reports could display the wrong timeframe
FIXED: (971) A slow connection could impact API latency LED for other collectors
FIXED: (990) Issue with NTP daemon not starting automatically on some installs
FIXED: (1004) Updated DRDOS thresholds to be ratios instead of fixed packet counts
FIXED: (1009) TACACS authentication would work if disabled but configured
FIXED: (1019) Issue with the scale APM outbound jitter was displayed in
FIXED: (1063) Reparser could not connect to the DB with a space in the password
FIXED: (1130) One exporter not collecting when at maximum license count for exporters

Version 18.12.14 - January 2019

ADDED: (10) Realtime DDOS and DRDOS detection before data is written to disk
ADDED: (87) FQDN reports are back and better performing
ADDED: (105) Interface threshold checks are now done once a minute and check one minute of data
ADDED: (111) FireSIGHT integration includes username support
ADDED: (112) FireSIGHT integration includes interface names
ADDED: (274) Group reports now include members of child groups
ADDED: (299) “User Accounts” permission to allow restriction of Scrutinizer user account creation
ADDED: (447) Added option to disable CrossCheck threshold notifications

FIXED: (132) Faster report CSV generation
FIXED: (167) FireSIGHT integration detects connection loss and attempts to reconnect to FirePOWER
FIXED: (177) Top interfaces values were understated for sFlow exporters sending multiple totals flows per minute
FIXED: (263) PostgreSQL log rotation
FIXED: (267) Rate values for Trend reports are now based on graph interval
FIXED: (301) Link Back Host set to the wrong port on a deployed AMI
FIXED: (319) Installer no longer displays post install script errors
FIXED: (26415) Add Audit messages when connections to LDAP servers fail
FIXED: (26768) Fixed username filtering when name is based on IPv6 address
FIXED: (26874) Faster Defined Application tagging

Version 18.9 - September 2018

FIXED: (26874) Fixed issue with multiple defined applications on the same IP
FIXED: (26511) Improved contrast for some icons in dark themes
FIXED: (26536) System user was counting against licensing limits
FIXED: (26550) Fixed issue with top N gadgets and exporters only sending egress flows
FIXED: (26557) Fixed the Analytics Violation Overview link on the Alarms tab
FIXED: (26579) Fixed issue using Gmail to send emails
FIXED: (26587) Fixed issue with emailing table views
FIXED: (26600) Fixed issue with TopN subnets gadget and SAF aggregation
FIXED: (26602) Fixed issue with editing designed reports
FIXED: (26613) Backslash in LDAP passwords caused issue on upgrade
FIXED: (26619) Fixed issue with map labels in dashboards
FIXED: (26629) Multiple subnet filters issue in MySQL
FIXED: (26632) Fixed issue with threshold details not being cleared out when switching reports
FIXED: (26650) Fixed issue editing designed reports with some manufactured columns in them
FIXED: (26652) Fixed issue with interface permissions in mapping
FIXED: (26655) Fixed issue with row limiting in CSV files
FIXED: (26699) Fixed issue with flow vitals when packets contain multiple flow sets for the same template
FIXED: (26731) Reporting: Top 10 rows on any page are now color coded as the graph
FIXED: (26735) Postgres installs - improved reporting temp table performance

Version 18.7 - July 2018

ADDED: (23542) Added QRadar Integration
ADDED: (26194) Changed dashboard gadget behavior to improve usability and clearly display gadget titles
ADDED: (26310) Numerous improvements to the manual

FIXED: (24546) Flickering issue with report graphs when loading a report
FIXED: (25156) Formatting issues in Maps Tab alerts
FIXED: (25504) Double tooltip when mousing over report graph
FIXED: (26042) Audits from IPv6 hosts are now correctly received and recorded
FIXED: (26298) Issues with input parameters for the Users API
FIXED: (26317) Optimized rollups
FIXED: (26318) Decreased time necessary to run upgrades
FIXED: (26342) Links from alarms heatmap were not working
FIXED: (26345) Tuning would too aggressively set roller memory
FIXED: (26350) Addressed upgrade issue related to DB locking
FIXED: (26358) Improved dashboard gadget behavior based on customer feedback
FIXED: (26360) Reparser: Fix understatement of NetFlow v9 flow volume in vitals report
FIXED: (26370) AWS instances would not upgrade if on Postgres 9.5
FIXED: (26371) Maps couldn’t be saved in dashboard gadgets
FIXED: (26372) Could not generate PDFs of reports in Japanese
FIXED: (26373) Fixed issue with Japanese characters in emailed reports
FIXED: (26395) Other Options > Search link not working
FIXED: (26399) Peaks in totals tables were 5 minute byte counts rather than 1 minute byte counts
FIXED: (26406) Forensic filters were not forcing change to forensic data
FIXED: (26431) Fixed filtering on AS number under Admin > Definitions > Autonomous Systems
FIXED: (26451) Fixed issue with making dashboards visible to a user group

* This is the last supported release for the CentOS 6 and MariaDB platforms

Version 18.6 - June 2018

ADDED: (9911) Test button for LDAP/RADIUS/TACACS setup
ADDED: (15154) Ability to acknowledge alarms with any combination of filters
ADDED: (16826) scrut_util command to disable ping for devices that have not responded
ADDED: (17589) Manufactured columns can be included in the report designer
ADDED: (18291) Full back button support
ADDED: (19981) Automatically detect which SNMP credentials to use for exporters
ADDED: (20068) Ability to manage interface details via API
ADDED: (21522) Ability to filter on a port range
ADDED: (21744) All interface reports now account for metering on each interface in the report
ADDED: (21770) Host -> AS -> Host reports for additional BGP reporting
ADDED: (22220) Major release upgrade to PostgreSQL 9.6 and 10
ADDED: (22773) scrut_util command to enable/disable ipv6
ADDED: (23267) User can be locked out after n failed login attempts
ADDED: (23478) Full foreign datastore support in collection and rollups
ADDED: (23924) Ability to exclude domain names from flow analytics
ADDED: (24134) Ability to edit URLs for custom gadgets
ADDED: (24164) Milliseconds now included with formatted timestamps where applicable
ADDED: (24297) Columnar store support for AWS Scrutinizers
ADDED: (24452) Ability to customize the login page
ADDED: (24600) Improved support for configuration of multiple LDAP servers and domains
ADDED: (24661) Ability to grant dashboards to other users / groups
ADDED: (24781) Default PostgreSQL datastore is columnar. Better disk space utilization and IO performance.
ADDED: (24948) Performance improvements for flow class lookups
ADDED: (25077) Support IPv4-mapped IPv6 addresses in subnet and ipgroup filters (PostgreSQL)
ADDED: (25216) Report IP Group with protocol and defined applications
ADDED: (25289) Support for Flowmon probe elements
ADDED: (25396) DrDoS detection for memcached and CLDAP attacks
ADDED: (26187) Ability to schedule operating system updates

FIXED: (12972) Flow metrics vitals times now align with ingestion time
FIXED: (22530) Ungrouped now visible by non-admin users
FIXED: (22588) Tidy up loose ends when deleting exporters. Deleted exporters will stay deleted.
FIXED: (22654) Stop showing disabled exporters in the exporters LED
FIXED: (24107) Some timezones were duplicated in the selector
FIXED: (24115) Latency reports per exporter
FIXED: (24659) Addressed issue reporting on multiple interfaces with different metering configured
FIXED: (24703) Issue with generating PDF with device group filters
FIXED: (24790) Restrict PaloAlto username collection to only internal IPs
FIXED: (24875) Donut/Pie Graph not available in Top -> Interfaces report
FIXED: (24893) Map interface utilization arrows always pointed in the same direction
FIXED: (24899) ‘cancel report’ button truly cancels backend reporting requests.
FIXED: (24993) Device menu in Google maps
FIXED: (25027) Cleaned up log noise from Cisco ISE data collection
FIXED: (25111) Scheduled reports font issue on AWS
FIXED: (25317) Remove memcached external exposure CVE-2017-9951
FIXED: (25323) FlowPro APM jitter report
FIXED: (25399) Audit report times now display as clients timezone
FIXED: (25419) Addressed CVE-2014-8109
FIXED: (25660) Issue with Queue Drops >> Queue Drops By Hierarchy

Version 17.11 - November 2017

ADDED: (24685) Support for Oracle cloud

FIXED: (24500) Vitals errors when a user with a long UID is created
FIXED: (24560) Save button for filters would go away if field was selected, but not changed
FIXED: (24586) Localhost Unlicensed after upgrade to 17.10
FIXED: (24616) Collector appears down after Daylight Savings Time change
FIXED: (24647) Potential short gap in rollups after collector restart

Please reference our End of Life Policy for details regarding the end of life schedule. For more information on Scrutinizer, please reference the online documentation or visit our website.