Open Collector 2023.04 Release Notes
April 2023 Release Details
The 2023.04 release of Open Collector requires Knowledge Base version 7.1.662.0 (or above).
Software Component | Version Number | New Version? |
|---|---|---|
Open Collector | 5.6.15 | Yes |
LRCTL Script | 6.0.1 | |
LRCTL Container | 6.5.9 | Yes |
LRJQ | 5.1.4 | |
Metrics | 6.0.4 | |
OC Pipeline | 5.1.7 | |
| OC-Admin | 6.0.9 | Yes |
| OC-DB | 6.0.2 | |
AWS S3 Beat | 6.2.1 | |
Azure Event Hubs Beat | 6.0.8 | |
Carbon Black Cloud Beat | 6.0.7 | |
Cisco AMP Beat | 6.1.6 | Yes |
Duo Authentication Security Beat | 6.0.5 | |
Generic Beat | 6.1.2 | |
Gmail Message Tracking Beat | 6.0.3 | |
GSuite Beat | 6.0.4 | |
Kafka Beat | 6.0.6 | |
| Microsoft Graph API Beat | 6.0.5 | Yes |
Okta Beat | 6.0.4 | |
| Prisma Cloud Beat | 6.0.1 | Yes |
Proofpoint Beat | 6.0.3 | |
PubSub Beat | 6.0.3 | |
Qualys FIM Beat | 6.0.5 | |
Sophos Central Beat | 6.0.3 | |
| Symantec WSS Beat | 6.0.3 | |
Webhook Beat | 6.1.6 | Yes |
New Features
Feature or Beat | Description | Relevant Documentation Updates |
|---|---|---|
| Open Collector Configuration | The Open Collector now allows for easy configuration from behind a proxy. | Configure Open Collector Via Proxy |
| Open Collector Installation | The Open Collector can now be deployed on two different versions of Oracle Linux - versions 8.7 and 9.1. |
Improvements
Feature or Beat | Description | Relevant Documentation Updates |
|---|---|---|
| Prisma Cloud Beat | The Prisma Cloud Beat documentation now includes steps to configure the log source for the SIEM. | Configure the Prisma Cloud Log Source in SIEM |
| OC Admin | OC Admin support added for several beats, including:
| OC Admin |
Resolved Issues
Bug ID | Found in Version | Release Notes |
|---|---|---|
ENG-10769 (DE16187) | 2022.08 | The Open Collector now collects more accurate event logs for Cisco AMP Beat. |
| ENG-23895 | 2023.01 | The Azure Event Hubs Beat no longer runs on a significant delay when ingesting Azure Defender ATP logs. |
| ENG-24580 | 2023.01 | Login to the Azure Event Hubs Beat is no longer parsed twice in certain situations. |
| ENG-26776 | 2022.02 | The MS Graph API Beat no longer produces errors despite being functional in certain situations. |
| ENG-27981 | 2023.03 | An issue with the offline installer failing to correctly install the Open Collector has been resolved. |
Resolved Issues - Security
Security-related issues resolved with this release are available for customers to view on the Community.
Known Issues
Defect ID | Components | Release Notes |
|---|---|---|
| DE15285 | Beats: G Suite | Issue: The GSuite Beat OAuth URL fails when the browser attempts to resolve to localhost. Expected Results: The OAuth URL should be formatted correctly and grants access. Workaround: When the localhost timeout page is reached, the Auth Code can be pulled from the URL. The code is in between "token&=" and "&scope". Copy the data in between those entries in the URL and paste it at the Auth Code prompt, at which point collection will commence. |