Open Collector 2023.10 Release Notes
October 2023 Release Details
The 2023.10 release of Open Collector requires Knowledge Base version 7.1.675.0 (or above).
The 2023.09 release of Open Collector was skipped due to the proximity of the October 7.14 release of LogRhythm SIEM.
Software Component | Version Number | New Version? |
|---|---|---|
Open Collector | 5.6.18 | |
LRCTL Script | 6.0.1 | |
LRCTL Container | 6.5.14 | Yes |
LRJQ | 5.1.4 | |
Metrics | 6.0.4 | |
OC Pipeline | 5.1.7 | |
OC-Admin | 6.0.13 | Yes |
OC-DB | 6.0.2 | |
AWS S3 Beat | 6.2.2 | |
Azure Event Hubs Beat | 6.0.8 | |
Carbon Black Cloud Beat | 6.0.7 | |
Cisco AMP Beat | 6.1.6 | |
Darktrace Beat | 6.0.0 | |
Duo Authentication Security Beat | 6.0.5 | |
Generic Beat | 6.1.2 | |
Gmail Message Tracking Beat | 6.0.3 | |
GSuite Beat | 6.0.4 | |
Kafka Beat | 6.0.6 | |
Microsoft Graph API Beat | 6.0.5 | |
Okta Beat | 6.0.4 | |
Prisma Cloud Beat | 6.0.1 | |
Proofpoint Beat | 6.0.3 | |
PubSub Beat | 6.0.3 | |
Qualys FIM Beat | 6.0.5 | |
Salesforce Beat | 6.0.0 | |
Sophos Central Beat | 6.0.3 | |
Symantec WSS Beat | 6.0.3 | |
Webhook Beat | 6.1.6 |
New Features
Feature or Beat | Description | Relevant Documentation Updates |
|---|---|---|
SIEM Integration | LogRhythm SIEM version 7.14, which coincides with Open Collector version 2023.10, introduces the Open Collector integration with the SIEM, allowing for management of Beats from within the Web Console. A feature called Long-Running LRCTL must be initiated in order to open the connection between the Open Collector and the SIEM. At the release of 2023.10, the following Beats are available to configure in the Web Console:
| Initialize Long-Running LRCTL: Configure Open Collector Connection to the SIEM Manage Beats from the Web Console: |
Improvements
Feature or Beat | Description | Relevant Documentation Updates |
|---|---|---|
JSON Parsing for Beats | The MS Graph API Beat and the Salesforce Beat are now compatible with the JSON parsing feature. |
Known Issues
Defect ID | Components | Release Notes |
|---|---|---|
DE15285 | Beats: G Suite | Issue: The GSuite Beat OAuth URL fails when the browser attempts to resolve to localhost. Expected Results: The OAuth URL should be formatted correctly and grants access. Workaround: When the localhost timeout page is reached, the Auth Code can be pulled from the URL. The code is in between "token&=" and "&scope". Copy the data in between those entries in the URL and paste it at the Auth Code prompt, at which point collection will commence. |
ENG-39921 | Beats: MSGraph API Beat | Issue: MS Graph API Beat initially collects Azure AD logs, but then immediately stops and no further logs are collected. Expected Results: The MS Graph API Beat should continue to collect Azure AD logs as expected. Workaround: There is currently no workaround for this issue. |