Open Collector 2023.12 Release Notes
December 2023 Release Details
The 2023.12 release of Open Collector requires Knowledge Base version 7.1.679.0 (or above).
Software Component | Version Number | New Version? |
|---|---|---|
Open Collector | 5.6.20 | Yes |
LRCTL Script | 6.0.1 | |
LRCTL Container | 6.5.15 | Yes |
LRJQ | 5.1.4 | |
Metrics | 6.0.5 | Yes |
OC Pipeline | 5.1.7 | |
OC-Admin | 6.0.13 | |
OC-DB | 6.0.2 | |
AWS S3 Beat | 6.2.2 | |
Azure Event Hubs Beat | 6.0.8 | |
Carbon Black Cloud Beat | 6.0.7 | |
Cisco AMP Beat | 6.1.6 | |
Darktrace Beat | 6.0.0 | |
Duo Authentication Security Beat | 6.0.5 | |
Generic Beat | 6.1.2 | |
Gmail Message Tracking Beat | 6.0.3 | |
GSuite Beat | 6.0.4 | |
Kafka Beat | 6.0.6 | |
Microsoft Graph API Beat | 6.0.5 | |
Okta Beat | 6.0.4 | |
Prisma Cloud Beat | 6.0.1 | |
Proofpoint Beat | 6.0.3 | |
PubSub Beat | 6.0.3 | |
Qualys FIM Beat | 6.0.5 | |
Salesforce Beat | 6.0.1 | Yes |
Sophos Central Beat | 6.0.3 | |
Symantec WSS Beat | 6.0.3 | |
Webhook Beat | 6.1.6 |
Improvements
Feature or Beat | Description | Relevant Documentation Updates |
|---|---|---|
Salesforce Beat | Added support to the configuration file for setting up the number of back days for which to collect logs. | https://docs.logrhythm.com/OCbeats/docs/initialize-the-salesforce-beat |
Resolved Issues
Bug ID | Found in Version | Release Notes |
|---|---|---|
ENG-36186 | 2023.06 | Event Hubs Beat “failed login” logs are now correctly classified. |
ENG-50690 | 2023.11 | Using a “fan out” modifier on a field in OC Admin and then extracting a timestamp on a a subfield no longer causes LRCTL to throw an error in certain situations. |
ENG-50688 | 2023.11 | Configuring the Amazon S3 Beat in OC Admin no longer causes the beat to fail in certain situations. |
ENG-49662 | 2023.10 | Configuring the Amazon S3 Beat in OC Admin and setting collection to be through AWS no longer causes collection to fail in certain situations. |
ENG-49073 | 2023.09 | The Regex snippet included in the Configure Beats for JSON Parsing documentation has been updated to address an issue with date parsing. |
Known Issues
Defect ID | Components | Release Notes |
|---|---|---|
ENG-23908 | Beats: Generic Beat | Issue: Configuring the Generic Beat to collect SailPoint logs is causing “unknown certificate authority” errors. Expected Results: Beat setup should be successful with no errors. Workaround: There is currently no workaround for this issue. |
ENG-24578 | Beats: GMail Message Tracking Beat | Issue: Configuring the GMail Message Tracking Beat results in “panic” errors. Expected Results: Beat setup should be successful with no errors. Workaround: There is currently no workaround for this issue. |
ENG-37054 | Beats: MSGraph API Beat | Issue: MSGraph API Beat collects sign-in logs in bursts of 100k and then stops collecting. Expected Results: Logs should collect as they are generated. Workaround: There is currently no workaround for this issue. |
ENG-39921 | Beats: MSGraph API Beat | Issue: MS Graph API Beat initially collects Azure AD logs, but then immediately stops and no further logs are collected. Expected Results: The MS Graph API Beat should continue to collect Azure AD logs as expected. Workaround: There is currently no workaround for this issue. |
ENG-41561 | Beats: Azure Event Hubs Beat | Issue: The Azure Event Hubs Beat is not collecting Sentinel One logs when configured using the JSON parsing method. Expected Results: Sentinel One logs should be collected. Workaround: There is currently no workaround for this issue. |