Open Collector 2025.04 Release Notes

Open Collector

5.6.20

LRCTL Script

6.0.1

LRCTL Container

6.5.19

Yes

LRJQ

5.1.4

Metrics

6.0.7

OC Pipeline

5.1.7

OC-Admin

6.0.15

OC-DB

6.0.2

AWS S3 Beat

6.2.2

Azure Event Hubs Beat

6.0.10

Carbon Black Cloud Beat

6.0.8

Cisco AMP Beat

6.1.6

Darktrace Beat

6.0.0

Duo Authentication Security Beat

6.0.5

Exabeam Case Beat

6.0.0

Generic Beat

6.2.0

Gmail Message Tracking Beat

6.0.5

GSuite Beat

6.0.5

Yes

Kafka Beat

6.0.7

Microsoft Graph API Beat

6.0.9

Yes

Okta Beat

6.0.5

Prisma Cloud Beat

6.0.2

Proofpoint Beat

6.0.3

PubSub Beat

6.0.3

Qualys FIM Beat

6.0.5

Salesforce Beat

6.0.2

SentinelOne Beat

6.0.1

Yes

Sophos Central Beat

6.0.3

Symantec WSS Beat

6.0.3

Webhook Beat

6.1.7

SentinelOne Beat

A new beat has been added for the SentinelOne Beat, allowing collection of logs from SentinelOne.

SentinelOne Beat

Migration from GCR to JFrog Artifactory

LogRhythm SIEM’s Beat delivery was previously managed by Google’s Container Registry (GCR). Due to GCR reaching End of Life, LogRhythm SIEM beats are now hosted by JFrog. 

The URL will change in the Open Collector version file hosted on GitHub. Upon restarting a beat or the LRCTL service, the image will be pulled from the new JFrog repository.

Information on new IP addresses and ports that need to be opened through firewalld are included at:

Open Collector Networking and Communication

Microsoft Graph API Beat

The Microsoft Graph API Beat now supports collecting Security Alerts v2 logs.

Initialize the Microsoft Graph API Beat

GSuite Beat

The GSuite Beat configuration file has received a new field for “delayedTimeMin,” which can assist with data loss issues when collecting GSuite logs.

Troubleshoot the GSuite Beat

ENG-63317

An issue with the long-running ctl (lrctl_svc) causing port exhaustion in certain situations due to an extensive amount of unnecessary connections being made to the Platform Manager has been resolved.