Cyber Defense with MITRE Framework | Graylog + SOC Prime | On-Demand Webinar >>

Try Graylog
See Demo

The Graylog blog

Announcing Graylog v3.3.3

Today we are officially releasing Graylog v3.3.3.

This release includes an important LDAP fix along with a new Office 365 input and an output framework that both introduce greater efficiencies to your daily log management efforts and strengthen your audit and compliance capabilities.

Please read on for detailed descriptions of each feature.

DOWNLOAD LINKS

Please report bugs and any other issues in our GitHub issue tracker. Thank you!

UPDATE: FIXING CERTIFICATE VALIDATION FOR LDAP SERVERS USED FOR AUTHENTICATION

In Graylog v3.3.3, certificates of LDAP servers connected using a secure connection (SSL or TLS) are validated against the local default keystore. Prior to v3.3.3, Graylog did not validate the certificates of LDAP servers this way even if the “Allow self-signed certificates” option was unchecked. Depending on your local LDAP settings and the validity of the certificates used (if any), this update may introduce a breaking change that will interfere with the functionality of Graylog. To avoid this, please ensure that all certificates used are valid, their common name matches the host part of your configured LDAP server and your local keystore contains all CA/intermediate certs required for validation.

NEW: INPUT FOR OFFICE 365 (ENTERPRISE)

In Graylog 3.3.3, we have added a new input for Office 365 Log Events. You simply enter your unique Input Name, Client ID, Tenant ID, Client Secret into your Office 365 input Wizard to allow for pooling of all of your Office 365 audit data (Azure Active Directory, Sharepoint, Exchange, General, DLP).

The Office 365 Input eliminates the need for third-party integration. This input provides visibility not available from other centralized log management vendors for a more detailed view into employee activities in the cloud.

NEW: ENTERPRISE OUTPUT FRAMEWORK

While Graylog makes it easy to collect all of your log data, sometimes you want to forward some of that data to other places. The Enterprise Output Framework adds a unique flexibility to Graylog that makes this fast and easy.

The new Enterprise Outputs introduced in Graylog v3.3.3 include a second on-disk journal to ensure reliable processing and delivery of your outbound data. Graylog lets you select the right protocol (raw/plaintext TCP, TCP Syslog, or STDOUT) and apply pipeline rules to process the data before sending it out. For example, if you want to only send security messages, you can apply a pipeline that will send these log messages only and drop the rest. Pipeline rules can also be used to format the messages based on the destination requirements. The Enterprise Output Framework also allows for integration to third party tools such as SOAR, User Analytics, or other logging solutions.

NOTE: As of v3.3.3, Enterprise Outputs require a processing pipeline to be selected upon creation. Pipeline selection is intended to be optional. If you do not want to apply pipeline rules to your output data, you can simply create an empty pipeline to use.

GRAYLOG ENTERPRISE 3.3.3

ADDED

  • Add office365 input plugin
  • Add reliable output framework and TCP and TCP Syslog outputs

GRAYLOG 3.3.3

ADDED

SECURITY

  • Noted above. [BREAKING]: Enable hostname validation for SSL/TLS-backed LDAP connections. Graylog2/graylog2-server#8625 In Graylog v3.3.3, certificates of LDAP servers connected using a secure connection (SSL or TLS) are validated against the local default keystore. Prior to v3.3.3, Graylog did not validate the certificates of LDAP servers this way even if the “Allow self-signed certificates” option was unchecked. Depending on your local LDAP settings and the validity of the certificates used (if any), this update may introduce a breaking change that will interfere with the functionality of Graylog. To avoid this, please ensure that all certificates used are valid, their common name matches the host part of your configured LDAP server and your local keystore contains all CA/intermediate certs required for validation.
    See also: CVE-2020-15813

CHANGED

Fixed

CHANGELOGS

https://docs.graylog.org/en/3.3/pages/changelog.html

https://docs.graylog.org/en/3.3/pages/enterprise/changelog.html

Let us know what you’d like to have included in our GitHub issue tracker.

The Graylog Product Team

The Graylog Product Team

View More Posts By The Graylog Product Team

Get the Monthly Tech Blog Roundup

Subscribe to the latest in log management, security, and all things Graylog Blog delivered to your inbox once a month.

Read Now

Products

Graylog Security
Graylog Operations
Graylog Open
Graylog Cloud
Graylog API Security
Graylog Small Business
Pricing

Features

Alerting
Anomaly Detection ML / UEBA
Archiving
Audit Logs
Content Packs
Correlation Engine
Dashboards
Forwarder
GELF
Incident Investigations
Illuminate
Log View
Multi-threaded Search
Reporting
Rest API
Search Parameters
Search Workflows
Sidecar
Teams Management

LEARN

Resource Hub
Blog
Videos
Webinars
Events
Community

SUPPORT

Customer Support
Documentation
Graylog Academy
Open Community

Company

About
Leadership
Partners
Careers
News & Awards
Contact

[email protected]

Follow Us:

Facebook-f Linkedin Github Youtube Reddit-alien

GRAYLOG HEADQUARTERS

1301 Fannin St, Ste. 2000
Houston, TX 77002

GRAYLOG COLORADO

1919 14th Street, Suite 700, Office 18
Boulder, CO 80302

GRAYLOG LONDON

35 New Broad Street
London, EC2M 1NH
United Kingdom

GRAYLOG GERMANY GMBH

Poolstraße 21
20355 Hamburg, Germany

© 2024 Graylog, Inc. All rights reserved

Privacy Policy | Legal | Sitemap