Announcing Illuminate v1.5
Today we are excited to announce Graylog Illuminate v1.5.
This release includes Elasticsearch 7 template support, enhancements to Office 365 applications (e.g., Teams, OneDrive, DLP, Sharepoint, etc.), and additional content for Okta and Windows, all designed to add more flexibility and efficiency to authentication, networking, and application activities and best practices.
ADDITIONS AND IMPROVEMENTS
- NEW script to set the proper lookup directory and file permissions during the installation (#94)
- Improved category and priority enrichments in Illuminate Core (#11, #83)
- The Illuminate Elasticsearch template application script and associated templates now support ES versions 6 and 7 (#23)
- Expanded use of associated_* fields in Illuminate ES template (#14, #112)
- Expanded date/time formats recognized in Illuminate ES templates (#105)
- Added script to set the proper lookup directory and file permissions during the installation (#94)
- Added normalization of Windows Security Event ID 4688/4689, added process widget to account drill down dashboard (#113)
- Added Windows built-in groups to Windows static accounts lookup (#42)
We have removed Window copy rules from the Illuminate Window’s Spotlight and merged the Windows normalization into the Windows content pack.
Illuminate v1.5 comes with multiple refinements to O365 dashboards, including widgets highlighting DLP messages. Also, we have improved O365 message normalization by applying Graylog Illuminate categories, and we’ve made
enhancements to Office 365 applications (e.g., Teams, OneDrive, DLP, Sharepoint, etc.).
- Improved Okta message normalization by applying Graylog Illuminate categories
- The Illuminate template application script now detects the ES version in use (#23)
- The Illuminate template application script now has better detection and handling of errors when applying the templates (#23)
- The lookup cache configurations will now expire cached entries after a defined time period (#104)
- Improved deleted accounts reporting in Windows IAM dashboards (#132)