Today we are excited to announce Graylog Illuminate v1.7.0 This release includes Auditbeat Processing with Linux and custom routing, adding more flexibility to your Graylog Enterprise deployment through pre-built content.
NEW Linux Auditbeat Spotlight
Graylog Illuminate v1.7.0 includes a new spotlight for Linux Auditbeat that provides parsing and enrichment for your Linux systems data.
UPDATED Illuminate Custom Routing
The update to Illuminate custom routing lets you override the built-in stream routing and create your own custom stream routing logic. For example, this comes in handy if you need to design your own routing logic but still want to maintain the Illuminate processing (e.g., enrichment, GeoIP, and normalization, etc.) and use the Illuminate pre-built dashboards.
OTHER NOTES
- Updated lookup file directory structure (#160)
BUG FIXES
- Defined separate categories for name resolution (DNS) events (#210)
- Windows Security: Event 4648 extracts the process path to process_name instead of process_path (#208)
- Core: Fixed name resolution pipeline logic (#206)
- Core: updated device drill-down alert widget searches to use consistent search (#202
Other Enhancements
- Windows Security: Added parsing of Logon GUID from some events (#161)
- Added analyzed field “query_request_analyzed”, copied automatically from “query_request” (#207)
KNOWN ISSUES
- NXLog 2.11 compatibility has not yet been tested
