|
Build 23.0.0.486 |
Fixed agent crash. |
2024-07-22 |
- A race condition in the agent was discovered that causes the agent service to crash. This bug is rare but can occur when the network connection to the server is broken.
|
|
Build 23.0.0.485 |
Fixed several bugs. |
2024-06-18 |
- Previously when using the new command and control option in the Agent Server, if the connection was lost mid-log monitor template execution log monitor state was lost. Consolidation would pick up where it left of by way of a database call, however log monitors don’t save entries to the database so the last know location was unknown causing either replay or lost messages depending on the configuration. This bug has been fixed.
- Previously the SNMP Trap Monitor Icon was not showing the running state icon. This bug has been fixed.
- Previously a connection state bug caused some Agent Devices to get kicked when connecting. This bug has been fixed.
|
|
Build 23.0.0.479 |
Fixed another SQLite database is locked bug. |
2024-05-30 |
- Previously the Syslog Server was using a Nagle algorithm to reduce database writes. When sleeping between writes, the TPL was utilized which had the dubious effect of potentially switching threads then potentially throwing a database is locked error, although we are unable to reproduce the scenario. According to the Sqlite documentation, the thread that opened the connection must also be the thread that is writing. The Nagle algorithm has been updated to utilize a real thread that has a hard sleep which blocks the current thread but maintains the same thread is executing during subsequent database writes.
|
|
Build 23.0.0.478 |
Optimized agent-based event log monitoring and consolidation. |
2024-05-23 |
- Previously when consolidating and monitoring event log entries via the agent, entries were being sorted descending rather than ascending. The result was duplicate entries being pulled between scans, however, the entries were not duplicated. This bug has been fixed.
- A recent build caused polling EVTX backups configured to clear when the size exceeds a threshold to clear and backup every minute. This bug has been fixed.
|
|
Build 23.0.0.476 |
Fixed a range schedule bug. |
2024-05-21 |
- Previously when using range schedules, such as every 1 hour and every 10 minutes, and an exclusion period applied, the execution schedules were re-scheduled after coming out of an exclusion period causing all assigned hosts to execute at the same time. This bug has been fixed.
- Previously when viewing a Summary Report with charts and set to vertical display, the chart was displayed in the vertical format as well as the horizontal format. This bug has been fixed.
|
|
Build 23.0.0.475 |
Fixed a critical real-time log monitor bug introduced. |
2024-05-20 |
- Previously the agent-based polling Event Log Monitor was not properly pull from the previous item downloaded. While fixing the bug the real-time monitors were busted. This bug has been fixed.
|
|
Build 23.0.0.474 |
Fixed several scroll bar bugs. |
2024-05-17 |
- Previously the Event Log Backup Template Properties View did not include a scrollbar. A scrollbar has been added.
- Previously all of the Log Monitor Template Properties View utilized a scrollbar on the entire view. This format make it difficult to quickly use the controls above the Rules List when many rules were applied. The scrollbar has been moved to the Rules List.
- A new Version Support Policy topic has been added to the in-application help.
|
|
Build 23.0.0.473 |
Fixed a critical Agent poll-based Event Log Monitor bug. |
2024-05-16 |
- The Linux Agent now includes support for the following Templates: Directory Cleaner, Directory Size, File Activity, File Integrity SQL Server Task and TCP Port Scan.
- The installers have been updated to .Net 7.0.19.
- Previously when running a seconds-based schedule on a keep-alive agent and the command and control option set, the server was erroneously notifying the agent to start the monitor causing an already running error message to appear in the server log file. This bug has been fixed.
- Previously when killing an agent connection, the agent was not shutting down all running tasks in a timely fashion. This bug has been fixed.
- Previously when poll monitoring Agent-based systems, for example once a minute, the monitor was not properly pulling the previous downloaded entries causing the monitor to default to the previous minute often causing entries such as reboot events to get missed. This bug has been fixed.
- Several of the sample one-off Reports such as, Object Access, Account Management, Security Group Management and New Accounts were not creating their generic counter parts. Both versions of the Reports are not created.
|
|
Build 23.0.0.464 |
Added new tab views to the Host Properties View |
2024-05-12 |
- Previously read-only users were not able to flag consolidated log entries. This bug has been fixed.
- Three new tab views have been added to the Host Properties View, CPU, Memory and Processes.
- The Linux Agent now supports CPU and Memory Monitor Templates.
- The NIST/JSIG sample AU-2 1.2 Logon Sessions (Inactive Local and Domain Accounts) Report has been broken out into two separate Reports, one for local accounts and the other for domain accounts.
- A new variable called STATUS_MESSAGE has been added that displays the status message found within any of the Executable Status Views.
- The Host Properties view now includes a Report Exclusions drop-down found on the Exclusions Tab.
|
|
Build 23.0.0.456 |
Fixed sample Reboot report. |
2024-05-09 |
- Event IDs have always been stored in their native ulong format, however, the values are always displayed in their lower DWORD format. Since adding the ability to drive the SQL queries with where clauses, Event IDs that had bits set in the upper DWORD of the ulong, such as some System Events, were not properly queried, causing the events to be missed. This was the case for the Sample System Reboot and Shutdown Report. Since the upper DWORD value has never been used, the lower DWORD values are now saved, enabling the where clauses to properly return the log entries.
- From the root Hosts node, the Report and Template Groups found under Host nodes now include Unassign All right click menu items.
- A recent bug caused some of the x-axis time range formatting to incorrectly display. This bug has been fixed.
|
|
Build 23.0.0.455 |
Fixed several new bugs that were created while refactoring. |
2024-05-08 |
- The last build caused Event Log File Backup Reports to skip past assigned EVTX files. This bug has been fixed.
- A recent update caused the Report History View to no longer display output in real-time.
- A recent update caused incorrect email subjects. This bug has been fixed.
|
|
Build 23.0.0.452 |
Added several minor UI updates. |
2024-05-06 |
- The Agent Properties Tab view found within the Host Properties View now includes an Agent Server Properties buttons.
- Previously when changing the paging size via the bottom Log Paging Control, the top Log Paging Control did not sync with the new value. This bug has been fixed.
- The sample Event Log Consolidation Template now applies a new System Event Log Consolidation Filter to exclude Event ID 10016 which can fill the log with irrelevant Events.
|
|
Build 23.0.0.447 |
Fixed several Agent update bugs. |
2024-05-05 |
- A recent update to allow agents running an older version to remain connected caused an update bug. This bug has been fixed.
- Previously when under heavy load the possibility existed for an Agent to re-connect prior to the Server cleaning up the old connection causing a race condition on the connected state. The duplicate connection is now automatically dropped.
- Previously when updating a large number of Agents, for example 1000, and the upload process bottlenecked pushing the installers, the effected Agents neglected to close the file stream causing the next download to write on top of the previously partially downloaded installer created a corrupt installer file. This bug has been fixed.
- Previously when a disabled agent connected to the server a stacktrace was logged. Since this is normal behavior the stacktrace is not necessary and has been removed.
- Per a customer request the Microsoft Teams Actions support more variable tags.
- Previously when a Template was configured run once a minute or longer then retry with seconds-based schedule, the switch to the seconds schedule was delayed by up to one minute. This bug has been fixed.
- The non-agent-based implementation now supports auto-archiving no longer requiring users on stand-alone air gapped machines to install the agent.
- The Event Log Backup monitor has been updated to only auto-archive when the template is also configured to clear the log.
- The Dashboard’s Host Inventory Tab now support kicking connected agents via the right click popup menu.
|
|
Build 23.0.0.432 |
|
2024-04-30 |
- Previously when applying a blacklist IP to the Syslog, SNMP, or Agent Server, the algorithm did not properly allow IPs through. This bug has been fixed.
- Previously when an agent connected and the maximum number of agent connections was exceeded or the host is disabled, the log file showed an exception with a stacktrace. These scenarios are expected behavior and a stacktrace not necessary. The messages have been down-graded to critical messages with no stacktrace.
- Previously the UDP stats found on the dashboard showed the TCP bind address when it should have been showing the UDP bind address. This bug has been fixed.
- Previously the Security Group Management Report was not applying the user filters. This bug has been fixed.
- Previously in a multi-domain environment, the User Filters Properties View was not populating the list of inclusion and exclusion users and groups from the selected domain. This bug has been fixed.
- The Host tree node’s Reports child tree node now includes a Batch Report Properties menu item.
- An option to display time using the 24-hour clock format has been added to the Miscellaneous Settings View.
- Previously when attempting to add ‘anonymous’ to the User and Group Filters drop-downs, ‘anonymous logon’ was always added. This bug would occur with any text that was a sub-set of another item. This bug has been fixed.
|
|
Build 23.0.0.431 |
IP Geo Location support has been added to Event Log, Syslog and Text Log Monitors. |
2024-04-28 |
- A new IP Geo Location Service has been added enabling users to add an IP Geo Location column to Event Log, Syslog and Text Log Monitors that include a regular expression defined IP column.
- Previously when using the new command and control agent server option, the real-time Event Log Monitors were not executed. This bug has been fixed.
|
|
Build 23.0.0.426 |
Updated CSV Monitors. |
2024-04-23 |
- Added delimiter selection to all CSV file monitors.
- Previously when deleting a previously consolidated CSV file, the state was not cleared requiring users to manually click on the Reset State option before all the entries would be re-downloaded.
- The Windows Agent now supports connecting to multiple servers.
- A new Template has been added that enables users to consolidate and monitor database logs, for example, SharePoint logs.
- Previously the Monitor Hierarchy was not firing when a child monitor triggered and the parent group option to suppress was set to any or off. The Monitor Hierarchy has also been updated to include Warning and Critical Triggers along-side Error Triggers.
- Previously when deleting a log consolidation template, the backend state file was not deleted nor was the log retention policy attached to the template removed from assigned hosts. These bugs have been fixed.
- Previously when using either the IPv4 or IPv6 variables within an email alert, the variable was replaced with the alias rather than the IP address. This bug has been fixed.
- The Management Console no longer shows the Service Menu Item when non-Windows Administrators log into the software.
|
|
Build 23.0.0.418 |
Updated the Linux Agent readme and updated several Security Event Log Reports. |
2024-04-02 |
- The Linux Agent Readme.txt has been updated to include the same instructions that have been added to the in-application help.
- Previously the newly added Simple Filter Criteria Copy Function only worked when pressing Ctrl+C Ctrl+V. The right click menu item are now supported.
- The Account Management, Security Group Management, New Accounts, and Object Access Reports have all been updated to include the message in the report. This enables users to view the full text entry when viewed in the Management Console.
- The Account Management, Security Group Management, New Accounts, and Object Access Reports have all been updated to support right clicking on an entry then selecting Filter Selected Entries. The backend has been updated to support the one-off report filters.
- Previously triggered Templates that utilized an error rate schedule were not automatically clearing their triggered state. The result was re-sends were not fired. This bug has been fixed.
|
|
Build 23.0.0.416 |
Fixed a TLS 1.2 configuration issue on Linux Server installations. |
2024-03-30 |
- Previously the Performance Counter Template did not support making calls to counters that did not have an instance available. This bug has been fixed.
- Previously when managing a remote host that had the Agent installed and was configured to keep its connection alive, the Performance Counter Template Properties View did not query the remote machine for available categories, instances, counters and current value through the Agent. This feature has now been implemented.
- Users can now import a list of hostnames or IP addresses via the menu bar’s File | Import | Import Hosts menu item.
- Previously when the Corner Bowl Server Manager Server was installed on Linux, the Server was unable to load SSL Certificates for TLS 1.2 support. This bug has been fixed.
- All of the Directory Monitor Templates have been updated to include a new optional Date Modified file selection filter.
- Previously the File Consolidation Template specified the {LOG} variable in the output path however that variable is not supported. The default output path has been updated to replace the {LOG} variable with {PATH}. The result is a single directory with an escaped name of the full source path. A new variable has also been added with the value of {DIRECTORY_NAME}. When specified this variable is replaced with the name of the directory being monitored without the full source path.
- Per a customer request, Email Actions can now override the primary email server’s from settings, enabling emails to be sent from different email accounts.
|
|
Build 23.0.0.412 |
Added copy and paste support to Simple Filter Criteria. |
2024-03-27 |
- The Simple Filter Properties View now supports Copying Filter Criteria then Pasting it to another Simple Filter. While adding this functionality it was noticed that the Simple Filter Criteria Viewer was not resizing the Criteria when the application was resized. This bug has been fixed.
|
|
Build 23.0.0.411 |
Added PowerShell timeouts. |
2024-03-25 |
- Previously PowerShell Templates and Actions had a hardcoded 10-minute timeout. Both components have been updated to include a timeout variable.
- Previously triggered Templates under the root Explorer View’s Hosts node did not always show the triggered message. This bug has been fixed.
- Fixed several agent-based file system browsing bugs.
- Previously when using Remote WMI to monitor Event Logs, and the state was reset, the reset line item remained in the Monitor Status View. This bug has been fixed.
- Previously when using Remote WMI to monitor multiple Event Logs, and one of the log monitors triggered, the line item for the other logs were removed from the Monitor Status View. This bug has been fixed.
- Previously when creating a File Consolidation Template, the output directory was not initialized to a valid value. The output directory is not initialized to the default Event Log File Backup Directory.
- The Dashboard’s Host inventory View now updates each host’s agent connect state icon.
|
|
Build 23.0.0.406 |
Added Microsoft Graph Email support for the US Government cloud. |
2024-03-18 |
- Previously after viewing the Log Viewer Settings then closing the view, users were always prompted to save changes even when no changes were made. This bug has been fixed.
- Previously the Red Hat Audit Log Consolidation Template specified a column with the key ‘HOST’ which was a violation of the base model causing the displayed value to always show as the host that the log was generated from rather than the remote host that caused the audit log entry to be written. The Template’s key has been changed to TARGET_HOST.
- Previously Red Hat Audit Log “LOGIN” events displayed with a gray informational icon. The icon has been updated to convert the success value of “1” to the Success Audit icon.
- The Microsoft Graph email has been updated to support the US Government cloud for both Level 4 and Level 5 access.
- The automated Linux Agent installation has been updated to specify the SSH/SFTP password when prompted after executing the sudo -s command.
|
|
Build 23.0.0.405 |
Added new Microsoft Azure Graph Email Endpoint options. |
2024-03-17 |
- Previously when attempting to connect email through the Azure US Government Graph endpoint, the following error was thrown: Error Details: AADSTS900382: Confidential Client is not supported in Cross Cloud request. The Graph Email Properties View has been updated to include three different Azure endpoints: Public, German, and US Government.
- Previously when navigating between different Document Views, Log Reports did not properly re-draw the column sort arrows. This bug has been fixed.
- The Load Columns function, found in several Log Report and Template Properties Views, have been updated to apply the TARGET_ACCOUNT_NAME and ACCOUNT_NAME column definitions when only the Windows Security Event Log has been selected.
- 4 new Red Hat Filters and Reports have been added.
- Added an enabled option to Simple Filter Criteria so users can better debug large filters. The Simple Filter Properties View has also been updated to save the view state, so users can change the default view depending on their preference.
|
|
Build 23.0.0.404 |
Added default Environment Variables and updated several Templates and Reports. |
2024-03-14 |
- A critical agent-based real-time event log monitor bug has been fixed.
- Previously when running reports with the select discount count option, the distinct grouping was executed on a per machine per log basis rather than per each grouped column. The function has been updated to apply the distinct rules to the entire result set or if grouped by specific columns, each group of result sets. Large reports will consume more memory.
- Reports now include the ability to group by a time span such as every 10 minutes or daily.
- Previously when using an Append to CSV Action for Event Log Monitors, the entries were not saved to the file. This bug has been fixed.
- 2 new default Environment Variables have been added, ACCOUNT_NAME and TARGET_ACCOUNT_NAME. Several Templates and Reports have been updated to utilize these variables.
- The default Security Event Log Consolidation Filter has been updated to exclude 4798 from being saved to the database.
|
|
Build 23.0.0.403 |
Updated the Linux Agent and fixed several Process Monitor bugs. |
2024-03-11 |
- The Linux Agent now includes support to automatically update when the Corner Bowl Server Manager Service is running a later version.
- Several Process Monitor bugs have been fixed.
- The new AI Reports have been updated to include a minimum count filter.
|
|
Build 23.0.0.399 |
Minimized the “database is locked” error. |
2024-03-04 |
- Previously SQLite often threw a database is locked error when under load. Upon extensive testing, it appears the SQLite library does not support concurrent transactions, a common practice in all database base management systems. A Semaphore has been added around the Begin Transaction call which appears to significantly minimize or even eliminate the SQLite library bug.
|
|
Build 23.0.0.394 |
Fixed several UI bugs. |
2024-03-02 |
- Previously when manually scanning directory’s size via the Agent, re-parse points were erroneously scanned. This bug has been fixed.
- Preivously when selecting directories or files to monitor, the Management Console leaked memory. These leaks have been resolved.
|
|
Build 23.0.0.392 |
Added rea-time Text Log viewing via the Agent |
2024-03-01 |
- The CLI has been updated to include an Import Corner Bowl Object function.
- The Memory Monitor Template has been modified to include the maximum memory load and time of occurrence.
- The Windows Host Inventory has been updated to include the last boot up time.
- Text logs can now be real-time tailed via the Windows and Linux Agents.
- Added two new machine learning algorithms to the new AI Reports.
|
|
Build 23.0.0.384 |
Updated the Windows Accounts Sample Templates |
2024-02-19 |
- Made several updates to the new Windows Accounts Sample Templates and added corresponding documentation for these Templates.
|
|
Build 23.0.0.381 |
Added AI reporting engine and new sample domain account templates. |
2024-02-12 |
- We are excited to announce the addition of AI generated reports. The new AI reports are implemented using Microsoft’s ML.NET machine learning framework.
- Several new sample domain account templates have been added.
|
|
Build 23.0.0.372 |
Fixed several Agent-base Event Log File backup bugs. |
2024-02-06 |
- Previously when using the Agent to backup Event Log Files, if the destination path was a UNC path that was not accessible either because the location was invalid or there was a permissions issue, the backed-up file was deleted then the error only written to the server.log file and the CBSAudit Event Log. The backend now saves the backed-up file to the default EvtxBackups directory and the error is now also written to the history database.
- Previously when using the Agent to backup Microsoft Application Logs that contained a forward slash within the log name, the backup failed to save the file. This bug has been fixed.
- Previously the default EvtxBackups directory was EvtBackups however the sample templates used EvtxBackups. The default value has been updated to EvtxBackups.
- Previously when updating an Event Log File Backup Template is multiple logs were selected with different output directories, the Properties View was updating the value to the default then prompting users to save when closed. This bug has been fixed.
- Previously when viewing Summary Reports and ad-hoc Template Summary Reports, the trigger message was not displayed in the message preview. This bug has been fixed.
|
|
Build 23.0.0.367 |
Added new PowerShell account sample Templates |
2024-02-05 |
- Two new sample Templates have been added called, Local Active Accounts (90 Days) and Local Enabled Accounts.
- A recent bug was introduced that caused the File Integrity Monitor to improperly display within the detail view. This bug has been fixed.
- A new column has been added to Dashboard’s Host Inventory View to displays the current state of the Agent when the view is refreshed. This value is not currently subscribed to and required a refresh to get the current value.
|
|
Build 23.0.0.363 |
Added Agent connection status and fixed several bugs. |
2024-02-01 |
- Previously when running PowerShell scripts and commands, if the script or command threw a user interface prompt, execution would hang for 10 minutes waiting for the response. The -NonInteractive flag is now passed to all scripts and commands.
- Previously when flagging a text log monitor template to ignore files not found, the files not found would still display in the Explorer View and the Monitor History Status View. The files are no longer displayed. If no files are found, a single entry displays shown no files were found for the entire template.
- Previously when monitoring a text log for missing entries and the file was not found, an object reference not found error was thrown. This bug has been fixed.
- The Host Agent Properties Tab has been updated to include the last connected time, last disconnected time and current connection status.
- The Management Console has been updated to subscribe to agent connection status enabling users to quickly identify by way of a different icon which machines are connected.
|
|
Build 23.0.0.361 |
Updated state icons and fixed SQL Server bulk insert bug. |
2024-01-28 |
- The animated running icon has been removed for real-time templates and templates configured to run faster than once a minute. Instead the main state icon changes to a Play icon when running then when manually stopped or an exclusion period is detected, the icon changes to a Stop icon.
- Previously when using SQL Server to bulk insert Event Logs and the message was greater than 8000 characters an error message was thrown. This bug has been fixed.
|
|
Build 23.0.0.358 |
Removed verbose logging and updated Agent Installers. |
2024-01-26 |
- Previously on heavily loaded systems the internal server.log file was logging MBs of data every minute. Several messages have been removed and now, when the CBSAudit Event Logging is enabled for a Template, the log entries that used to be written to the server.log file during the Template’s execution are now dropped.
- The Agent Installer Service and Agent Server have both been updated to limit the number of current Agent installations which can be configured via the Agent Server Setting view.
- The Agent Server has been updated so legacy Server 2008 machines running the .Net 4.72 compiled Agent are updated using the latest version from the Corner Bowl Software website. This feature required Internet access.
|
|
Build 23.0.0.357 |
Added Smart Card MFA support. |
2024-01-24 |
- The Corner Bowl Server Manager Management Console now supports Smart Card MFA for Contact (ISO 7816) and Contactless (ISO 14443) readers. For more information see https://www.CornerBowlSoftware.com/documentation/Options-Security.htm#mfa
|
|
Build 23.0.0.355 |
Implemented internal security auditing per STIG requirements. |
2024-01-29 |
- Per DoD STIG requirements, all success logon, all failed logon, logoff, duplicate logons and maximum number of logon session per user are now logged to the CBSAudit log. A new report has also been added to the Auditing node called Security that displays these new events.
- A customer reported the following error which is related to the batch insert function: Received an invalid column length from the bcp client for colid 6. In response, the Event Log Consolidation Template has been updated to use the single insert statement used prior to adding batch insert support when the batch size is set to 1. If you see this error, please update the Primary and Archive Data Providers to use a batch size of 1 then notify Corner Bowl so we can address the issue.
- Previously when paging through a generic log consolidation report that grouped entries to a column, for example the Host Column, and the user removed the group from the viewer, the next viewed page would add the grouped by column back into the viewer and the sorting was incorrect. The viewer no longer re-applies the reports grouping and sorting options.
- Previously graphics configured to display a title were not drawing the title. The graphing library has been updated to display the title correctly.
- The Windows Service Monitor and Process Monitor Templates have been updated to enable users to assign multiple services and processes to the template.
- Previously the .Net 7 runtime referenced by the agent installer was looking for the incorrect file. This issue has been resolved.
|
|
Build 23.0.0.349 |
Added a new Windows Audit Policy Monitor Template |
2024-01-14 |
- A new template has been added called Windows Audit Policy Monitor that verifies audit policies and optionally enforces a baseline policy.
- Previously when checking if the Agent is installed on a Linux server, if the server’s Agent has never connected, the check was using RPC instead of SSH. This bug has been fixed.
- The installers have been upgraded to install .Net 7.0.15 if no previous version of .Net 7 has already been installed.
- Per STIG Vul ID V-222387, administrators can now set the maximum number of logon sessions per user. To set this value, select Options | Security then enable the maximum number of logon sessions and set the value to a positive number.
- Per STIG Vul ID V-222437, administrators can now enable the Management Console to display the last logged on time and date. To set this value, select Options | Security, then enable the display last logged on time and date option.
- Previously when consolidating syslog messages, when the log database became unreachable and a syslog entry was received, the syslog server would no longer pull messages off the queue causing a memory leak until the syslog server or the service was restarted. This bug has been fixed.
|
|
Build 23.0.0.339 |
Added widespread batch insert support |
2024-01-05 |
- Batch insert support has been added to the Event Log, Syslog, Text Log and Graph Audit Log consolidation functions for SQL Server, MySQL and Sqlite. Previously only the SQL Server Syslog consolidation supported batch inserts. The corresponding Data Provider Properties Views have been updated to enable users to change the default batch size.
|
|
Build 23.0.0.338 |
Fixed several UI bugs and a minor EVTX backup bug. |
2023-12-28 |
- Previously when viewing the file system for a remotely connected Windows agent, the first call to get the logical disks was incorrectly using Windows Shares. This bug has been fixed.
- Previously when closing a batch window with out first saving the changes, each item was validated prior to closing causing a long loop of acknowledgements. The objects are no longer validated when saved from a batch view.
- The NIST/JSIG event log consolidation templates have been updated with new names, non-classified retention policy and email alerts removed from the error actions.
- The default security event log consolidation templates have been updated to filter out irrelevant event IDs: 4658,4799,5156.
- The Executable Status view was recently updated to use a button with text rather than an icon. When this change was made the button no longer had a visual change showing users they could cancel the execution. The button now updates the text to Cancel.
- Previously when viewing a host’s real-time syslog viewer, and regular expression columns were defined, the message did not display in the Message View. This bug has been fixed.
- Previously when backing up EVTX files, if the agent was running the backup or a local backup was running on the management server, the file Microsoft backs up was moved using the c$ admin share instead of the local path. The file is no longer moved to the temp directory using the UNC path but instead the local path is used.
- Previously when dragging a template to another host’s template group then dropping and selecting Move, the template was linked rather than moved. This bug has been fixed.
- Previously the File Consolidation Template was leaking a temporary file on the agent and on the management server. These two bugs have been fixed.
- Previously several of the agent log monitor templates were not notifying the management console they were running. This bug has been fixed.
- Previously when attempting to manually create a filter for regular expression driven Level Image columns, the filter failed to save. This bug has been fixed.
- All log entry and file retention policies have been updated to save 366 days of log entries and files respectively.
- The SSH connection properties have been updated to include a new option enabling users to install the Linux Agent without elevated privileges (None), sudo (prepend each command with sudo), and sudo -s (call sudo -s immediately after connecting). If you need options, please reach out to support.
- Previously the real-time agent server viewer was not displaying the connected count. This bug has been fixed.
- Previously when attempting to select a file or directory on the localhost, the localhost’s agent was configured to remain connected and the localhost’s agent was not running, the file system browser was not falling back to using local calls but instead threw an error stating the agent is not connected. In this scenario, the file system browser now falls back to use local calls.
- Previously when attempting to configure a Disk Space Monitor for an agent device and the user chose to explicitly assign disks, the call to get the available disks was always using Remote WMI. The function has been updated to utilize the agent when possible.
|
|
Build 23.0.0.326 |
Updated Microsoft Application Log Consolidation Implementation |
2023-12-17 |
- In response to several requests by customers being audited by DCSA, the Event Log Consolidation (Microsoft-Windows-PrintService/Operational) sample Templates have been updated to no longer use WMI but instead use the .Net System.Diagnostics API. The corresponding Event Log download functions have also been updated to append the XML detail to the message in a grouped attribute value pair format similar to Windows Security Event Logs enabling specific diagnostic values to be monitored and reported on per auditing requirements.
- Previously after resting the state for an Azure AD Audit Log Consolidation or Monitor Template an extra line item appeared in the Monitor Status view stating the state had been reset. This bug has been fixed.
- The sample Security Event Log Filters have been re-organized.
- The Windows Agent has been updated to enable seconds schedules for all assignable templates.
- A recent build converted the {MONTITOR_RULE_NAME} variable tag found in log monitors to {RULE} however the code was replacing the value using the {RULE_NAME} variable tag. This bug has been fixed.
- Several trigger messages did not display all of the metadata in the history and tooltips. The core display trigger message has been updated to include all relevant metadata.
- The Registry Value Monitor Template was not displaying the current value in trigger messages. This bug has been fixed.
- The new Timeline image found in email notifications was incorrectly displaying executables configured to run faster than once a minute. This bug has been fixed.
- Overhauled the sample email actions to include more sample email types including HTML and Text-based samples that hide the metadata.
|
|
Build 23.0.0.324 |
Updated several templates. |
2023-12-11 |
- The syslog viewers have been updated to include a show debug messages toolbar button.
- The AD User Monitor Template has been updated to hide informational results from the status view when the “Hide informational data table rows” option is selected. This option is found on the Actions Tab within the Template Properties View.
- Previously the Task Function Template did not support calling files in the path without specifying full path to the executable. This limitation has been removed.
- A new sample template has been added called ‘Disable Filtering Platform Connection Success Auditing’ that disables Filtering Platform Connection success auditing on the target Windows Server.
|
|
Build 23.0.0.323 |
Added several variable replacement tags to log monitor actions. |
2023-12-07 |
- The Event Log Monitor actions have been updated to support the following replacement variable tags: TARGET_ACCOUNT_NAME, ACCOUNT_NAME, ITEM_MESSAGE and ITEM_MESSAGE_PREVIEW.
- A recent change caused some of the template replacement variable tags to no longer be replaced. This bug has been fixed for most of the majorly used templates such as Disk Space Monitoring.
- Previously when running a Summary Report with the Execute option enabled, agent-based templates were not executed. The templates are now executed.
- Previously when running a real-time event log monitor on an agent, manually running any other template caused the real-time event log monitor to shutdown for up to one minute before restarting. This bug has been fixed.
|
|
Build 23.0.0.321 |
Fixed a scheduling bug. |
2023-12-05 |
- Fixed another schedule exclusion rule bug.
- The X-Axis on Line Charts have been updated to provide better tick marks.
- Previously when saving a batch of Templates that had no hosts assigned, the prompt continued to display to confirm saving with out any assignments. The prompt has been removed.
- Previously when attempting to attach a PDF to Monitor Email Notifications, an error was thrown and the PDF not emailed. This bug has been fixed.
- The Executable Status History Delete Toolbar Icon has been updated to use the Clear Icon.
|
|
Build 23.0.0.317 |
Fixed a Text Log Monitor Proximity Filter bug. |
2023-12-01 |
- Previously when using a Proximity Filter for Text Log Monitoring, when run the first time any entries that passed the proximity filter prior to the primary filter being triggered were erroneously included in the first trigger. This bug has been fixed.
- A recent update caused the Linux Audit Log Entry Retention Policy Template to no longer find the attached Linux Audit Log Entry Consolidation Template causing the entries to remain in both log databases. This bug has been fixed.
- The User and Group Management report filters have been updated to exclude the 4798 and 4799 enumeration events.
- Previously the SIEM charts that were saved to HTML referenced the full local path of each rather than just the filename causing the images to only display when viewed locally. This bug has been fixed.
- Previously Generic Event Log Reports configured to limit results to specific Event IDs were ignoring the Event IDs in the query statement when run through the scheduler. This error was easily reproduceable when viewing the AU-2 6.1 Audit Policy Changes Report which does not include a filter but instead only requests Event ID 4719. This bug has been fixed.
- Previously the Azure AD Audit Log Consolidation Summary Report did not return the database statistics. This bug has been fixed.
|
|
Build 23.0.0.306 |
Added new Windows Update Template and Summary Report |
2023-11-30 |
- A recent update introduced a bug in the Disk Space Monitor Template that caused templates configured to trigger on a change in size to trigger the first time executed. This bug has been fixed.
- A recent update introduced a user interface bug in the Monitor Suppression View which caused the countdown to no longer update within the view. This bug has been fixed.
- The PowerShell Template has been updated to enable users to fully control the command line arguments enabling PowerShell commands that produce their own tables to properly display the results for parsing.
- A new template type has been added to enable users to query Windows Updates, then optionally install available updates. A corresponding Windows Update Summary Report has also been added.
- When closing the Monitor Status Views, Report Status Views and Auto-Configurator Status Views the 3rd party control that handles the docking windows would sometimes incorrectly serialize out the state of the History and Verbose Tool Windows causing one or both to no longer display. A workaround has been added to re-open the Tool Windows when this bug manifests itself.
|
|
Build 23.0.0.301 |
Fixed several minor bugs. |
2023-11-24 |
- Previously when sending Microsoft Teams notifications, several data types were not being displayed correctly. These bugs have been fixed.
- Several Gauge Control bugs have been resolved.
|
|
Build 23.0.0.297 |
Fixed several minor bugs and changed a SQL Server connection string key. |
2023-11-16 |
- I recent change to the HTML alerts which single line items to the meta data header caused email alerts that discarded the META_DATA tag in the HTML to no longer display any content. The HTML generator has been updated to check for the existence of the tag then if missing displays single line items in the table format found for multiple items.
- In an attempt to solve a customer’s issue with connecting to SQL Server using TLS the ‘Trust Server Certificate’ flag has been changed to ‘TrustServerCertificate’,
|
|
Build 23.0.0.295 |
Fixed a scheduling bug. |
2023-11-14 |
- I bug was introduced several months ago that may have caused Weekly Range Schedules with exclusion periods to be skipped. This bug has been fixed.
- I bug was introduced some time ago that left CRLF at the end of Microsoft error messages. The bogus CRLFs are once again being removed.
|
|
Build 23.0.0.292 |
Added support for self-signed certificates to SQL Server |
2023-11-13 |
- Previously when attempting to connect to a SQL Server instance using encryption and the SQL Server’s certificate is a self-signed certificate the "The target principle name is incorrect." error was thrown. The SQL Server connection string has been updated to include the "Trust Server Certificate=true" key value pair enabling the SSL connection.
- Previously when auto-clearing non-log-based template trigger states, some alerts were not re-fired until there was at least one successful execution. This bug has been fixed.
- Previously when using simple event log or syslog filter, with at least one include criteria and one exclude criteria, several of the fields within the exclude criteria did not properly implement multiple comma-separated values. This bug has been fixed.
- A bug was recently introduced that caused duplicate triggers to execute actions. This bug has been fixed.
|
|
Build 23.0.0.287 |
Added historical graphs and timeline images to Email and Save to HTML File Actions. |
2023-11-12 |
- Email and Save to HTML/PDF File Actions have been updated to optionally include historical graphs and timeline images. The historical graphs are currently limited CPU and Memory Monitor Templates. All templates support timeline images. The options to includes these images can be found in the Email and Save to File Action Properties Views.
- Previously the syslog monitor was not batch processing entries received in each batch which had the effect of triggering actions for each triggered entry rather that one alert that contained all of the entries. This bug has been fixed.
- A bug was recently introduced that caused the Text Log Monitors size, change in size and idle monitors to error when triggered. This bug has been fixed.
|
|
Build 23.0.0.282 |
Fixed a critical disk space monitor bug recently introduced. |
2023-11-10 |
- A bug ware recently introduced into the disk space monitor that caused And triggers to fail. This bug has been fixed.
|
|
Build 23.0.0.278 |
Fixed several UI bugs. |
2023-11-07 |
- A recent change caused the file explorer to return shares rather than logical disks. This bug has been fixed.
- Previously when attempting to create a filter from an Event Log Report that contained a LOGON_TYPE data types column, the LOGON_TYPE column was not included in the filter. This bug has been fixed.
|
|
Build 23.0.0.276 |
Updated the syslog server settings view. |
2023-11-06 |
- The certification text box found within the Syslog Server Settings has been replaced with a drop-down that automatically loads the available certificates from the Management Server’s computer certificate store. Please note if you previously configured the TLS connection using any value other than the thumbprint, the view will not display the current selection. Please also note, the current user certificate store is not loaded.
- The Summary Reports now enable users to add gauge controls for any Int32 column that graphically displays the percentage of the maximum value within the grouped templates. The default Log Consolidation and Log Entry Retention Policy Templates have been updated to include the new gauge option for the Count columns. To add a gauge for any int value, add a new column to the list of columns. Set the data type to GaugeEX then pre-pend the Key value with the Key of the target column followed by two underscores, for example COUNT_GAUGE.
- A previous build introduced a Syslog Consolidation/Monitor UI bug. When the Template was expanded under a configured host, the Syslog node was no longer displayed. This bug has been fixed.
- Previously the Syslog Consolidation Viewer was not honoring the Syslog Viewer Settings. This bug has been fixed.
- Previously when saving either a syslog, text log or SNMP trap report, if the column flag was removed, all column configurations were whipped out the next time the report properties view was displayed. This bug has been fixed.
|
|
Build 23.0.0.264 |
Fixed several minor bugs. |
2023-11-02 |
- The Report and Template Groups named JSIG RMF AU-2 have been renamed to NIST/JSIG (AU-2)
- Previously when changing a MySQL Data Provider’s role the UI did not update with the new database name. This bug has been fixed.
- Previously when running a Summary Report and hiding error state from the report, agent machined that are in a triggered start for an idle connection were included in the report. The report has been updated to exclude idle triggers when the hide error options is set.
- The General Tab found within the Report Properties view now includes an option to automatically open the report immediately after logging into the Management Console.
- Previously the sample Real-Time Failed Logons Template (All Columns) was using the wrong filter. This bug has been created. To resolve this bug, first delete the Real-Time Failed Logons (All Columns) Template then select Tools | Create Default Objects.
|
|
Build 23.0.0.262 |
Fixed multi-time zone bug. |
2023-11-02 |
- Previously when managing another server via the Agent that is in another time zone, time values were improperly serialized causing the server to save results using the remote clients time zone rather than UTC. DateTime date types are now serialized using UTC then once received converted to local time.
|
|
Build 23.0.0.260 |
Added an auto-deletion feature when hosts are deleted. |
2023-11-01 |
- The Options Tab now includes an option to automatically delete saved log tables when a host is deleted from the system.
- The Dashboard’s Log Database Views now include an icon on each row. The blue information icon indicates the host is actively configured while the gray information icon indicates the host has been deleted from the system. You can use these icons to quickly delete log tables for decommissioned hosts.
- The Explorer View’s Data Providers tree now grays the host image once the host has been deleted from the system.
- Fixed a race condition on the startup of the log viewers that caused the view to miss the call to generate the columns leaving the view without any columns.
|
|
Build 23.0.0.259 |
Updated the Windows Agent to support more schedule and updated the Host Inventory and Summary Reports. |
2023-10-31 |
- The Windows Agent has been updated to support running CPU and Memory Templates using Fixed Seconds Schedule, for example “Every 1 Second”.
- Previously Template Summary Reports were not updating the Gauge Control found within CPU and Memory Monitor Templates. The Gauge is now updated.
- Template Summary Reports have been updated to append the latest results to CPU and Memory History Charts.
- Previously the Monitor and Report Status Views were leaving 20% of the old history entries in the viewer when new items caused an overflow in the page size. This bug has been fixed.
- The Host Inventory Report has been updated to enable users to attach any column from any template to each line item, for example, CPU and Memory Load gauges can be added to the report. Also, all updates are applied to the report in real-time.
- The Summary Report has been updated to update Gauges as values are received as well as add values to the CPU and Memory graphs enabling users to create custom Dashboards.
- Previously, when saving some reports such as Inactive User Accounts to HTML, inactive accounts or other rows which had an empty date and time value were displayed an uninitialized time value. This bug has been fixed.
- Previously, when monitoring disk space and using the and option to minimize false positives, the monitor would trigger on small disks often found on machines. For example, when monitoring a small disk such as a 10 GB drive with the following rules, < 15% fee and < 30 GBs, the drive was triggered. The monitor now ignores the second rule when the disk size is less than the minimum threshold size.
- Previously when restarting the service, agent-based hosts configured to keep their connection alive triggered idle connection alerts. This bug has been fixed.
- The Windows MSI installers have been updated to automatically add all required inbound and outbound TCP and UDP ports.
- The CPU and Memory Monitor real-time views now utilize the agent to retrieve their values.
- A new sample Syslog Monitor Template called Syslog Backup. When assigned to a syslog device, all syslog messages are appended to a CSV file per NIST requirements.
- The Errors Report now includes a field that shows the row count.
- Previously when using an Append to CSV or TXT File Action, each monitor entry, for example each file change detected by a File Integrity Monitor, were appended with the headers defined each time the monitor triggered. The behavior has been changed so the header is now only applied one time then entries appended.
- The PowerShell Template has been updated to support executing commands and a new sample Template called Inactive Local Accounts is not included.
- Previously when viewing an error report that contained 100s of errors the report was slow to return results. This issue has been resolved.
- Previously when using Sqlite to store data, a database locked error was often thrown. Each time the database connection was closed, the .Net garbage collector was being called. The software already calls the garbage collector manually once a minute so this call was unnecessary. Once removed calls into the database are completed much faster minimizing the occurrence of the database lock error.
|
|
Build 23.0.0.223 |
Added agent-based file system querying and fixed various Registry Monitor Template bugs. |
2023-10-02 |
- Various directory, file and service selection controls now return results through the Windows and Linux Agents when applicable.
- Previously users were unable to properly select the Registry Path to monitor. This bug has been fixed.
- The registry path and value are now included within the registry monitor metadata.
|
|
Build 23.0.0.222 |
Fixed a schedule exclusion rule bug. |
2023-09-26 |
- Previously when applying a schedule execution rule to real-time schedules running on agent hosts, the real-time monitors were not shut down. This bug has been fixed.
|
|
Build 23.0.0.221 |
Added major updates to proximity filters applied to log entry monitors. |
2023-09-22 |
- The Proximity Filter that is applied to log monitors has been overhauled enabling better ‘if then options and triggers’. If you are using this feature, please verify your monitors are working as expected.
- A new option has been added to both Reports and Templates called, “Auto-execute”. When enabled, reports and templates scheduled to run while the Corner Bowl Server Manager Service was turned off are automatically executed when the service is started. The feature, for example, enables air gapped servers to automatically execute Event Log File Backups scheduled to run when the system was turned off.
- Two new path replacement variable tags have been added: {MONTH_MMMM} and {MONTH_MMM}. These are replaced with either the full current month name or the abbreviated month name respectively.
- Previously when a template action was assigned to a report, the action was run against the local machine rather than each assigned machine. This bug has been fixed.
- The Template and Host Summary Views now enable users to multi-select hosts and templates then batch update.
- Previously when logging out of the Management Console the window layout was not saved causing the previous settings to load when logging back in without closing the application. This bug has been fixed.
- A previous update to fix the restarting of services that specify command-line parameters busted services that have a space in the file path without quotes. The change has been rolled back.
- A refresh button has been added to the Host Properties Agent Tab enabling users to refresh the installed version without having to re-open the view.
- Previously the Due Date found within Audit Work Items was not properly being saved. This bug has been fixed. This bug has been fixed.
|
|
Build 23.0.0.216 |
Added several new features and fixed several bugs. |
2023-09-14 |
- The Command Line Interface has been updated to enable users to execute Templates and Reports.
- The Command Line Interface has been updated to prompt for username and password and the password is now masked.
- A new agent-based RHEL Template has been added that consolidates all audit log files in their native format to a central location.
- The sample Event Log Summary Report has been updated to exclude the User column.
- A customer reported a bug on Linux that occurred when saving backed up audit logs with the name audit.log.1 or audit.log.2. Previously when backing up log files with the File Consolidation and Retention Template, the extension for zipped files was replaced with the .zip extension causing this bug. The extension is no longer replaced. This bug occurred on both Windows and Linux and has been fixed in both environments. When fixing this bug, we also noticed recursive sub-directory log backup did not work within the agent-based templates. This bug has been fixed as well.
- Previously when attempting to manually run a template on an agent-based host, neither disabled nor templates without a schedule were executed. Disabled and un-scheduled templates will now run when manually executed.
- Previously when creating a new agent-based file system template for a Linux Server, an error message was thrown stating the file system could not be accessed. The error has been suppressed. Please watch out for future builds that included file system access via the agent. This should be released within the next few weeks.
- Previously when creating or updating a file system-based template, the file selection list box did not include a scrollbar. A scrollbar has been added to the view.
|
|
Build 23.0.0.214 |
Fixed a service restart bug. |
2023-09-12 |
- Previously when attempting to restart a service, the service was stopped but then in some cases did not restart because of a race condition in the WMI call. This bug has been fixed.
- A recent updated caused disk space monitor templates that use the discovery mode to always get stuck on the initial threshold. This bug has been fixed.
- Previously when importing EVTX files, the Management Console’s Primary Data Provider did not auto-populate the newly added database tables. This bug has been fixed.
|
|
Build 23.0.0.211 |
Updated several sample templates. |
2023-09-10 |
- Previously the Event Log Consolidation (Security) Template did not extract Subject account attribute value pairs when the Subject group erroneously contained a space between the work Subject and the colon, for example “Subject :”. The sample Template has been modified to workaround this Microsoft bug.
- A new sample Template Group has been added that includes all of the Templates required to implement JSIG controls.
- The JSIG Removable Storage sample Report has been modified to only return 4663 Event IDs in the “Removable Storage” Category.
- The sample agentless RHEL Audit Log Consolidation template has bee removed and instead replaced with the an agent-based template.
|
|
Build 23.0.0.210 |
Fixed new WMI bug in Disk Space Monitors |
2023-09-08 |
- I bug was introduced in the disk space monitor template that caused each non agent-based monitor to run against the localhost. This bug has been fixed.
|
|
Build 23.0.0.208 |
Updated several Templates and views and fixed several bugs. |
2023-09-07 |
- The SMART Monitor and Defragment NFTS Disks Templates have been updated to run on the Windows Agent.
- Several views have been updated to include new toolbar buttons.
- Previously when viewing the built-in Template Summary for Log Entry Retention Policy Templates, several columns were listed that should not have been included and the Log column was not displaying a value. These bugs have been fixed.
- Updated installers to install .Net 7.0.10.
- Previously the PowerShell Action was not properly display the script type properties. This bug has been fixed.
- A previous update caused Grouped Attribute Value Pair Complex Filter Criteria for attribute value pairs that do not have a group, for example Logon Type found within Security Event Log Event ID 4625, to be ignored. This bug has been fixed.
|
|
Build 23.0.0.205 |
Added W3C (Directories) Template, updated Disk Space Monitor (Windows Shares) Template and fixed several bugs. |
2023-09-01 |
- The Text Log Monitor Templates now support scanning multiple W3C files in different sub-directories enabling multiple IIS websites to be monitored with a single template that discovers all sub-directories.
- In order to support Azure Storage Services, the Disk Space Monitor (Windows Shares) Template has been updated to enable users to manually add share names.
- Previously when viewing a Summary Report for Directory Size Monitor Templates, the gauge control was not displaying. This bug has been fixed.
- Previously when attempting to enable the log monitor trigger throttle option, the flag was not setting. This bug has been fixed.
- Previously when using the Linux Agent to upload audit logs to Server Manager, the LEVEL_IMAGE column was not set. This bug has been fixed.
- Previously when the log monitor throttle option only worked when polling logs. Real-Time log monitor templates did not use the correct time to determine the period. This bug has been fixed in the real-time log monitors.
- Previously when importing EVTX files into the log database, if an entry contained a \0 character the entire import failed. \0 characters are now removed from all Event Log messages and categories when downloading, subscribing to or importing from EVTX files.
|
|
Build 23.0.0.199 |
Updated the Logon Sessions Report |
2023-08-23 |
- The Logon Sessions Report now supports scanning, Active Directory for inactive domain accounts, Windows machines for inactive local accounts, setting inactivity thresholds to show trigger states within the report results and triggering incomplete logon sessions. The sample reports include new logon session samples and new JSIG samples.
|
|
Build 23.0.0.192 |
Updated various Security Event Log Reports. |
2023-08-21 |
- The JSIG Reports have all been updated to better support out-of-the-box implementation.
- Security Event Log Reports assigned to off-domain hosts now apply user filters to local accounts.
|
|
Build 23.0.0.189 |
Fixed a filtering bug |
2023-08-03 |
- Previously when viewing a Report, then creating a new Event Log Filter from an Event Log Entry, if either the source column or the message column had been removed from the report, the filter would not return any results. This bug has been fixed.
- Previously when attempting at assign an Environment Variable to a new Regular Expression Column Definition, the selection dialog did not display. This bug has been fixed.
- Previously when assigning an agent template to a device, if the template was enabled bug did not have a schedule assigned, the agent device was notified every minute to execute the template. This bug has been fixed.
|
|
Build 23.0.0.186 |
Added .Net 4.7.2 Support and fixed a scheduling bug. |
2023-07-31 |
- Server Manager has been updated to support both .Net 7 and .Net 4.7.2.
- Previously there were an edge case where the schedule exclusion control did not display the exclusion rules properly. This bug has been fixed.
- Previously when a monitor was manually triggered to re-schedule, and range-based schedule was assigned, when the last time ran fell within the range interval and the next time fell within the current time and the range interval, the next execution time was used even if the next execution time was inside of a schedule exclusion rule. This bug has been fixed.
|
|
Build 23.0.0.178 |
Fixed a email attachment bug recently introduced. |
2023-07-20 |
- A recent update caused attached Zipped attached files to no longer include the .zip extension caused the file to be mis-identified. The .extension is now properly replaced with .zip.
|
|
Build 23.0.0.177 |
Added Agent Event Log queries. |
2023-07-18 |
- Previously when managing a Windows host that is configured to use the Agent and keep it’s connection to the Management Windows Service alive, the select Event Logs views did not use the Agent to query the logs. This new feature has been added enabling users to navigate through all available Event Logs on an Agent managed host when WMI is blocked.
- Previously when updating the software to the latest version the installer and multiple users are logged into the host, the installer may not have shutdown all of the tray icons which could trigger a deferred reboot. This bug has been fixed.
|
|
Build 23.0.0.175 |
Fixed several nested group bugs. |
2023-07-13 |
- Previously and assigning and unassigning nested Report Groups and nested Templates Group to Host Groups, the UI did not always add and remove the assigned and unassigned objects to and from assigned hosts. This UI only bug has been fixed.
|
|
Build 23.0.0.172 |
Added a new Action type. |
2023-07-10 |
- Reports can now be executed when a template completes, for example, after an Event Log File Backup Template completes, a Collection Report that runs multiple Compliance Reports, can be executed immediately.
- Previously when changing a Logon Monitor Template the corresponding Logon Monitors did not always restart. This bug has been fixed.
|
|
Build 23.0.0.167 |
Added several new Security Reports and fixed several reporting bugs. |
2023-07-06 |
- Two new user filters have been added to filter out built-in subject and target account names.
- Two new user activity reports have been added to group results by subject and target account names.
- A new Special Permission Assignments report has been added that summarizes the results by account while also filtering out built-in accounts.
- The Collection Report now automatically appends assigned Report Group Names when clicking on the Auto-Generate Name button.
- The Collection Report has been modified to ignore all disabled reports.
- Previously the Event Log Cleared Filter was not properly handing both Audit Log Clear Events and Log Clear Events while also excluding overlapping Event IDs from other Sources. This bug has been fixed.
- Previously the Event Log Cleared Report was only querying for Event ID 1102. The report now queries for both 104 and 1102 Events.
- Read-only users can now execute Templates and Reports on demand enabling auditors to manage stand-alone air gapped machines on demand.
- Previously when loading columns from within a log report that has enabled the select discount option, the Count column lost its Enabled selection. This bug has been fixed.
|
|
Build 23.0.0.166 |
Added Linux Agent. |
2023-07-05 |
- We are excited to announce the release of our first .Net implemented Linux Agent. The agent can be installed on any Linux flavor including RHEL and Ubuntu. For the initial release, the Linux Agent supports Text Log Consolidation and Text Log Monitor Templates. These templates enable users to replace the previous RedHat Template for consolidating Linux Audit Logs which used SSH and SFTP to pull the logs. Once replaced the audit logs are read, parsed, filtered and then finally new entries sent to the server exactly how the Text Log Templates run on the Windows Agent which significantly increases performance and removes the requirement of logging into the server to pull the logs each time. For more information see the in-application help.
- The Agent Installer Service has been updated to write installation events to the CBSAudit Log and a corresponding Agent Installer Service Audit Report is now included.
- The Host Agent options have moved to their own tab and an inline verbose output view added so manually executed Agent installations display verbose output.
|
|
Build 23.0.0.157 |
Updated the MS Application Log consolidation process. |
2023-06-30 |
- Previously when consolidating MS Application Log files, the logs were automatically enabled. The logs are no longer automatically enabled.
- The software was recently updated to enable the WMI to pull Microsoft Application Logs to resolve several bugs within the .Net API previously used. While making that change a bug was introduced that caused the logs to be pulled from the localhost. This bug has been fixed.
|
|
Build 23.0.0.155 |
Updated the installers to look for .Net 7.0.8 and fixed a SMS Action UI bug. |
2023-06-28 |
- The installers have been updated to install the latest .Net Framework, v7.0.8, if no previous version is installed.
- The SMS Action was previously always showing Clickatell as the selected SMS type when in fact the type was actually set as another. This UI display bug has been fixed.
- A recent update caused new Azure Audit Log Monitors to no longer automatically create a host placeholder to assign the template when initially created. This bug has been fixed.
|
|
Build 23.0.0.145 |
Overhauled internal auditing. |
2023-06-26 |
- The internal auditing has been overhauled. Numerous calls have been added to better track object updates, assignment/un-assignment, enable/disable and execution start/complete. The Explorer View now includes CBSAudit Log Reports that enable users to globally audit Reports, Templates, Auto-Configurators, and user activity.
- The in-application help has been updated to included Audit Work Item and CBSAudit Report topics.
|
|
Build 23.0.0.144 |
Updated Microsoft Application Log Monitors. |
2023-06-22 |
- A new option has been added to the Event Log Consolidation and Event Log Monitor Properties Views that enable users to enable or disable the WMI API when managing Microsoft Application Logs.
|
|
Build 23.0.0.142 |
Updated the documentation and made several UI enhancements. |
2023-06-21 |
- Documented the new PowerShell action.
- Updated several icons and layouts throughout the Management Console.
|
|
Build 23.0.0.135 |
Added real-time monitoring support to Microsoft Application Logs. |
2023-06-19 |
- Previously Microsoft Application Log Monitors used a .Net API to monitor the logs. This API is approximately 10-times slower than WMI, has a bug in the reader that prevents the actual message from displaying and does not support real-time monitoring. Microsoft Application Log Monitors now update the Windows Registry settings so the logs can be monitored using WMI resolving the speed issue, message display issue and lack of real-time monitoring support. If you have log monitors in place that take into account the malformed message, please update your monitors so they can properly detect your filter search criteria.
- Previously when saving a template, certain scenarios caused the UI to prompt users to save. This bug has been fixed.
- I recent build introduced a bug that causes copying and pasting of some reports to fail. This bug has been fixed.
- Users can now drag and drop Reports and Templates to each host’s Reports and Templates child tree nodes.
- Previously when email reports as attachments, the attachment file name was a GUID. The filename has been updated to either the report name or monitor name.
- A new PowerShell Action has been added that enables users to execute PowerShell commands and scripts on the management server and agent-based devices.
- A new sample firewall Action has been added and can be found under the Intrusion Prevention System (IPS) Action Group. The Action is an instance of the new PowerShell Action that can be applied to IIS W3C file monitoring templates so attacking IP addresses can be automatically blocked on the Windows Firewall. This actin can be run directly on monitored agent hosts to block attacks on managed Windows Servers.
|
|
Build 23.0.0.130 |
Fixed Microsoft Application log download bug recently introduced. |
2023-06-12 |
- A previous update was made to support reading Success Audit and Failure Audit Events from Microsoft Application Logs however the change exposed a major bug in .Net which the message is not returned leaving users to only be able to read the parameters. This bug has been in .Net and recorded to Microsoft for over 5 years. This is a temporary build. We are working on adding the necessary registry entries to the Microsoft Event Log Service so the logs can be moved to the WMI API.
|
|
Build 23.0.0.127 |
Fixed several Event Log Backup bugs. |
2023-06-09 |
- Previously when consolidating Event Logs and backing up and clearing Event Log Files with the Agent, Event Log Consolidation Filters were not passed to the agent causing a Not Found error to be thrown while consolidating. This bug has been fixed.
- Previously when manually viewing backed up non-Security Event Log Files in the Management Console, Success Audit and Failure Audit types displayed as Errors types. This bug has been fixed.
|
|
Build 23.0.0.126 |
Enhanced user and group filtering and fixed several UI bugs. |
2023-06-07 |
- The User and Group Filters now differentiates between groups, built-in groups, users and built-in users. Corresponding templates and reports are now optimized so they only lookup groups rather than group and users.
- Previously the Permissions Report displayed the FQDN in the User column which then required users to add the FQDN to the User and Group Filters controls when filtering users and groups. The report has been updated to only display the username. If you previously included the FQDN in the user and group filters, please update your reports by clearing the filter then re-adding the actual usernames and groups in the filter controls. The Permissions Report has also been updated to exclude all of the latest built-in groups, as defined by Microsoft, and some built-in users not previously caught, when the hide built-in users and groups option is selected.
- A recent update caused AD Account Lockout Monitors Status View to no longer include the word Locked in the message column. This bug has been fixed.
- Previously when displaying a consolidated log from within a log monitor tree node (a new feature) the viewer may have thrown a duplicate key error. This bug has been fixed.
|
|
Build 23.0.0.122 |
Added a new feature to the Event Log Backup Template and fixed several UI bugs. |
2023-06-02 |
- The Event Log Backup template has been updated to include an option to automatically archive the event log files when they reach a percentage of the maximum allows size. Please note this option is only implemented within the Agent.
- The Management Console on-demand Template Summary Views were not properly updating the gauge control when viewing large numbers of CPU, Memory and Disk Space Templates. This bug has been fixed.
- Previously when viewing consolidated logs then selecting the move to first page button but not the move to previous page, the view may not have returned any records for the first page. This bug has been fixed.
- The Website, Pop3 and IMAP Templates and FTP Connection Settings now support the option to ignore SSL certificate name errors.
- The Website Monitor now throws the innermost exception when a connection error occurs.
|
|
Build 23.0.0.120 |
Fixed several summary report bugs. |
2023-05-31 |
- While adding the history database support the CPU, Memory and Disk Space Template Summary Views were not displaying some column values these bugs have been fixed.
|
|
Build 23.0.0.119 |
Added a new real-time view of connected Agent Devices and fixed several bugs. |
2023-05-31 |
- Previously when using the Auto-Configurator to add hosts, filtering on Int32 AD properties, for example userAccessControl, always returned false. This bug has been fixed.
- A recent refactor caused 2 tabs with the SIEM Chart Report Properties view to display the incorrect views. This bug has been fixed.
- When viewing the Data Properties for a Microsoft Application Log that included a slash and using Sqlite, one of the views was displaying an error. This bug has been fixed.
- When merging multiple logs, the application would crash when the primary key exists on the same page of data in both logs. This bug has been fixed.
- The Agent Server has been updated to include a real-time view of connected devices.
|
|
Build 23.0.0.117 |
Added real-time Event Log Viewer capabilities to Agent. |
2023-05-25 |
- The Management Console can now subscribe to Event Logs through the Agent enabling real-time viewing when WMI is blocked. Filters are applied on the agent side so, unlike WMI, the only entries passed on the network are filtered entries which significantly decreasing network traffic and CPU load.
- Previously when attempting to block an IP on a remote IIS webserver, the operation may have failed. The Agent and IIS IP Restriction Action have been updated to support running the Action directly through the agent enabling the successful addition of the rule.
- A new Batch Template Properties menu item has been added to the Explorer View’s root Templates Node. Once selected all templates are opened in the batch editor. The batch editor has also been updated to include the Agent Tab when multiple types are selected.
|
|
Build 23.0.0.105 |
Added agent-based real-time Event Log monitoring and fixed several bugs. |
2023-05-24 |
- Server Manager now supports real-time Event Log monitoring from our agent. To enable, set keep-alive flag from within the Host Properties view of the target server then assign a real-time scheduled Event Log monitor template to the host.
- Templates can now be immediately executed on agents when the agent host is configured to keep the connection alive from within the Management Console.
- A recent bug was introduced that caused agent-based text log monitoring to fail. This bug has been fixed.
- The Explorer View has been updated so Event Log and Syslog Monitors nodes include a View menu item. When selected the Regular Expression Columns Definitions that have been applied to the monitor are included in the Log Viewer enabling users to test filters against Regular Expression driven columns.
- Several of the batch Log Consolidation Templates tabs did not properly update the view when selecting between the different servers. These bugs have been fixed.
- Previously the Ping Monitor Template did not include a Trigger Recovery Action which meant when a ping monitor triggered because the response was too slow, rather than no response, no recovery alert was sent. This UI bug was fixed so the trigger recovery alert is now sent when configured.
|
|
Build 23.0.0.95 |
Added History Database support, IIS IP Restriction Action and Timeline Control. |
2023-05-15 |
- The history can now be saved to SQL Server, MySQL and Sqlite providing faster support for historical review and enabling users to integrate with any BI Dashboard. Out-of-the-box the History Database defaults to Sqlite. To integrate with your BI Dashboard, configure the History Database to use either SQL Server or MySQL.
- A new Timeline control has been added to the Schedule Properties View, Monitor Status View and Log Viewers. When viewed within the Monitor Status View and the monitor executes faster than once a minute, the control acks as a graphical uptime viewer (e.g. Ping Monitors).
- A new Intrusion Prevention System (IPS) action has been added that enables users to automatically add attacking IPs to the IIS IP and Domain Restriction list.
- Previously the RegEx based generic Account Management Report (Generic) report did not include the Caller Machine Name column. This column has been added into the default report. The Security ID and Target Security ID columns have also been disabled. To re-create, select Tools | Create Default Object.
|
|
Build 23.0.0.80 |
Enhanced the agent server and fixed several memory leaks. |
2023-04-28 |
- The agent server now includes a maximum number of connections option.
- Fixed several memory leaks that occurred within the service.
|
|
Build 23.0.0.73 |
Added a new database table reseed template. |
2023-04-24 |
- A new template has been added called Database Table Reseed. This template enables users to reseed Event Log and Syslog tables to resolved arithmetic overflow errors.
- When running with 1000s of agents and updating to a new version, the agent server did not throttle the updates causing client connections to get protocol starved resulting is unexpected disconnects. The agent now throttles to 20 updates at the same time. This value can be overridden via the Agent Server Settings View.
- Previously when viewing 1000s of monitors via the Template Summary View, the user interface would hang. This bug has been fixed.
|
|
Build 23.0.0.71 |
Added several enhancements and fixed several bugs. |
2023-04-23 |
- The initial configuration has been updated to include an agent based delete temporary files template to each newly connected agent device.
- The initial configuration has been updated to assign a security event log specific template to the localhost sow the source and target account names are extracted from each security event log entry and saved to the database in their own columns.
- Previously the Explorer View was searching twice when users pressed the Enter button. This bug has been fixed.
- Several minor verbose service log messages have been updated.
|
|
Build 23.0.0.70 |
Fixed agent based log monitor bug. |
2023-04-22 |
- Previously when applying multiple agent-based event log monitors to the same host with the same schedule all referenced filters were applied to each monitor. This bug has been fixed.
|
|
Build 23.0.0.69 |
Added new Agent installer option. |
2023-04-21 |
- A new agent installer has been added that includes .Net 7.0.5 embedded within the bootstrapper enabling offline and air gapped installations on hosts that do not already have .Net 7 installed.
- Previously when automatically installing the agent and using TLS 1.2, the server passed the server certificate identifier to the client. This bug has been fixed.
- The Management Console login screen has updated the TLS 1.2 Certificate label to a accurate label, Client certificate (optional).
|
|
Build 23.0.0.65 |
Fixed a minor agent based Security Event Log download bug. |
2023-04-21 |
- Previously when downloading security event log entries from the agent and the batch download option was enabled, only the first batch stripped the informational content from the messages. All batches now strip the redundant information content.
- When configuring regular expression driven columns, the changing the order of multiple regular expressions for the same column caused the regular expression being moved to be removed from the column definition and regular expression list.
- Fixed several scroll bugs just introduced.
|
|
Build 23.0.0.64 |
Fixed a SQL Server reseed bug. |
2023-04-20 |
- A recent optimization broke the SQL Server Event Log reseed function. This bug has been fixed.
- A recent update caused the verbose output found in log consolidation and retention policies to list a class name rather than the detailed information that was intended. This bug has been fixed.
- Updated multiple help topics.
|
|
Build 23.0.0.62 |
Fixed a bug in the website monitor. |
2023-04-19 |
- Previously when attempting to monitor a non-standard SSL port the port number was not applied to the URL. This bug has been fixed.
|
|
Build 23.0.0.61 |
Added several enhancements. |
2023-04-18 |
- The Dashboard’s Host Inventory view has been overhauled. The view now subscribes to host updates, monitor status updates and inventory updates enabling users to watch in real-time as hosts, agents and inventory is updated.
- Previously when running 1000s of agents the Management Console was often slow. Many different optimizations have been made to speed up the user interface.
- The Agent Server, Syslog Server and SNMP Trap Server Properties Views were all updated to have a consistent look and feel. The corresponding help topics for these views have been updated.
|
|
Build 23.0.0.60 |
Fixed a legacy file system log repository bug. |
2023-04-14 |
- When upgrading from Server Manager 2022 and using the legacy file system to save log entries, the file reader was not properly paging through data due to an initialization bug in a date time field associated with moving to .Net 7 and refactoring. This bug has been fixed.
- A recent update caused log monitors flipped between enabled and disabled to lose the ability to update. This bug has been fixed.
|
|
Build 23.0.0.57 |
Added several enhancements. |
2023-04-12 |
- The Microsoft Teams action has been updated to included a few more metadata fields. On the backend, the level images were not displaying because they were missing from our backend server. This bug has been fixed.
- The Real-Time Event Log and Syslog viewers have been updated to use the column definitions found in the corresponding log consolidation and log monitor template configurations.
- The Explorer View tooltips have been updated to limit the length to 4096 characters.
|
|
Build 23.0.0.55 |
Fixed a UI performance bug. |
2023-04-12 |
- Previously when viewing a large log file with message preview enabled and grouped by a column the UI was consuming large amounts of CPU whilst doing nothing. This bug has been fixed.
|
|
Build 23.0.0.54 |
Added Microsoft Graph email support. |
2023-04-11 |
- Per a customer request, Server Manager now supports sending email through the Microsoft Graph API using an Azure Application’s client ID, tenant ID, client secret and an Azure Office 365 email account.
- Previously when the agent server became overloaded, errant agents would attempt to re-connect after 60 seconds. The agent has been updated to sleep for one minute then randomly re-connect within 5 minutes.
- Previously when batch saving many templates remotely there was no indication the save operation was running the background. The document view has been updated to start the waiting spinner in the title bar.
- Previously when batch updating multiple templates, the Warning and Trigger actions only displayed when the first template in the array supported those options rather than any of the templates. This bug has been fixed.
- Some of the test verbose output views have been moved to a resizable tool window.
- In an effort to save space, many of the test verbose outputs have been updated to include the Test button inline within the Verbose Output toolbar control.
- Previously the MAC Address, Local IP and Remote IP were not displaying in Host Inventory Reports. This bug has been fixed.
- Previously when viewing the Dashboard and the service was restarted, the CPU and Memory donut charts no longer displayed. This bug has been fixed.
- The Data Properties Views have been updated with better error messages and display results when the corresponding table is not present.
- The agent has been updated to support range-based connection schedules. When assigned, each agent randomly applies the configured range interval before sleeping between connections.
- A bug was recently introduced that resulted in the save prompt continually displaying. This occurred when being prompted to save after attempting to close the view with the close button rather than first saving the object. This but has been fixed.
|
|
Build 23.0.0.52 |
Added several enhancements and fixed several bugs |
2023-04-10 |
- A new data type has been added to the Column Definitions and Complex Attribute Value Pair based Filters called Logon Type. The default Success Logon Report has been updated to use this value to display the English value of the Logon Type number, for example, instead of seeing the value Logon Type = 10 users will now see Logon Type = Remote Interactive. When configuring a filter with this data type, users can now use check boxes to select the logon types they would like to apply to the filter rather than previously having to rely on a numerically based regular expression.
- The Agent Server now throws an error when an agent on a Server 2008, Windows 8 or Windows 7 machine attempts to download the latest version from the management server.
- Previously when an agent requested to download the latest version and the installer was missing from the management server, the agent would hang indefinitely waiting for the file. A 10 minute timeout has been added.
- Real-Time WMI based event log monitors now restart anytime the template is modified.
- Previously log monitor in-memory configuration and state was not reset when a template’s column definitions were modified. This bug has been fixed.
- Previously when a real-time log monitor template was modified, the change was only logged to the service log file. The change is now logged to the history and the service log file.
- Previously when a log monitor template was disabled, log monitor state was continually being updated. The state is no longer updated when a template is disabled.
- The event log consolidation verbose log messages have been updated to provide more detailed information.
- Previously when attempting to add a regular expression via the lower Regular Expressions control, rather than within the Column Definitions control, in the various Columns tab views, a new item was not added. This bug has been fixed.
- Previously the File System Browser view was not properly sorting the Modified At column. This bug has been fixed.
- Previously when creating a new template the view’s title bar value said New Report. This bug has been fixed.
- Numerous focus and tab bugs have been fixed throughout the Management Console.
- The data grid rows no longer reverse the foreground and background colors when rows are selected. Instead, selection and focus is indicated using a border and light background.
|
|
Build 23.0.0.51 |
Added several enhancements and fixed several bugs. |
2023-04-05 |
- Many of the log viewers now include the query duration in the view detail.
- Previously when applying regular expressions to Syslog Consolidation templates, if multiple entries were initially received in the same batch the custom columns were not created causing an error to be thrown when the entries were inserted into the database. This bug has been fixed.
- A recent update caused the Merge function to do nothing. This bug has been fixed.
- Previously when the service was restarted and the Dashboard was open in the Console, the Server Information duplicated the meta data columns. This bug has been fixed.
|
|
Build 23.0.0.50 |
Fixed several bugs and updated several in-application help topics. |
2023-03-31 |
- Previously when using the agent to backup EVTX files and consolidate Event Log entries to a central database, if logs were assigned to the template that did not reside on the managed system, the function would exit without sending the error back to the service. Both functions have been updated to continue if and when the ignore log not found error option is selected, the error ignored.
- When manually adding an Event Log to a template or report, the newly added log is not automatically selected.
- Updated several help topics.
|
|
Build 23.0.0.49 |
Fixed several dashboard bugs. |
2023-03-27 |
- Previously the Dashboard / Host Inventory view did not properly sort when a column header was clicked. This bug has been fixed.
- Previously the Dashboard / Host Inventory view did not remove a host once manually deleted. This bug has been fixed.
|
|
Build 23.0.0.46 |
Added SQL query by function and fixed a report properties bug. |
2023-03-27 |
- Users can now configure log reports to apply query by rules (SQL where clauses) enabling custom index and non-indexed columns to be searched for fast results prior to returning result sets and applying user defined filters.
- Previously when the Report Properties view did not display the directly assigned hosts in the assignments view. This bug has been fixed.
|
|
Build 23.0.0.44 |
Fixed several monitor bugs. |
2023-03-24 |
- Previously the File Integrity Monitor did not properly auto clear triggered files. This bug has been fixed.
- Previously when viewing monitor status and the service was restarted, the view would re-draw blank once reconnected. This bug has been fixed.
- Previously when viewing the monitor status for a collection-based template, such as File Integrity Monitors, and the monitor auto cleared it’s triggered status, the view only displayed one of the auto cleared items rather than all of the monitored items. This bug has been fixed.
- The Agent Server documentation has been updated to reflect the changes made in version 2023.
- Several Management Console memory leaks have been fixed.
|
|
Build 23.0.0.43 |
Fixed several text log monitor UI bugs. |
2023-03-22 |
- Previously the text log monitor template views were not using the new file selection dialog. This bug has been fixed.
- Previously when a text log monitor had many directories and many log monitor rules, the UI loaded very slowly. The load time has been significantly decreased however in some cases it is still slower than expected.
|
|
Build 23.0.0.41 |
Server Manager 2023 Released! |
2023-03-15 |
|