ACSIA Help Center

New Release Note v5.0+ (New Version 5.2.3)

Maide UYGUR
Maide UYGUR
  • Updated

New Features in v5.2.3

  • New user interface: Insights Dashboard now serves as integrated in the ACSIA interface. Users can access the old boards from the Compliance section.

mceclip0.png

mceclip1.png

  • New user interface: We redesigned the interface for a better user experience.Adding host last seen in host list and Adding host agent version in host list.

WhatsApp_Image_2022-09-15_at_22.58.17__1_.jpeg

WhatsApp_Image_2022-09-15_at_22.58.17.jpeg

 

 


 

How to upgrade the new version?

The user acsia MUST execute the following command:

Only v5.0+ users should do this.

 acsia_update

 


 

Important Bug Fixes

  • Fix whitelist subnet throwing an exception in edge cases.
  • Fix issue with reset password of the initial default user.
  • When an Access Location is Waiting for approval rule is deleted, notifications related to the user and related IP cause inconsistent behaviour. So executing an action on the notification would generate an exception.
  • Fix issue with the agent installation script on Windows 10 with specific network configuration.
  • Fix General Network Traffic Dashboard not working correctly.
  • Fix the issue with the notification table not being updated when a notification is closed.
  • Fix issue with retrieving windows administrator user in French.
  • Improved database query performance (ephemeral agent commands) and prevented timeouts.

The agent installation script launches a new PowerShell which tests that information about host networks can be collected. If not, network details are not collected. It prevents the installation script to get stuck. The user may ask about it.

 


 

Changelog

Version 5.2.3

Changes

Replaced public IP service with 4securitas’ https://wimi.xdrplus.com/ip

New features

  • New user interface
  • Insights Dashboard #1192
  • Main dashboard #1137
  • Migration to OpenSearch and OpenDashboards #1159 #1163 #1165 #1180
  • Upgrade Wazuh to version 4.3 #1182
  • Rebranding #1180
  • Add host last seen in host list #1255 #1316
  • Add host agent version in host list #1255 #1316

It may be necessary to refresh the page in order to see the new columns in the host list table.

Enhancements

  • Wazuh: do not update automatically #1203
  • UI: enhance 404 and page redirect #1249
  • Enhance Docker log parser #1262
  • Allow full-text search by hostname for host list #1278
  • Falco: remove snapd false positive #1291
  • Enhance agent error handler #1304
  • Settings: reorganize notification section #1314
  • Enhance ssh brute force algo #1317
  • Enhance widget title readability #1321
  • Discard docker logs on parsing failure #1265
  • New Settings styling (Accordion)
  • Improve database queries performance (ephemeral agent commands) and prevent timeouts.
  • Enhanced SQL Injection detector #1299
  • Enhanced port scan detection and visualisation 1239 1264
  • Enhanced brute force attacks detection 1232
  • Enhanced access failures analysis 1237
  • Enhanced SQL injection detection 1261
  • Agent: Enhanced ACSIA agent message handling 1035
  • Database: Enhanced performance 1212
  • ACSIA update script: Rollback on CTRL+C 1214
  • Windows: Enhanced system logs manipulation detection 1257
  • Kernel module: Enhanced rules update 1210
  • Enhanced agent error notification: handle already banned/unbanned messages #1304

Fixes

  • Agent failed log rotation causes memory leak (agent #46)
  • Fixed conversion value on all badge traffic (managed until YB).
  • Fixed refreshing graphs when filter  period is applied.
  • Fix ACSIA insert user script not working #1217
  • Capitalize widget titles #1321
  • Fix slack integration setting cancel button not working dc4060f7
  • Fix UI is crashing when cleaning out multiple alerts #1311
  • Fix docker container logs detection database retention #1211
  • Fix NaN user in top 10 authorization failure graph #1235
  • Fix MFA Public IP link when URL is enabled goes in timeout #1251
  • WazuhLog parsing exception #1262 
  • Fix Opensearch gets stuck on start/restart #1266
  • Remove debug label in chart title #1278
  • Fix UI bulk action icons have different sizes #1293
  • Fix installation fails when a previous checkmaster failure happens #1296
  • Fix ban by false positive not present in banned IPs #1299
  • Fix host filter widgets not updated after host removal #1310
  • Fix double negative in the UI under kernel notification #1313
  • Fix IP Whitelist doesn't work for subnets but only for singular IPs #1315
  • Handle SQL rollback #1318
  • Fix minor decoration bug in host list last seen column #1319
  • Fix empty first seen field in blacklist #1277
  • Agent reporting error on Windows administrator users discover #1274
  • Detecting wazuh-remoted writes under /etc/ as a threat #1306
  • Fix General Network Traffic Dashboard not working correctly #1165
  • Remove change IP detection for agentless mode #1161
  • Fix change default user password breaks acsia stack restart script #1170
  • Fix issue with retrieving windows administrator user in French #1184
  • Fix add whitelist subnet throwing an exception in edge cases. #1185
  • Fix waiting for approval access location inconsistent behaviour #1140
  • Fix issue with the agent installation script on Windows 10 with specific network configuration. #1195
  • Fix issue with the notification table not being updated when a notification is closed nimbus/acsia-new-ui-ux#168
  • Fix IocRepo throwing exceptions when there are no results 127cb08c
  • Fix broken Falco custom rules #1201
  • Fix Wazuh syscheck false positive #1198
  • Fix long web request params can't be stored in DB #1299
  • Fix missing IP discovery on Windows, in case of host network issues 1205
  • Fix false positives from internal components 1209
  • Fix Policies IP filter not working after several IP filtering actions 1207
  • Fix OpenSearch doesn’t start automatically on host reboot 1196
  • Fix changing settings fail when disabling SMTP 1231
  • Fix ACM API periodically not reachable 1216
  • Fix SSL certificates deployment missing script command 1234