Skip to content

Latest commit

 

History

History
191 lines (115 loc) · 6.98 KB

CHANGELOG.next.asciidoc

File metadata and controls

191 lines (115 loc) · 6.98 KB

Beats version HEAD

Breaking changes

Affecting all Beats

  • Fix mapping of parent process information provided by add_process_metadata. 29874 30727

Auditbeat

Filebeat

Heartbeat

Metricbeat

Packetbeat

Winlogbeat

Functionbeat

Bugfixes

Affecting all Beats

  • Fix field names with add_network_direction processor. 29747 29751

  • Fix a logging bug when ssl.verification_mode was set to full or certificate, the command test output incorrectly logged that TLS was disabled.

  • Fix the ability for subcommands to be ran properly from the beats containers. 30452

  • Update docker/distribution dependency library to fix a security issues concerning OCI Manifest Type Confusion Issue. 30462

  • Fix dissect trim panics from DELETE (127)(\u007f) character 30657 30658

  • Load data stream during setup, so users do not need extra permissions during publishing. 30647 31048

  • Add ecs container fields 31020

  • Fix docs reference for syslog processor 31087

  • Fix AWS config initialization issue when using a role 30999 31014

Auditbeat

Filebeat

  • auditd: Prevent mapping explosion when truncated EXECVE records are ingested. 30382

  • elasticsearch: fix duplicate ingest when using a common appender configuration 30428 30440

  • Prevent logic race on clearing data during request in httpjson. 30730

  • Do not emit error log when filestream reader reaches EOF and close.reader.on_eof is enabled. 31109

  • Prevents filestream inputs from being stuck while being created. 31240

  • Recover CEF extensions from messages with invalid/incomplete headers. 30757 30938

  • Fix panic in filestream input when copy_truncate log rotation strategy is used 29024 31041

  • Fix Azure signinlogs authentication_requirement_policies field type and several missing fields. 31062

  • Cyberark PAS: Fix error ingesting events with a single entry in the CAProperties field. 31094

  • Fix Azure activitylogs identity field type and several missing fields. 31170

  • checkpoint: Fix ingest error when a message contains trailing spaces 31197

  • m365_defender: Fix processing when alerts.entities is an empty list. 31223 31227

  • Prevent filestream from rereading whole files if they are rotated using rename. 31268

Heartbeat

  • Heartbeat now successfully runs synthetic monitors on ARM processors. 31114

Metricbeat

  • Enhance metricbeat on openshift documentation 30054

  • Fixed missing ZooKeeper metrics due compatibility issues with versions >= 3.6.0 30068

  • Fix Docker module: rename fields on dashboards. 30500

  • Add back missing metrics to system/linux. 30774

  • GCP metrics query instances with aggregatedList API to improve efficiency. #30153

  • Fix delay in perfmon counters collection 30686 #30861

  • Fix Jolokia module to print URI for one of the debug logs. #30943

  • Handle docker reporting different capitalization for disk usage metrics. #30978

Packetbeat

Winlogbeat

Functionbeat

Elastic Logging Plugin

Added

Affecting all Beats

  • Add FIPS configuration option for all AWS API calls. 28899

  • Add support for kafka message headers. 29940

  • Add support for non-unique Kafka headers for output messages. 30369

  • Add syslog parser and processor. 30139 30541

  • Add action_input_type for the .fleet-actions-results 30562

  • Add cronjob metadata by default 30637

  • New option setup.template.json.data_stream is added to indicate if the JSON index template is a data stream. 31048

  • Add support for port mapping in docker hints. 31243

Auditbeat

Filebeat

  • Add text/csv decoder to httpjson input 28564

  • Update aws-s3 input to connect to non AWS S3 buckets 28222 28234

  • Add support for '/var/log/pods/' path for add_kubernetes_metadata processor with resource_type: pod. 28868

  • Add documentation for add_kubernetes_metadata processors log_path matcher. 28868

  • Add support for parsers on journald input 29070

  • Add support in httpjson input for oAuth2ProviderDefault of password grant_type. 29087

  • Add extraction of related.hosts to Microsoft 365 Defender ingest pipeline 29859 29863

  • threatintel module: Add new Recorded Future integration. 30030

  • Support SASL/SCRAM authentication in the Kafka input. 31167

  • Improve recovery from corrupted registries. 25135 30994

  • Add support in httpjson input for chain calls. 29816

  • checkpoint module: Add network.transport derived from IANA number. 31076

  • Add URL Encode template function for httpjson input. 30962

Auditbeat

  • Include config file (auditbeat.elastic-agent.yml) in tar.gz and zip packages for use with Elastic Agent.

Filebeat

  • http_endpoint input: Add support for requests with Content-Encoding: gzip. 31005

Heartbeat

Metricbeat

  • Add kubernetes.container.status.last.reason metric 30306

  • Extend documentation about orchestrator.cluster fields 30518

  • Fix overflow in iostat metrics 30679

  • Add commandstats field to Redis module 29662

  • Add kubernetes.volume.fs.inodes.pct field. 30785

  • Improve Kubernetes dashboard. 30913

  • Populate new container ECS fields in Docker module. 30399

  • Populate new container ECS fields in Kubernetes module. 30181

  • Populate ecs container fields in Containerd module. 31025

Packetbeat

Functionbeat

Winlogbeat

  • Improve the error message when the registry file content is invalid. 30543

  • Retry EvtSubscribe from start if fails with strict mode. 29793 30155

  • Add parent process ID to new process creation events. 29237 31102

Elastic Log Driver

Deprecated

Affecting all Beats

Filebeat

Heartbeat

Metricbeat

Packetbeat

Winlogbeat

Functionbeat

Known Issue