Search Guard FLX 1.3.0
Release Date: 2023-08-28
This is a new minor release of Search Guard FLX.
It brings some new features especially for the Audit Log, some bug fixes and updates a number of dependencies.
New features
Audit Log: New categories for Kibana login and logout
If a users logs in into Kibana a KIBANA_LOGIN
event is generated and when the user logs out a KIBANA_LOGOUT
event is generated.
Audit Log: Custom fields
You can now add custom fields with static values, that should be stored in Audit Logs.
Audit Log: New field in the Audit Logs containing the Elasticsearch version
A new field audit_node_elasticsearch_version
, which contains the Elasticsearch version when the event was created, is now logged.
Audit Log: New events in Audit Logs for index template creation/update/deletion
Add new category COMPLIANCE_INDEX_TEMPLATE_WRITE
to track modification on index templates.
Audit Log: New events in Audit Logs for operations on indices (create, delete, update settings/mappings)
Add new category INDEX_WRITE
to track modification on indices (created index, updated index settings/mappings or deleted index).
Improvements
Authentication: Renamed OIDC Endpoint
Search Guard implements OIDC which is not the same as OpenID. To avoid confusion, the endpoint were renamed from /auth/openid/login
to /auth/oidc/login
. In order to keep backwards compatibility /auth/openid/login
is kept, but usage is not recommended.
Signals: Global config for trusted certs of external HTTP interfaces
Simplify the management for trusted certificates with Webhook action and HTTP input and Jira actions. It is now possible to manage truststores via an API and then reference them in watches.
Signals: Convert runtime data to JSON in Webhook action and HTTP input
Make it possible to directly convert runtime data to JSON in Webhook action and HTTP input.
Signals: Global setting to configure a lower bound for throttling
Introduces a configurable lower bound for throttling. This can serve as a rate limiting feature for watches.
Bug fixes
sgctl: sg_action_groups.yml
Fix handling of sg_action_groups.yml
files.
Kibana: Fails to edit a user created with API call and no backend_roles
Fix Kibana when edit a user created with an API call and no backend_roles.
LDAP: connection pool min and max values are not respected
Kibana: Missing privilege for kibanaserver user on Kibana 8.6
Signals: Slack’s attachment is sent as a string instead of an array
Signals: Painless script execution fails when endpoint /_scripts/painless/_execute is used
More
- See the complete changes in the Gitlab Milestone