Skip to main content

Spectra Detect changelog

The changelog contains references to our internal ticketing system. We use the Keep a Changelog format.

v5.3

January 2025

Added

  • Users can now upload report types and assign them to specific integrations using the Spectra Detect Manager interface. This configuration field can be found in the Egress Integrations section, under Report Storage|Callback|Splunk > Report Type. [TIS-5522]
  • When pivoting to Spectra Analyze using links, Spectra Detect Manager now automatically adds the 'spectra_detect' tag to samples. [TIS-5945]
  • The Network File Share connector configuration now allows users to configure the interval at which unknown samples will be rescanned, if Automatic File Sorting is enabled. [TIS-5918] [TIS-5818]
  • Spectra Detect Manager now supports searching for samples by their SHA256 hash. [TIS-5770] [TIS-5769]
  • Added .bin validation when uploading appliance update files using APIs. [TIS-5768]
  • The Spectra Detect Manager Help menu now contains a link to the product documentation. [TIS-5685]
  • When uploading password-protected archives for analysis, users can provide a password_list to user_data in their request to allow the appliance to unpack and process the archive. [TIS-4790]
  • Added a new /api/tiscale/v1/support endpoint to Spectra Detect Hubs, allowing the download of support logs. [TIS-5659]
  • You can now download logs of all appliances connected to Spectra Detect Manager, whatever their type (Dashboard -> select appliance -> Actions -> Download Logs). [TIS-2790]
  • Spectra Analyze appliances can now be configured as a redundancy cluster using Spectra Detect APIs. [TIS-5521]
  • The Citrix ShareFile connector can now be configured over the API. API routes starting with /api/v1/appliances/{id}/connectors/ now support share-file as a connector value. [TIS-5647]
  • The following API endpoints have been added to Spectra Detect Manager since v5.2.1:
    • /api/cluster/initiate-redundancy-setup/{appliance_id}/
    • /api/cluster/save-redundancy-config/{appliance_id}/
    • /api/cluster/status-redundancy-config/{appliance_id}/
    • /api/v1/report-type/
    • /api/v1/report-types/
    • /api/v1/system/support/

Changed

  • Improved appliance update and advanced filter management workflows by adding navigational buttons and rearranging/redesigning UI elements. [TIS-5696] [TIS-5689]
  • Central Configuration page now remembers the last selected appliance group. Saving changes no longer redirects back to the Appliances page. [TIS-5684]
  • Workers configured to process large files receive additional configurations related to cleaning up old tasks. [TIS-5680]
  • Delete Source Files is now enabled by default when file sorting is enabled for the Citrix FileShare connector. [TIS-5608]

Removed

  • Removed mentions of tiscale from Hub and Worker logs to respect the recent product rebranding. [TIS-5798]
  • Removed Python libraries deprecated by porting some services to Go. [TIS-5389]
  • Spectra Analyze configuration has been removed from the Spectra Detect Manager UI, simplifying the interface while preserving full control through expanded APIs, supporting complete automation of appliance redeployment. [TIS-3737]

Fixed

  • The Spectra Detect Worker update process experienced intermittent issues where updates failed to start, were delayed, or did not complete as expected, but improvements have been made to ensure a more robust update experience. [TIS-5747]
  • Process Duration column in the YARA Retro Hunt List reports the wrong value if the retro hunt was performed on an empty bucket or folder. [TIS-6024]
  • Clearing the retro hunt list on the Spectra Detect Hub while there is a retro hunt active on the connected Analyze appliance leaves the hunt stuck in Active state. [TIS-5800]
  • Inconsistent behavior of appliance update buttons on the Appliance Management page. [TIS-5947]
  • Improved exit code handling for ts-worker process. [TIS-5824]
  • YARA Retro Hunt can't be started using Spectra Detect Manager APIs. [TIS-5799]
  • Spectra Detect Manager login warning notifications use the old Spectra Intelligence product name. [TIS-5774]
  • Too many failed login attempts put the appliance in degraded state which prevents legitimate users from logging into the Spectra Detect Manager. [TIS-5772]
  • When configuring SAML, the form displays a warning in case of errors, but doesn't indicate which fields need to be addressed. [TIS-5767]
  • When configuring the S3 egress integration, the File Storage and Report Storage tabs display a warning in case of errors, but don't indicate which fields need to be addressed. [TIS-5767]
  • Connecting a T1000 appliance to the Spectra Detect Manager without a proxy configuration results in samples getting stuck during processing. [TIS-5759]
  • Advanced File Filters may not filter files by date correctly, depending on the date format used in the file report. [TIS-5758]
  • Spectra Core password list in Central Configuration now supports non-ASCII characters. [TIS-5738]
  • rsyslog not respecting rate limits. [TIS-5662]
  • Spectra Detect Manager fails to close stuck/idle PostgreSQL connections. [TIS-5639]
  • Deleting YARA rulesets directly on a connected Spectra Analyze appliances results in Out Of Sync status. [TIS-5626]
  • The process_duration report field format is inconsistent across different egress reports. [TIS-5610]
  • Validation issue in the Spectra Detect Manager UI blocked users from specifying folder names containing forward slashes ("/"). [TIS-5603]
  • When configuring Spectra Detect Managers into a redundancy cluster, the entered values are sometimes lost when the user provides the wrong credentials. [TIS-5391]
  • YARA tables on Spectra Detect Manager are misaligned when ruleset names are too long. [TIS-5294]
  • Regular users able to access administration pages by providing a direct URL. [TIS-4375]
  • Minor logging issues related to licensing. [TIS-4326]
  • Test connection messages sometimes appear out of screen bounds. [TIS-3823]
  • Not all records are synchronized to the secondary Spectra Detect Manager in a redundancy cluster. [TIS-3783]
  • When the "Malicious Only" report view is configured for the Azure Data Lake integration, the report still contains sub-reports for non-malicious child files. [TIS-6131]
  • Layout error on the processing timeline chart. [TIS-6101]
  • The Manager cannot apply an AWS configuration to the Worker if "SSL Verify" is selected. [TIS-6085]
  • Spectra Detect Manager cannot configure an S3 bucket folder on a connected Spectra Analyze using the Management API (even though this is possible through the GUI). [TIS-6005]
  • If a Worker older than v4.0.1 is marked as a "large file" Worker, it cannot receive subsequent configuration changes from the Manager even after an upgrade. [TIS-6001]
  • UI elements overflow on the configuration group page. [TIS-2937]
  • No descriptive error messages in case of validation errors when setting up S3 buckets. [TIS-5762]
  • Spectra Detect Manager doesn't succeed in the initial fetch of antivirus data from Spectra Intelligence (Deep Cloud Analysis functionality). [TIS-6071]
  • Handling and presentation of errors in case of a configuration mismatch between the Manager and connected appliances. [TIS-5756]

v5.2.3

  • Version bump for Spectra Detect Worker and Hub only. No new functionalities introduced.

v5.2.2

Fixed

  • Inconsistent behavior of appliance update buttons on the Appliance Management page. [TIS-5947]
  • Spectra Detect Manager cannot configure an S3 bucket folder on a connected Spectra Analyze using the Management API (even though this is possible through the GUI). [TIS-6005]
  • If a Worker older than v4.0.1 is marked as a "large file" Worker, it cannot receive subsequent configuration changes from the Manager even after an upgrade. [TIS-6001]
  • Root login cannot be enabled from a v5.2 Manager on older versions of Spectra Detect Hub (<v5.2). This is now fixed with a Manager-only upgrade (i.e. Manager is backwards-compatible). [TIS-5961]
  • If root login has been enabled for a Hub group (compatible appliance versions), after upgrading the Manager, root login can no longer be disabled. This is now fixed, but after upgrading both the Manager and connected appliances, reapply the same configuration (root login disabled). [TIS-5986]

v5.2.1

October 2024

Added

  • Spectra Detect Worker now includes a new endpoint (api/tiscale/v1/submit-url) that enables you to upload files for processing directly from a URL. [TIS-5113]

  • Introduced metadata-based options in the Spectra Detection Egress integration and AWS S3 connector, enabling users to store analysis metadata in S3 objects, and select samples for fetching and processing based on metadata criteria (classification and threat name). [TIS-5159]

Changed

  • Spectra Core updated to version 5.2.1. [TIS-5866]

Fixed

  • The Spectra Detect Worker update process experienced intermittent issues where updates failed to start, were delayed, or did not complete as expected, but improvements have been made to ensure a more robust update experience. [TIS-5747]
  • The process_duration report field format is inconsistent across different egress reports. [TIS-5610]
  • Deleting YARA rulesets directly on a connected Spectra Analyze appliances results in Out Of Sync status. [TIS-5626]
  • Multiple typos in the Spectra Detect Manager interface. [TIS-5749, TIS-5755]
  • Advanced File Filters may not filter files by date correctly, depending on the date format used in the file report. [TIS-5758]
  • Too many failed login attempts put the appliance in degraded state which prevents legitimate users from logging into the Spectra Detect Manager. [TIS-5772]
  • Modified the Spectra Detect Manager to populate and re-apply mismatched configuration fields to Workers after a feature is disabled, without requiring the feature to be re-enabled. [TIS-5804]
  • Validation issue in the Spectra Detect Manager UI that blocked users from specifying folder names containing forward slashes ("/"). [TIS-5603]
  • Issue where Remote Storage Retro Hunt would get stuck in a "Running" state when file processing failed under certain configurations, including specific Hub groups and S3 Egress setups. [TIS-5810]

v5.2

Added

  • Advanced file filters on the Manager appliance can be used to specify which files are saved after processing, and which ones aren't. The filters allow a fine level of granularity. For example, you can choose to include all files that have a certain capability, or exclude all files that are of a certain file type. Go to Administration > Filter Management to set up filters, and apply them in Central Configuration. [TIS-4875] [TIS-5323] [TIS-5354]
  • The Manager now accepts SAML-based single-sign-on. Set it up in Administration > Spectra Detect Manager > Authentication > User Directory. [TIS-2691]
  • The following API endpoints have been added to the Manager:
    • /api/v1/advanced-filter/
    • /api/v1/advanced-filter/{filter_id}/
    • /api/v1/advanced-filters/
    • /api/v1/config/ssh/
  • A test button has been added to the "Request license" dialog. [TIS-5009]

Changed

  • The documentation for the Worker, Hub and Manager is now unified and completely ported to Docusaurus. [TCHW-2104]
  • The Spectra Core static analysis engine has been updated to v5.1.1. [TIS-5415]
  • If you update your S3 authentication keys, processing services will longer be restarted. This allows more frequent credential rotation. [TIS-4664]
  • /api/v1/appliances/upload-certificate/{id}/ now accepts a Content-Disposition header.
  • /api/v1/appliances/ now contains a .results.configuration_status field which allows you to check if your changes have been applied. You can also check this in the central configuration page, where the possible messages are "Applied", "Not Applied", "Pending", "Error", and "Out of Sync". Older appliances will show a different configuration status. [TIS-4751]
    • Note that some fields are not checked and will not result in an Out of Sync message. These fields are:
      • General Configuration (Administration > Spectra Detect Manager > Dashboard Configuration):
        • Central Logging
        • Central File Storage
      • Spectra Core:
        • Password List
      • SNMP:
        • Average System Load in 1 Minute (%)
        • Spectra Detect Queue Size
        • Classifications Queue Size
      • System Time:
        • NTP Servers
      • Resource Usage Limits
  • Diagnostic packs now contain information about Connectors. [TIS-5515]
  • Reordered cluster configuration endpoints in the Manager API reference. [TIS-4288]
  • A maximum of 100 bucket mappings under S3 file/report storage is now enforced. [TIS-4537]
  • The "fast" processing mode now doesn't include cloud antivirus scans. The setting to include cloud antivirus scans has been extracted from the best/fast processing mode setting and can now be set independently in the UI (Central Configuration > Spectra Core > Use XRef) or using the API (ticore__use_xref field in several endpoints under /api/schema/redoc/#tag/Central-Configuration). [TIS-5110] [TIS-4805]

Removed

  • The possibility to configure connectors on a Spectra Analyze appliance from the Manager. This applies both to UI and API settings. [TIS-5578]
  • The sshd__sshd_control field has been removed from the /api/v1/appliances/content/{appliance_id}/save/ endpoint. The "Permit Root SSH Login" checkbox in Administration > General > SSH is now available by default. [TIS-5436]
  • Unused cronjob for log processing. [TIS-4200]

Fixed

  • No validation for connection_type and access_type when configuring AbuseBox connector via the Management API. [TIS-5467]
  • Password reset email not being sent from the Manager. [TIS-5431]
  • Input fields for secrets are not disabled after saving in Central Configuration. [TIS-5390]
  • Splunk default values disappear from the UI after removing central control. [TIS-5386]
  • SSH ciphers and key exchange algorithms not applied after configuration via Manager API. [TIS-5350]
  • Old product name present in the YARA sync API response. [TIS-5299]
  • Incorrect minimum string length under Central Configuration > String Extraction Configuration (5 instead of 4). [TIS-4898]
  • No validation for the container name in Azure Data Lake unpacked files storage. [TIS-4593]
  • Missing fields in the response from /api/v1/cluster/config/. [TIS-4587]
  • The deprecated "Processing Queue Limit" field is present in Manager UI. [TIS-4545]
  • References to /etc/tmpfiles.d during the update process. [TIS-4328]
  • Deprecated default NTP server addresses. [TIS-4248]
  • Duplicated Manager UI notifications for connectors when Hubs are in redundant mode. [TIS-3815]
  • Applying a configuration on a freshly opened Splunk configuration page (no changes) causes an error in the chunk size field. [TIS-5532]
  • SNMP errors in diagnostic packs. [TIS-5491]
  • Outdated rsyslog format on the Manager preventing syslog uploads to Splunk. [TIS-5461] [TIS-5662]
  • Performance issues related to the Deep Cloud Analysis function. [TIS-5439]
  • Configuration with IAM role can't be saved if file storage, unpacked files storage and report storage are disabled. [TIS-5270]
  • Central control can't be removed from AWS S3 settings. [TIS-5267]
  • Redis deprecation warning in logs. [TIS-4806]
  • Issues with saving connector changes. [TIS-5148]
  • Failing API requests immediately after Worker startup. [TIS-5661]
  • Errors in S3 connectivity due to AWS region mismatch. [TIS-5251]
  • Missing sample origin info in the Analytics tab. [TIS-5233]

v5.1.4

  • Version bump for Spectra Detect Worker and Hub only. No new functionalities introduced.

v5.1.3

Fixed

  • The Spectra Detect Worker update process experienced intermittent issues where updates failed to start, were delayed, or did not complete as expected, but improvements have been made to ensure a more robust update experience. [TIS-5747]

v5.1.2

Added

  • Introduced a new Citrix ShareFile Connector in Spectra Detect Manager, enabling configuration for scanning and classifying files with advanced sorting and deletion options directly from ShareFile. [TIS-5462]
  • Endpoint on the Management API to configure the redundancy user on a connected Spectra Analyze machine: /api/v1/appliances/{id}/system/configure-reduser/. [TIS-5355]

Changed

  • If you update your S3 authentication keys, processing services will no longer be restarted. This allows more frequent credential rotation. [TIS-5530]

Fixed

  • Fixed an issue with system alert messages (rsyslog) sent via the TCP protocol not being visible in Splunk. [TIS-5542]
  • Fixed an issue with the process_duration field not being present in generated reports for certain Egress Integrations (Callback, OneDrive, ADL, NFS). [TIS-5534]
  • Fixed an issue with the connected Spectra Detect appliances memory dashboard displaying incorrect size and used values for cached and shared memory. [TIS-5507]
  • Fixed an issue with SNMP polling that resulted in EasySNMPError exceptions being logged as errors, and responses not containing the hrStorageType key. [TIS-5240] [TIS-5248]
  • Fixed a helper text on the Product Licenses page by adding a mention of Spectra Analyze. [TIS-5506]
  • YARA sync can't be applied to connected appliances if they're not in a group, or if the sync option wasn't enabled before they were added to the Manager. [TIS-5488]

v5.1.1

Added

  • The Central Configuration > Egress Integrations > Splunk configuration screen now contains the option to set the Chunk Size value. [TIS-5137]

  • TLSH hashes can now be calculated during sample processing. This option is configurable from the Central Configuration > Worker Configuration > Analysis Report tab. [TIS-5217] [TIS-5234]

  • Appliance status page of Spectra Detect Hubs belonging to a Hub group with two Hubs now contain a button to promote the Hub to a primary appliance in the redundancy cluster. If the Hub is already configured as a primary, the button will be disabled. [TIS-4189]

  • New API endpoints on the Spectra Detect Manager, removing the need for manual configuration during initial appliance setup: [TIS-5090] [TIS-5440]

    • /api/v1/appliances/{id}/system/configure-dns/
    • /api/v1/appliances/{id}/system/configure-hostname/
    • /api/v1/appliances/{id}/system/configure-static-ip/

  • Added a new process_duration field to reports, showing how long it took to process the sample. [TIS-5174] [TIS-5230]

  • The Disk High setting can be used to limit the disk space used by temporary files during transfer. Available only for the AWS S3 Connector service. [TIS-5163]

Changed

  • Spectra Core updated to version 5.0.2. [TIS-5184]
  • Updated licensing UI. [TIS-5406]

Removed

  • Removed the redundant sshd-control field from SSH configuration requests sent to Workers and Hubs using the Manager APIs.

  • Primary Hub Priority and Secondary Hub Priority fields have been removed. [TIS-4189]

Fixed

  • Memory leak caused by the Data Change service. [TIS-5417]

  • Spectra Detect Manager unable to send the password reset mail. [TIS-3001]

  • Spectra Detect Manager SMTP config incorrectly handling passwords containing the $ sign. [TIS-3002]

  • Spectra Detect Manager incorrectly displaying shared memory and cache. [TIS-4852]

  • Workers in an unhealthy state show as paused on the Manager even when unpaused. [TIS-5182]

  • Updated the rsyslog format to be compatible with newer versions of Splunk. [TIS-5196]

  • The One Drive/Sharepoint connector cannot be enabled for a Hub group. [TIS-5336]

  • Enabling the Delete Source Files option on the S3 Connector with an upload size limit also deletes files which were skipped due to being larger than the configured file size limit. [TIS-5394]

  • Fixed an issue with SSH logins on Spectra Detect Manager. [TIS-5472]

  • Configured SSH ciphers and KexAlgorithms are not applied on Workers and Hubs. [TIS-5477]

  • The sshd_control parameter cannot be disabled on Workers and Hubs using the APIs. This parameter has been removed. [TIS-5337]

  • Hubs now automatically reject files that exceed the maximum file size configured on the Spectra Intelligence account used by the Workers. [TIS-4981]

v5.1

Added

  • New API endpoints on Spectra Detect Manager: [TIS-4503]
    • /api/v1/alerting/quota-usage/
    • /api/v1/appliances/{id}/connectors/
    • /api/v1/appliances/{id}/connectors/{connector_name}/
    • /api/v1/appliances/{id}/connectors/{connector_name}/v1/config/
    • /api/v1/appliances/{id}/connectors/{connector_name}/v1/test-connection/
    • /api/v1/appliances/{id}/system/user-info/
    • /api/v1/appliances/{id}/system/users/
    • /api/v1/appliances/{id}/system/users/{username}/password/
    • /api/v1/appliances/{id}/yara/start-resync/
    • /api/v1/appliances/{id}/yara/start-sync/
    • /api/v1/appliances/{id}/yara/sync-status/
    • /api/v1/appliances/password-rotation/{id}/
    • /api/v1/appliances/yara/sync-status/list/
    • /api/v1/retro-hunt/s3/
    • /api/v1/retro-hunt/s3/{hub_group}/
    • /api/v1/retro-hunt/s3/{retro_hunt_id}/
    • /api/v1/retro-hunt/s3/{retro_hunt_id}/action/
    • /api/v1/retro-hunt/s3/buckets/
    • /api/v1/system/config/nginx/
    • /api/v1/system/config/sshd/
    • /api/v1/system/config/user-info/
    • /api/v1/system/config/users
  • Support for S3 buckets that are used only in YARA scans. These buckets are scanned only when a new YARA rule is published (and synchronized), or manually from the Spectra Analyze YARA page. [TIS-4555]
  • Email alerts for Spectra Intelligence quota usage. You can be alerted if you're over some threshold (for example, over 75% of your total quota), and when the quota has been reached. [TIS-4074]
  • Classification change alerts. This new functionality monitors files previously analyzed by Spectra Detect. If their classification changes at some later point, this change is shown on the new Alerts page. [TIS-4755]

Changed

  • Products have changed their names: [TIS-4999]
    • TitaniumScale is now called Spectra Detect. Hubs are still Hubs, Workers are still Workers.
    • The C1000 is now Spectra Detect Manager.
    • The A1000 is now Spectra Analyze.
    • TitaniumCloud is now Spectra Intelligence.

Removed

  • API endpoints (Manager):
    • /api/v1/config/ssh/ (replaced with /api/v1/system/config/sshd/)

Fixed

  • Network data sent using the custom_data field is not visible in a Splunk report when using the new Splunk integration and the splunk-mod-v1 view. [TIS-5005]
  • You can access /api/tiscale/v1/task without an authorization token if only the /api/tiscale token has been set. This is fixed, and if only the /api/tiscale token has been set, you must provide it when accessing /api/tiscale/v1/task. [TIS-4746]
  • User and token creation popups don't contain links but raw HTML content. [TIS-4374] [TIS-4254]
  • Manager dashboard displays backup Hub as primary. If you delete a redundant Hub group, wait for at least 10 minutes before recreating the group, otherwise this problem might persist. [TIS-4338]
  • Missing unit of time for global connector configuration in Hub groups. [TIS-3098]
  • Typos and outdated information in the Manager interface. [TIS-3060] [TIS-2324]

v5.0.4

  • Version bump for Spectra Detect Worker and Hub only. No new functionalities introduced.

v5.0.3

Fixed

  • The Spectra Detect Worker update process experienced intermittent issues where updates failed to start, were delayed, or did not complete as expected, but improvements have been made to ensure a more robust update experience. [TIS-5747]