Skip to main content

Spectra Detect changelog

The changelog contains references to our internal ticketing system. We use the Keep a Changelog format.

v5.2

Added

  • Advanced file filters on the Manager appliance can be used to specify which files are saved after processing, and which ones aren't. The filters allow a fine level of granularity. For example, you can choose to include all files that have a certain capability, or exclude all files that are of a certain file type. Go to Administration > Filter Management to set up filters, and apply them in Central Configuration. [TIS-4875] [TIS-5323] [TIS-5354]
  • The Manager now accepts SAML-based single-sign-on. Set it up in Administration > Spectra Detect Manager > Authentication > User Directory. [TIS-2691]
  • The following API endpoints have been added to the Manager:
    • /api/v1/advanced-filter/
    • /api/v1/advanced-filter/{filter_id}/
    • /api/v1/advanced-filters/
    • /api/v1/config/ssh/
  • A test button has been added to the "Request license" dialog. [TIS-5009]

Changed

  • The documentation for the Worker, Hub and Manager is now unified and completely ported to Docusaurus. [TCHW-2104]
  • The Spectra Core static analysis engine has been updated to v5.1.1. [TIS-5415]
  • If you update your S3 authentication keys, processing services will longer be restarted. This allows more frequent credential rotation. [TIS-4664]
  • /api/v1/appliances/upload-certificate/{id}/ now accepts a Content-Disposition header.
  • /api/v1/appliances/ now contains a .results.configuration_status field which allows you to check if your changes have been applied. You can also check this in the central configuration page, where the possible messages are "Applied", "Not Applied", "Pending", "Error", and "Out of Sync". Older appliances will show a different configuration status. [TIS-4751]
    • Note that some fields are not checked and will not result in an Out of Sync message. These fields are:
      • General Configuration (Administration > Spectra Detect Manager > Dashboard Configuration):
        • Central Logging
        • Central File Storage
      • Spectra Core:
        • Password List
      • SNMP:
        • Average System Load in 1 Minute (%)
        • Spectra Detect Queue Size
        • Classifications Queue Size
      • System Time:
        • NTP Servers
      • Resource Usage Limits
  • Diagnostic packs now contain information about Connectors. [TIS-5515]
  • Reordered cluster configuration endpoints in the Manager API reference. [TIS-4288]
  • A maximum of 100 bucket mappings under S3 file/report storage is now enforced. [TIS-4537]
  • The "fast" processing mode now doesn't include cloud antivirus scans. The setting to include cloud antivirus scans has been extracted from the best/fast processing mode setting and can now be set independently in the UI (Central Configuration > Spectra Core > Use XRef) or using the API (ticore__use_xref field in several endpoints under /api/schema/redoc/#tag/Central-Configuration). [TIS-5110] [TIS-4805]

Removed

  • The possibility to configure connectors on a Spectra Analyze appliance from the Manager. This applies both to UI and API settings. [TIS-5578]
  • The sshd__sshd_control field has been removed from the /api/v1/appliances/content/{appliance_id}/save/ endpoint. The "Permit Root SSH Login" checkbox in Administration > General > SSH is now available by default. [TIS-5436]
  • Unused cronjob for log processing. [TIS-4200]

Fixed

  • No validation for connection_type and access_type when configuring AbuseBox connector via the Management API. [TIS-5467]
  • Password reset email not being sent from the Manager. [TIS-5431]
  • Input fields for secrets are not disabled after saving in Central Configuration. [TIS-5390]
  • Splunk default values disappear from the UI after removing central control. [TIS-5386]
  • SSH ciphers and key exchange algorithms not applied after configuration via Manager API. [TIS-5350]
  • Old product name present in the YARA sync API response. [TIS-5299]
  • Incorrect minimum string length under Central Configuration > String Extraction Configuration (5 instead of 4). [TIS-4898]
  • No validation for the container name in Azure Data Lake unpacked files storage. [TIS-4593]
  • Missing fields in the response from /api/v1/cluster/config/. [TIS-4587]
  • The deprecated "Processing Queue Limit" field is present in Manager UI. [TIS-4545]
  • References to /etc/tmpfiles.d during the update process. [TIS-4328]
  • Deprecated default NTP server addresses. [TIS-4248]
  • Duplicated Manager UI notifications for connectors when Hubs are in redundant mode. [TIS-3815]
  • Applying a configuration on a freshly opened Splunk configuration page (no changes) causes an error in the chunk size field. [TIS-5532]
  • SNMP errors in diagnostic packs. [TIS-5491]
  • Outdated rsyslog format on the Manager preventing syslog uploads to Splunk. [TIS-5461] [TIS-5662]
  • Performance issues related to the Deep Cloud Analysis function. [TIS-5439]
  • Configuration with IAM role can't be saved if file storage, unpacked files storage and report storage are disabled. [TIS-5270]
  • Central control can't be removed from AWS S3 settings. [TIS-5267]
  • Redis deprecation warning in logs. [TIS-4806]
  • Issues with saving connector changes. [TIS-5148]
  • Failing API requests immediately after Worker startup. [TIS-5661]
  • Errors in S3 connectivity due to AWS region mismatch. [TIS-5251]
  • Missing sample origin info in the Analytics tab. [TIS-5233]

v5.1.2

Added

  • Introduced a new Citrix ShareFile Connector in Spectra Detect Manager, enabling configuration for scanning and classifying files with advanced sorting and deletion options directly from ShareFile. [TIS-5462]
  • Endpoint on the Management API to configure the redundancy user on a connected Spectra Analyze machine: /api/v1/appliances/{id}/system/configure-reduser/. [TIS-5355]

Changed

  • If you update your S3 authentication keys, processing services will no longer be restarted. This allows more frequent credential rotation. [TIS-5530]

Fixed

  • Fixed an issue with system alert messages (rsyslog) sent via the TCP protocol not being visible in Splunk. [TIS-5542]
  • Fixed an issue with the process_duration field not being present in generated reports for certain Egress Integrations (Callback, OneDrive, ADL, NFS). [TIS-5534]
  • Fixed an issue with the connected Spectra Detect appliances memory dashboard displaying incorrect size and used values for cached and shared memory. [TIS-5507]
  • Fixed an issue with SNMP polling that resulted in EasySNMPError exceptions being logged as errors, and responses not containing the hrStorageType key. [TIS-5240] [TIS-5248]
  • Fixed a helper text on the Product Licenses page by adding a mention of Spectra Analyze. [TIS-5506]
  • YARA sync can't be applied to connected appliances if they're not in a group, or if the sync option wasn't enabled before they were added to the Manager. [TIS-5488]

v5.1.1

Added

  • The Central Configuration > Egress Integrations > Splunk configuration screen now contains the option to set the Chunk Size value. [TIS-5137]

  • TLSH hashes can now be calculated during sample processing. This option is configurable from the Central Configuration > Worker Configuration > Analysis Report tab. [TIS-5217] [TIS-5234]

  • Appliance status page of Spectra Detect Hubs belonging to a Hub group with two Hubs now contain a button to promote the Hub to a primary appliance in the redundancy cluster. If the Hub is already configured as a primary, the button will be disabled. [TIS-4189]

  • New API endpoints on the Spectra Detect Manager, removing the need for manual configuration during initial appliance setup: [TIS-5090] [TIS-5440]

    • /api/v1/appliances/{id}/system/configure-dns/
    • /api/v1/appliances/{id}/system/configure-hostname/
    • /api/v1/appliances/{id}/system/configure-static-ip/

  • Added a new process_duration field to reports, showing how long it took to process the sample. [TIS-5174] [TIS-5230]

  • The Disk High setting can be used to limit the disk space used by temporary files during transfer. Available only for the AWS S3 Connector service. [TIS-5163]

Changed

  • Spectra Core updated to version 5.0.2. [TIS-5184]
  • Updated licensing UI. [TIS-5406]

Removed

  • Removed the redundant sshd-control field from SSH configuration requests sent to Workers and Hubs using the Manager APIs.

  • Primary Hub Priority and Secondary Hub Priority fields have been removed. [TIS-4189]

Fixed

  • Memory leak caused by the Data Change service. [TIS-5417]

  • Spectra Detect Manager unable to send the password reset mail. [TIS-3001]

  • Spectra Detect Manager SMTP config incorrectly handling passwords containing the $ sign. [TIS-3002]

  • Spectra Detect Manager incorrectly displaying shared memory and cache. [TIS-4852]

  • Workers in an unhealthy state show as paused on the Manager even when unpaused. [TIS-5182]

  • Updated the rsyslog format to be compatible with newer versions of Splunk. [TIS-5196]

  • The One Drive/Sharepoint connector cannot be enabled for a Hub group. [TIS-5336]

  • Enabling the Delete Source Files option on the S3 Connector with an upload size limit also deletes files which were skipped due to being larger than the configured file size limit. [TIS-5394]

  • Fixed an issue with SSH logins on Spectra Detect Manager. [TIS-5472]

  • Configured SSH ciphers and KexAlgorithms are not applied on Workers and Hubs. [TIS-5477]

  • The sshd_control parameter cannot be disabled on Workers and Hubs using the APIs. This parameter has been removed. [TIS-5337]

  • Hubs now automatically reject files that exceed the maximum file size configured on the Spectra Intelligence account used by the Workers. [TIS-4981]

v5.1

Added

  • New API endpoints on Spectra Detect Manager: [TIS-4503]
    • /api/v1/alerting/quota-usage/
    • /api/v1/appliances/{id}/connectors/
    • /api/v1/appliances/{id}/connectors/{connector_name}/
    • /api/v1/appliances/{id}/connectors/{connector_name}/v1/config/
    • /api/v1/appliances/{id}/connectors/{connector_name}/v1/test-connection/
    • /api/v1/appliances/{id}/system/user-info/
    • /api/v1/appliances/{id}/system/users/
    • /api/v1/appliances/{id}/system/users/{username}/password/
    • /api/v1/appliances/{id}/yara/start-resync/
    • /api/v1/appliances/{id}/yara/start-sync/
    • /api/v1/appliances/{id}/yara/sync-status/
    • /api/v1/appliances/password-rotation/{id}/
    • /api/v1/appliances/yara/sync-status/list/
    • /api/v1/retro-hunt/s3/
    • /api/v1/retro-hunt/s3/{hub_group}/
    • /api/v1/retro-hunt/s3/{retro_hunt_id}/
    • /api/v1/retro-hunt/s3/{retro_hunt_id}/action/
    • /api/v1/retro-hunt/s3/buckets/
    • /api/v1/system/config/nginx/
    • /api/v1/system/config/sshd/
    • /api/v1/system/config/user-info/
    • /api/v1/system/config/users
  • Support for S3 buckets that are used only in YARA scans. These buckets are scanned only when a new YARA rule is published (and synchronized), or manually from the Spectra Analyze YARA page. [TIS-4555]
  • Email alerts for Spectra Intelligence quota usage. You can be alerted if you're over some threshold (for example, over 75% of your total quota), and when the quota has been reached. [TIS-4074]
  • Classification change alerts. This new functionality monitors files previously analyzed by Spectra Detect. If their classification changes at some later point, this change is shown on the new Alerts page. [TIS-4755]

Changed

  • Products have changed their names: [TIS-4999]
    • TitaniumScale is now called Spectra Detect. Hubs are still Hubs, Workers are still Workers.
    • The C1000 is now Spectra Detect Manager.
    • The A1000 is now Spectra Analyze.
    • TitaniumCloud is now Spectra Intelligence.

Removed

  • API endpoints (Manager):
    • /api/v1/config/ssh/ (replaced with /api/v1/system/config/sshd/)

Fixed

  • Network data sent using the custom_data field is not visible in a Splunk report when using the new Splunk integration and the splunk-mod-v1 view. [TIS-5005]
  • You can access /api/tiscale/v1/task without an authorization token if only the /api/tiscale token has been set. This is fixed, and if only the /api/tiscale token has been set, you must provide it when accessing /api/tiscale/v1/task. [TIS-4746]
  • User and token creation popups don't contain links but raw HTML content. [TIS-4374] [TIS-4254]
  • Manager dashboard displays backup Hub as primary. If you delete a redundant Hub group, wait for at least 10 minutes before recreating the group, otherwise this problem might persist. [TIS-4338]
  • Missing unit of time for global connector configuration in Hub groups. [TIS-3098]
  • Typos and outdated information in the Manager interface. [TIS-3060] [TIS-2324]