Spectra Detect changelog
The changelog contains references to our internal ticketing system. We use the Keep a Changelog format.
v5.1.2
Added
- Introduced a new Citrix ShareFile Connector in Spectra Detect Manager, enabling configuration for scanning and classifying files with advanced sorting and deletion options directly from ShareFile. [TIS-5462]
Changed
- If you update your S3 authentication keys, processing services will no longer be restarted. This allows more frequent credential rotation. [TIS-5530]
Fixed
- Fixed an issue with system alert messages (
rsyslog
) sent via the TCP protocol not being visible in Splunk. [TIS-5542] - Fixed an issue with the
process_duration
field not being present in generated reports for certain Egress Integrations (Callback, OneDrive, ADL, NFS). [TIS-5534] - Fixed an issue with the connected Spectra Detect appliances memory dashboard displaying incorrect size and used values for cached and shared memory. [TIS-5507]
- Fixed an issue with SNMP polling that resulted in
EasySNMPError
exceptions being logged as errors, and responses not containing thehrStorageType
key. [TIS-5240] [TIS-5248] - Fixed a helper text on the Product Licenses page by adding a mention of Spectra Analyze. [TIS-5506]
- YARA sync can't be applied to connected appliances if they're not in a group, or if the sync option wasn't enabled before they were added to the Manager. [TIS-5488]
v5.1.1
Added
-
The
Central Configuration > Egress Integrations > Splunk
configuration screen now contains the option to set theChunk Size
value. [TIS-5137] -
TLSH hashes can now be calculated during sample processing. This option is configurable from the
Central Configuration > Worker Configuration > Analysis Report
tab. [TIS-5217] -
Appliance status page of Spectra Detect Hubs belonging to a Hub group with two Hubs now contain a button to promote the Hub to a primary appliance in the redundancy cluster. If the Hub is already configured as a primary, the button will be disabled. [TIS-4189]
-
New API endpoints on the Spectra Detect Manager, removing the need for manual configuration during initial appliance setup:
/api/v1/appliances/{id}/system/configure-dns/
/api/v1/appliances/{id}/system/configure-hostname/
/api/v1/appliances/{id}/system/configure-static-ip/
-
Added a new
process_duration
field to reports, showing how long it took to process the sample. [TIS-5174] -
The
Disk High
setting can be used to limit the disk space used by temporary files during transfer. Available only for the AWS S3 Connector service. [TIS-5163]
Changed
- Spectra Core updated to version 5.0.2. [TIS-5184]
Removed
-
Removed the redundant
sshd-control
field from SSH configuration requests sent to Workers and Hubs using the Manager APIs. -
Primary Hub Priority and Secondary Hub Priority fields have been removed. [TIS-4189]
Fixed
-
Memory leak caused by the Data Change service. [TIS-5417]
-
Spectra Detect Manager unable to send the password reset mail. [TIS-3001]
-
Spectra Detect Manager SMTP config incorrectly handling passwords containing the
$
sign. [TIS-3002] -
Spectra Detect Manager incorrectly displaying shared memory and cache. [TIS-4852]
-
Workers in an unhealthy state show as paused on the Manager even when unpaused. [TIS-5182]
-
Updated the
rsyslog
format to be compatible with newer versions of Splunk. [TIS-5196] -
The One Drive/Sharepoint connector cannot be enabled for a Hub group. [TIS-5336]
-
Enabling the Delete Source Files option on the S3 Connector with an upload size limit also deletes files which were skipped due to being larger than the configured file size limit. [TIS-5394]
-
Fixed an issue with SSH logins on Spectra Detect Manager. [TIS-5472]
-
Configured SSH ciphers and KexAlgorithms are not applied on Workers and Hubs. [TIS-5477]
-
The
sshd_control
parameter cannot be disabled on Workers and Hubs using the APIs. This parameter has been removed. [TIS-5337] -
Hubs now automatically reject files that exceed the maximum file size configured on the Spectra Intelligence account used by the Workers. [TIS-4981]
v5.1
Added
- New API endpoints on Spectra Detect Manager: [TIS-4503]
/api/v1/alerting/quota-usage/
/api/v1/appliances/{id}/connectors/
/api/v1/appliances/{id}/connectors/{connector_name}/
/api/v1/appliances/{id}/connectors/{connector_name}/v1/config/
/api/v1/appliances/{id}/connectors/{connector_name}/v1/test-connection/
/api/v1/appliances/{id}/system/user-info/
/api/v1/appliances/{id}/system/users/
/api/v1/appliances/{id}/system/users/{username}/password/
/api/v1/appliances/{id}/yara/start-resync/
/api/v1/appliances/{id}/yara/start-sync/
/api/v1/appliances/{id}/yara/sync-status/
/api/v1/appliances/password-rotation/{id}/
/api/v1/appliances/yara/sync-status/list/
/api/v1/retro-hunt/s3/
/api/v1/retro-hunt/s3/{hub_group}/
/api/v1/retro-hunt/s3/{retro_hunt_id}/
/api/v1/retro-hunt/s3/{retro_hunt_id}/action/
/api/v1/retro-hunt/s3/buckets/
/api/v1/system/config/nginx/
/api/v1/system/config/sshd/
/api/v1/system/config/user-info/
/api/v1/system/config/users
- Support for S3 buckets that are used only in YARA scans. These buckets are scanned only when a new YARA rule is published (and synchronized), or manually from the Spectra Analyze YARA page. [TIS-4555]
- Email alerts for Spectra Intelligence quota usage. You can be alerted if you're over some threshold (for example, over 75% of your total quota), and when the quota has been reached. [TIS-4074]
- Classification change alerts. This new functionality monitors files previously analyzed by Spectra Detect. If their classification changes at some later point, this change is shown on the new Alerts page. [TIS-4755]
Changed
- Products have changed their names: [TIS-4999]
- TitaniumScale is now called Spectra Detect. Hubs are still Hubs, Workers are still Workers.
- The C1000 is now Spectra Detect Manager.
- The A1000 is now Spectra Analyze.
- TitaniumCloud is now Spectra Intelligence.
Removed
- API endpoints (Manager):
/api/v1/config/ssh/
(replaced with/api/v1/system/config/sshd/
)
Fixed
- Network data sent using the
custom_data
field is not visible in a Splunk report when using the new Splunk integration and thesplunk-mod-v1
view. [TIS-5005] - You can access
/api/tiscale/v1/task
without an authorization token if only the/api/tiscale
token has been set. This is fixed, and if only the/api/tiscale
token has been set, you must provide it when accessing/api/tiscale/v1/task
. [TIS-4746] - User and token creation popups don't contain links but raw HTML content. [TIS-4374] [TIS-4254]
- Manager dashboard displays backup Hub as primary. If you delete a redundant Hub group, wait for at least 10 minutes before recreating the group, otherwise this problem might persist. [TIS-4338]
- Missing unit of time for global connector configuration in Hub groups. [TIS-3098]
- Typos and outdated information in the Manager interface. [TIS-3060] [TIS-2324]