Skip to main content

Spectra Detect changelog

The changelog contains references to our internal ticketing system. We use the Keep a Changelog format.

v5.1.2

Added

  • Introduced a new Citrix ShareFile Connector in Spectra Detect Manager, enabling configuration for scanning and classifying files with advanced sorting and deletion options directly from ShareFile. [TIS-5462]

Changed

  • If you update your S3 authentication keys, processing services will no longer be restarted. This allows more frequent credential rotation. [TIS-5530]

Fixed

  • Fixed an issue with system alert messages (rsyslog) sent via the TCP protocol not being visible in Splunk. [TIS-5542]
  • Fixed an issue with the process_duration field not being present in generated reports for certain Egress Integrations (Callback, OneDrive, ADL, NFS). [TIS-5534]
  • Fixed an issue with the connected Spectra Detect appliances memory dashboard displaying incorrect size and used values for cached and shared memory. [TIS-5507]
  • Fixed an issue with SNMP polling that resulted in EasySNMPError exceptions being logged as errors, and responses not containing the hrStorageType key. [TIS-5240] [TIS-5248]
  • Fixed a helper text on the Product Licenses page by adding a mention of Spectra Analyze. [TIS-5506]
  • YARA sync can't be applied to connected appliances if they're not in a group, or if the sync option wasn't enabled before they were added to the Manager. [TIS-5488]

v5.1.1

Added

  • The Central Configuration > Egress Integrations > Splunk configuration screen now contains the option to set the Chunk Size value. [TIS-5137]

  • TLSH hashes can now be calculated during sample processing. This option is configurable from the Central Configuration > Worker Configuration > Analysis Report tab. [TIS-5217]

  • Appliance status page of Spectra Detect Hubs belonging to a Hub group with two Hubs now contain a button to promote the Hub to a primary appliance in the redundancy cluster. If the Hub is already configured as a primary, the button will be disabled. [TIS-4189]

  • New API endpoints on the Spectra Detect Manager, removing the need for manual configuration during initial appliance setup:

    • /api/v1/appliances/{id}/system/configure-dns/
    • /api/v1/appliances/{id}/system/configure-hostname/
    • /api/v1/appliances/{id}/system/configure-static-ip/
  • Added a new process_duration field to reports, showing how long it took to process the sample. [TIS-5174]

  • The Disk High setting can be used to limit the disk space used by temporary files during transfer. Available only for the AWS S3 Connector service. [TIS-5163]

Changed

  • Spectra Core updated to version 5.0.2. [TIS-5184]

Removed

  • Removed the redundant sshd-control field from SSH configuration requests sent to Workers and Hubs using the Manager APIs.

  • Primary Hub Priority and Secondary Hub Priority fields have been removed. [TIS-4189]

Fixed

  • Memory leak caused by the Data Change service. [TIS-5417]

  • Spectra Detect Manager unable to send the password reset mail. [TIS-3001]

  • Spectra Detect Manager SMTP config incorrectly handling passwords containing the $ sign. [TIS-3002]

  • Spectra Detect Manager incorrectly displaying shared memory and cache. [TIS-4852]

  • Workers in an unhealthy state show as paused on the Manager even when unpaused. [TIS-5182]

  • Updated the rsyslog format to be compatible with newer versions of Splunk. [TIS-5196]

  • The One Drive/Sharepoint connector cannot be enabled for a Hub group. [TIS-5336]

  • Enabling the Delete Source Files option on the S3 Connector with an upload size limit also deletes files which were skipped due to being larger than the configured file size limit. [TIS-5394]

  • Fixed an issue with SSH logins on Spectra Detect Manager. [TIS-5472]

  • Configured SSH ciphers and KexAlgorithms are not applied on Workers and Hubs. [TIS-5477]

  • The sshd_control parameter cannot be disabled on Workers and Hubs using the APIs. This parameter has been removed. [TIS-5337]

  • Hubs now automatically reject files that exceed the maximum file size configured on the Spectra Intelligence account used by the Workers. [TIS-4981]

v5.1

Added

  • New API endpoints on Spectra Detect Manager: [TIS-4503]
    • /api/v1/alerting/quota-usage/
    • /api/v1/appliances/{id}/connectors/
    • /api/v1/appliances/{id}/connectors/{connector_name}/
    • /api/v1/appliances/{id}/connectors/{connector_name}/v1/config/
    • /api/v1/appliances/{id}/connectors/{connector_name}/v1/test-connection/
    • /api/v1/appliances/{id}/system/user-info/
    • /api/v1/appliances/{id}/system/users/
    • /api/v1/appliances/{id}/system/users/{username}/password/
    • /api/v1/appliances/{id}/yara/start-resync/
    • /api/v1/appliances/{id}/yara/start-sync/
    • /api/v1/appliances/{id}/yara/sync-status/
    • /api/v1/appliances/password-rotation/{id}/
    • /api/v1/appliances/yara/sync-status/list/
    • /api/v1/retro-hunt/s3/
    • /api/v1/retro-hunt/s3/{hub_group}/
    • /api/v1/retro-hunt/s3/{retro_hunt_id}/
    • /api/v1/retro-hunt/s3/{retro_hunt_id}/action/
    • /api/v1/retro-hunt/s3/buckets/
    • /api/v1/system/config/nginx/
    • /api/v1/system/config/sshd/
    • /api/v1/system/config/user-info/
    • /api/v1/system/config/users
  • Support for S3 buckets that are used only in YARA scans. These buckets are scanned only when a new YARA rule is published (and synchronized), or manually from the Spectra Analyze YARA page. [TIS-4555]
  • Email alerts for Spectra Intelligence quota usage. You can be alerted if you're over some threshold (for example, over 75% of your total quota), and when the quota has been reached. [TIS-4074]
  • Classification change alerts. This new functionality monitors files previously analyzed by Spectra Detect. If their classification changes at some later point, this change is shown on the new Alerts page. [TIS-4755]

Changed

  • Products have changed their names: [TIS-4999]
    • TitaniumScale is now called Spectra Detect. Hubs are still Hubs, Workers are still Workers.
    • The C1000 is now Spectra Detect Manager.
    • The A1000 is now Spectra Analyze.
    • TitaniumCloud is now Spectra Intelligence.

Removed

  • API endpoints (Manager):
    • /api/v1/config/ssh/ (replaced with /api/v1/system/config/sshd/)

Fixed

  • Network data sent using the custom_data field is not visible in a Splunk report when using the new Splunk integration and the splunk-mod-v1 view. [TIS-5005]
  • You can access /api/tiscale/v1/task without an authorization token if only the /api/tiscale token has been set. This is fixed, and if only the /api/tiscale token has been set, you must provide it when accessing /api/tiscale/v1/task. [TIS-4746]
  • User and token creation popups don't contain links but raw HTML content. [TIS-4374] [TIS-4254]
  • Manager dashboard displays backup Hub as primary. If you delete a redundant Hub group, wait for at least 10 minutes before recreating the group, otherwise this problem might persist. [TIS-4338]
  • Missing unit of time for global connector configuration in Hub groups. [TIS-3098]
  • Typos and outdated information in the Manager interface. [TIS-3060] [TIS-2324]