ACSIA Help Center

New Release Note v5.0+ (New Version 5.2.5)

Permanently deleted user
Permanently deleted user
  • Updated

New Features in v5.2.5

  • New user interface: Insights Dashboard now serves as integrated in the ACSIA interface. Users can access the old boards from the Compliance section.

mceclip0.png

mceclip1.png

  • New user interface: We redesigned the interface for a better user experience.Adding host last seen in host list and Adding host agent version in host list.

WhatsApp_Image_2022-09-15_at_22.58.17__1_.jpeg

WhatsApp_Image_2022-09-15_at_22.58.17.jpeg

 

 


 

How to upgrade the new version?

The user acsia MUST execute the following command:

Only v5.0+ users should do this.

 acsia_update

 


 

Important Bug Fixes

  • Fix whitelist subnet throwing an exception in edge cases.
  • Fix issue with reset password of the initial default user.
  • When an Access Location is Waiting for approval rule is deleted, notifications related to the user and related IP cause inconsistent behaviour. So executing an action on the notification would generate an exception.
  • Fix issue with the agent installation script on Windows 10 with specific network configuration.
  • Fix General Network Traffic Dashboard not working correctly.
  • Fix the issue with the notification table not being updated when a notification is closed.
  • Fix issue with retrieving windows administrator user in French.
  • Improved database query performance (ephemeral agent commands) and prevented timeouts.

The agent installation script launches a new PowerShell which tests that information about host networks can be collected. If not, network details are not collected. It prevents the installation script to get stuck. The user may ask about it.

 


 

Changelog

Version 5.2.5

Changes

Replaced public IP service with Dectar https://wimi.xdrplus.com/ip

New features

  • New user interface
  • Insights Dashboard #1192
  • Main dashboard #1137
  • Migration to OpenSearch and OpenDashboards #1159 #1163 #1165 #1180
  • Upgrade Wazuh to version 4.3 #1182
  • Rebranding #1180
  • Add host last seen in host list #1255 #1316
  • Add host agent version in host list #1255 #1316

It may be necessary to refresh the page in order to see the new columns in the host list table.

Enhancements

  • Agent Install scripts remember if private or public IPs are not reachable #1256
  • Added a "Resend Email" button for users' password's reset link #1246
  • Clicking on Severities in the main dashboard should show a list of notifications #1230
  • Attacks Blocked now return Total IPs blocked by IoC
  • Show Agent last seen full date instead of last x minutes/hours #1350
  • Improved emails look & feel #1339
  • Opening IoC blocked by ACSIA dashboard in a new tab #1353
  • Enhanced host status column #1349
  • Changed Attack Blocked to Total Events Detected with Total IoC rules #1346
  • Changed the "Attack Blocked" label in the Insight page of the UI with "Events Detected" #1343
  • New icon for the Insight dashboard #1342
  • Added the ability for an admin to setup a user password manually #1247
  • Enforced TLS 1.2 on acsia ngnix #1270
  • Wazuh: do not update automatically #1203
  • UI: enhance 404 and page redirect #1249
  • Enhance Docker log parser #1262
  • Allow full-text search by hostname for host list #1278
  • Falco: remove snapd false positive #1291
  • Enhance agent error handler #1304
  • Settings: reorganize notification section #1314
  • Enhance ssh brute force algo #1317
  • Enhance widget title readability #1321
  • Discard docker logs on parsing failure #1265
  • New Settings styling (Accordion)
  • Improve database queries performance (ephemeral agent commands) and prevent timeouts.
  • Enhanced SQL Injection detector #1299
  • Enhanced port scan detection and visualisation 1239 1264
  • Enhanced brute force attacks detection 1232
  • Enhanced access failures analysis 1237
  • Enhanced SQL injection detection 1261
  • Agent: Enhanced ACSIA agent message handling 1035
  • Database: Enhanced performance 1212
  • ACSIA update script: Rollback on CTRL+C 1214
  • Windows: Enhanced system logs manipulation detection 1257
  • Kernel module: Enhanced rules update 1210
  • Enhanced agent error notification: handle already banned/unbanned messages #1304

Fixes

  • IoC bans json correctly lowercase
  • Access Granted and Access Denied widgets are not accurate #1329
  • Dashboards Graphs are not updated when filtering for period #1330
  • ACSIA Installer is not blocking the installation at the beginning if the minimum requirements are not met #1279
  • Cleaning and some minor bug fixing - installation/prepare script #1142
  • Cleanup of javascript console output #1275
  • A scan done with wpscan is recognised as exploit but shown as green (LOW criticality) #1244
  • Minor issues fixed #1204
  • Fixed agent reporting an error (Unban IP, ban IP) #1304
  • On windows server 2016 with the default configuration of IIS we are not able to parse web request user-agent headers #993
  • Fixed access Granted/Denied widgets capped at 10K #1328
  • Fixed UI not showing when a new version is out #1268
  • Fixed wrong endpoint json capitalization #1348
  • Fixed Data on Attack Trends, when filtered for the last month, not showing a month of data #1340
  • Fixed Dashboard API has no authentication #1345
  • Filter out from Top 10 Attacks by Category the white severity events #1355
  • Main Dashboard Geo Map fixed 838bd35c
  • Agent failed log rotation causes memory leak (agent #46)
  • Fixed conversion value on all badge traffic (managed until YB).
  • Fixed refreshing graphs when filter  period is applied.
  • Fix ACSIA insert user script not working #1217
  • Capitalize widget titles #1321
  • Fix slack integration setting cancel button not working dc4060f7
  • Fix UI is crashing when cleaning out multiple alerts #1311
  • Fix docker container logs detection database retention #1211
  • Fix NaN user in top 10 authorization failure graph #1235
  • Fix MFA Public IP link when URL is enabled goes in timeout #1251
  • WazuhLog parsing exception #1262 
  • Fix Opensearch gets stuck on start/restart #1266
  • Remove debug label in chart title #1278
  • Fix UI bulk action icons have different sizes #1293
  • Fix installation fails when a previous checkmaster failure happens #1296
  • Fix ban by false positive not present in banned IPs #1299
  • Fix host filter widgets not updated after host removal #1310
  • Fix double negative in the UI under kernel notification #1313
  • Fix IP Whitelist doesn't work for subnets but only for singular IPs #1315
  • Handle SQL rollback #1318
  • Fix minor decoration bug in host list last seen column #1319
  • Fix empty first seen field in blacklist #1277
  • Agent reporting error on Windows administrator users discover #1274
  • Detecting wazuh-remoted writes under /etc/ as a threat #1306
  • Fix General Network Traffic Dashboard not working correctly #1165
  • Remove change IP detection for agentless mode #1161
  • Fix change default user password breaks acsia stack restart script #1170
  • Fix issue with retrieving windows administrator user in French #1184
  • Fix add whitelist subnet throwing an exception in edge cases. #1185
  • Fix waiting for approval access location inconsistent behaviour #1140
  • Fix issue with the agent installation script on Windows 10 with specific network configuration. #1195
  • Fix issue with the notification table not being updated when a notification is closed nimbus/acsia-new-ui-ux#168
  • Fix IocRepo throwing exceptions when there are no results 127cb08c
  • Fix broken Falco custom rules #1201
  • Fix Wazuh syscheck false positive #1198
  • Fix long web request params can't be stored in DB #1299
  • Fix missing IP discovery on Windows, in case of host network issues 1205
  • Fix false positives from internal components 1209
  • Fix Policies IP filter not working after several IP filtering actions 1207
  • Fix OpenSearch doesn’t start automatically on host reboot 1196
  • Fix changing settings fail when disabling SMTP 1231
  • Fix ACM API periodically not reachable 1216
  • Fix SSL certificates deployment missing script command 1234