Releases: splunk/SA-CrowdstrikeDevices
Releases · splunk/SA-CrowdstrikeDevices
SA-CrowdstrikeDevices v1.1.5
| Info | Description |
|---|---|
| SA-CrowdstrikeDevices | v1.1.5 - Splunkbase |
| Splunk Enterprise Security Version (Required) | 8.x | 7.x | 6.x |
| Crowdstrike Devices Add-on (Required) | 3.x |
| Add-on has a web UI | This add-on does not contain views. |
Version 1.1.5 by @ZachTheSplunker in #69
New
- Added CSV lookup for ES to use.
- Added Serial Number to category field - closes feature request #67
Improved
- Disabled KVstore replication to improve performance.
- Increased batch size of KVstore lookup to improve performance.
- Removed type definition for KVstore fields.
Full Changelog: v1.1.4...v1.1.5
Contributors
ZachTheSplunker
Assets 4
SA-CrowdstrikeDevices v1.1.4
| Info | Description |
|---|---|
| SA-CrowdstrikeDevices | v1.1.4 - Splunkbase |
| Splunk Enterprise Security Version (Required) | 7.x | 6.x |
| Crowdstrike Devices Add-on (Required) | 3.x |
| Add-on has a web UI | This add-on does not contain views. |
What's Changed
Version 1.1.4 by @ZachTheSplunker in #66
- Added managed configurations for Splunk Enterprise Security to control the retention of lookup file --> Schedule Search
- Deprecating use of the search macro "sa_crowdstrike_retention" and the corresponding saved search.
Full Changelog: v1.1.3...v1.1.4
Contributors
ZachTheSplunker
Assets 5
SA-CrowdstrikeDevices v1.1.3
9325618
This commit was signed with the committer’s verified signature.
ZachTheSplunker
ZachTheSplunker
| Info | Description |
|---|---|
| SA-CrowdstrikeDevices | v1.1.3 - Splunkbase |
| Splunk Enterprise Security Version (Required) | 7.x | 6.x |
| Crowdstrike Devices Add-on (Required) | 3.x |
| Add-on has a web UI | This add-on does not contain views. |
What's Changed
Version 1.1.3 by @ZachTheSplunker in #65
- Added managed configurations for Splunk Enterprise Security to control retention of lookup file --> Schedule Search
- Deprecating use of the search macro "sa_crowdstrike_retention" and the corresponding saved search.
Full Changelog: v1.1.2...v1.1.3
Contributors
ZachTheSplunker
Assets 5
SA-CrowdstrikeDevices v1.1.2
| Info | Description |
|---|---|
| SA-CrowdstrikeDevices | v1.1.2 - Splunkbase |
| Splunk Enterprise Security Version (Required) | 7.x | 6.x |
| Crowdstrike Devices Add-on (Required) | 3.x |
| Add-on has a web UI | This add-on does not contain views. |
What's Changed
- Splunkworks compatibility
Full Changelog: v1.1.1...v1.1.2
SA-CrowdstrikeDevices v1.1.1
| Info | Description |
|---|---|
| SA-CrowdstrikeDevices | 1.1.1 - Splunkbase | GitHub |
| Splunk Enterprise Security Version (Required) | 7.x | 6.x |
| Crowdstrike Devices Add-on (Required) | 3.x |
| Add-on has a web UI | This add-on does not contain views. |
What's Changed
- Hotfix for incorrect regex on priority field - #58
- New format for the
categoryfield by @ZachChristensen28:- The
cs_prefix has been removed from many fields. - Spaces have been added for easier readability.
- The
Full Changelog: v1.0.5...v1.1.1
Contributors
ZachChristensen28
Assets 4
SA-CrowdstrikeDevices v1.1.0
| Info | Description |
|---|---|
| SA-CrowdstrikeDevices | 1.1.0 - Splunkbase | GitHub |
| Splunk Enterprise Security Version (Required) | 7.x | 6.x |
| Crowdstrike Devices Add-on (Required) | 3.x |
| Add-on has a web UI | This add-on does not contain views. |
What's Changed
- New format for the
categoryfield by @ZachChristensen28:- The
cs_prefix has been removed from many fields. - Spaces have been added for easier readability.
- The
Full Changelog: v1.0.5...v1.1.0
Contributors
ZachChristensen28
Assets 4
SA-CrowdstrikeDevices v1.0.5
| Info | Description |
|---|---|
| SA-CrowdstrikeDevices | 1.0.5 - Splunkbase | GitHub |
| Splunk Enterprise Security Version (Required) | 7.x | 6.x |
| Crowdstrike Devices Add-on (Required) | 3.x |
| Add-on has a web UI | No, this add-on does not contain views. |
What's Changed
- Added macro and retention definition to ES General Settings in #35
- See new documentation at https://splunk-sa-crowdstrike.ztsplunker.com/quickstart/quickstart/#update-default-macro
Full Changelog: v1.0.4...v1.0.5
SA-CrowdstrikeDevices v1.0.4
| Info | Description |
|---|---|
| SA-CrowdstrikeDevices | 1.0.4 - Splunkbase | GitHub |
| Splunk Enterprise Security Version (Required) | 7.x | 6.x |
| Crowdstrike Devices Add-on (Required) | 3.x |
| Add-on has a web UI | No, this add-on does not contain views. |
What's Changed
- Updated GitHub actions syntax by @ZachChristensen28 in #26
- Updated docs version by @ZachChristensen28 in #27
- Added ES managed configuration by @ZachChristensen28 in #28
- Fixed incorrect mac field by @PaddlingCode @ZachChristensen28 in #31
Full Changelog: v1.0.3...v1.0.4
Contributors
ZachChristensen28 and PaddlingCode
Assets 4
SA-CrowdstrikeDevices v1.0.3
| Info | Description |
|---|---|
| SA-CrowdstrikeDevices | 1.0.3 - Splunkbase | GitHub |
| Splunk Enterprise Security Version (Required) | 7.x | 6.x |
| Crowdstrike Devices Add-on (Required) | 3.x |
| Add-on has a web UI | No, this add-on does not contain views. |
New
- added cleanup search to remove old/stale devices (#18).
- added search macro for device retention period (#18).
Updated
- updated collection to include last seen field (#18).
- updated lookup generating search to include last time seen (#18).
Full Changelog: v1.0.2...v1.0.3
SA-CrowdstrikeDevices v1.0.2
| Info | Description |
|---|---|
| SA-CrowdstrikeDevices | 1.0.2 - Splunkbase | GitHub |
| Splunk Enterprise Security Version (Required) | 7.x | 6.x |
| Crowdstrike Devices Add-on (Required) | 3.x |
| Add-on has a web UI | No, this add-on does not contain views. |
New
- added
first_seen,last_seen, andlast_updatedto category field (#8). - added
site_nameto existingbunitfield (#13).
Updated
- Changed app logo background to transparent.
Fixed
- Updated saved search to preserve hosts with multiple IP/MAC addresses (#11).