Release Notes

10.5.x Breaking Changes

  • AngularJS library is now updated to version 1.7.9 from version 1.4.8.

  • Updated the EUI Library from the Siren custom version, sirensolutions/eui#4.3.0-siren-patched-1, to "@elastic/eui": "22.1.0" across the entire Siren ecosystem.

  • Removed queries and the Query Viewer visualization, due to the removal of old data sources.

  • REST data source support was removed and replaced with the new Web services feature.

10.5.3

Bug Fixes

  • Fixed a bug that would cause the incorrect ordering of entries in the dashboard sidebar.

  • Clicking View surrounding documents on a table row no longer results in an error.

  • Fixed a fatal error (blank screen) that displayed when the target index does not exist or when the response body does not contain aggregations.

  • A new warning message displays when an auto time field is specified, but there is no time filter field assigned to that search.

  • Fixed an issue that caused the Geofield type dropdown menu to reset while the user edited the Geo-time lens.

  • Error information is now displayed when a Web service invocation fails.

  • Prevented the automatic layout of the data model when a new relation is added.

  • The application toolbar is no longer minimized automatically when the user visits a new dashboard.

  • Relation names no longer run over the selector in the Relations page.

  • Fixed an issue that caused the Web Service Saved Object configuration page to rendering incorrectly.

  • Fixed a bug that caused the Saved Graphs section on the ManagementSaved Objects screen to appear empty.

  • When the user removes an invalid element from the 360 data model, the error message now disappears.

  • Fixed the cardinality limit to work when the user disables filters.

  • If a Dashboard 360 contains an invalid item in the tree, the application no longer displays an unhelpful warning.

  • Fixed a bug that caused visualizations to disappear behind the dashboard sidebar after the user resized the browser window.

  • Fix an issue that caused relations not to display in the Relation navigator.

  • Index pattern validation now only occurs when the user selects the option to validate indices.

  • Fixed an issue that caused the wrong date to display in CSV exports for indices that have date fields in the epoch_second format.

  • Fixed the CSV export to work correctly with non-ASCII visualization titles.

  • Brand icons are now applied correctly to the dashboard groups.

  • Dashboard 360 now supports icon packs.

  • Prevented queries without joins from being passed to the _siren endpoint.

  • Restored the ability to embed dashboards in an iframe.

  • Fixed a bug that occurred when the user selected a combination of time range and term filter in the Multichart visualization.

  • If a user does not have access to a subset of indices, the expansion of relations to authorized indices in the Graph Browser is not prevented.

  • Fixed an issue that caused the expensive query bar not to appear the first time the time is set above the threshold after the browser is refreshed.

  • Fixed an issue that caused an incorrect list of items to display when the user switched the page in a results table.

  • Types are now sent correctly in saved object requests.

  • Fixed a bug that caused the URL to flicker when the user created a filter when the time was modified in the Scatterplot visualization.

  • Fixed a bug in the Controls visualization that caused the list to populate only partially.

  • Fixed an invalid SVG attributes error in the Gauge visualization.

  • Added a message to the Web services interface to inform the user that no services are registered.

  • Fixed bug that caused the tooltip containing the dashboard description not to display when the dashboard did not belong to a group.

Improvements

  • Removed custom highlight query to prevent errors when searching indices having more than 1024 fields

  • Siren Alert no longer schedules operations during the upgrade process.

  • If the user does not have permission to open Siren Alert, the Watcher button on dashboards is not displayed.

  • It is now possible to restrict access to the Web service manager application.

  • Added support for OpenID Connect when using Elastic Stack security.

  • The trigger handler on the Custom Record table template is enabled.

  • Query transformation is enabled only for Elasticsearch search/msearch requests.

  • Minor styling fixes and improvements.

10.5.2

Known Issues

  • The limits that are based on the number of documents are not enforced when a user disables the ‘invert’ filter or manually edits a filter that is saved with a dashboard.

Bug Fixes

  • Prevented standard users from being able to change the Siren Platform license from the Management section.

  • Prevented dashboard groups from expanding automatically when switching dashboards.

  • Prevented the dashboard sidebar from collapsing unexpectedly when switching dashboards.

  • Resolved an issue that prevented dropping a dashboard inside a dashboard group or between dashboard groups in some scenarios.

  • Resolved an issue where searches that were performed in Discover were inadvertently applied to dashboards that were bound to the same underlying index pattern search.

  • Resolved an issue that prevented users from inverting dashboard filters when editing their definition.

  • Prevented graph node counts from disappearing after expanding unrelated nodes in some scenarios.

  • Resolved an issue where a change to the dashboard filter settings did not signal a need for a recount on the Graph Browser.

  • Child searches with filters inside 360 dashboards are now handled correctly.

  • Restored the ability to set the legend positioning and customize axis labels in the Multi-Chart visualization.

  • Improved the display contrast of visualizations when a dark theme is enabled.

  • The OIDC flow is automatically restarted if the cookie with the nonce was not saved by the browser.

  • The Time Series Visual Builder visualization now works correctly with Elasticsearch 7.

  • Restored support for Font Awesome brand icons.

  • Support for long dashboard names and improved alignment of Data Model editor page in Dashboard 360.

  • Resolved issue with the color display for significant term option on the Graph Browser aggregated relations.

  • Resolved an issue that could cause the application to crash when data was not available in a visualization configured to display "other" or "missing" field counts.

  • Points no longer disappear on map clusters when zooming in.

  • Resolved usability issues with refresh count action on the Relational Navigator.

  • Resolved an issue of missing access control context for the Web Service Manager in tha Access Control UI.

  • Restored auto-completion of names in the Data Model relations list.

  • Rectified an issue that prevented loading system indices correctly on Elasticsearch 6.5.4 when using the "investigate restore" command.

  • Modified Siren Alert to create new daily indices only when an actual alarm or report is produced.

  • Improved invalid file handling in the map layers ingestion scripts.

  • Resolved the order of points in geo_polygon filters that are created by the Enhanced Coordinate Map visualization.

  • Resolved an issue with a continuously spinning indicator on Dashboard 360.

  • Resolved an issue in Dashboard 360 where a join filter from a leaf visualization was applied to the main search in certain scenarios.

  • Removed the obsolete "search" REST API endpoint from Siren Alert.

10.5.1

Known Issues

  • The number of document limits does not work as expected when a user disables the ‘invert’ filter or manually edits a filter that is saved with a dashboard.

Bug Fixes

  • Addressed an issue with the Record Table not flattening nested JSON. Now, nested fields can be added as columns.

  • Addressed a critical issue when adding a search to dashboard 360.

  • Addressed an issue with the dashboard filter disappearing when edit mode was opened, but the filter was not edited.

  • Addressed an issue with the blank list of saved objects in the Management page.

  • Addressed an issue with the time filter not being removed when turning off timeline mode.

  • Addressed an issue when adding nodes to the dashboard 360 model.

  • Addressed an issue with the graph browser’s ‘select by edge count’ not working when nodes are not visible.

  • Addressed the display of the data model subtitle text wrap within container.

  • Addressed the issues related to the time series visual builder not working in 10.5.0.

  • Improvements to the reliability of the drag-and-drop function when moving items onto the graph browser and map components.

  • Improvement to the relation and entity identifier dependency resolution on dashboard export.

  • Improvements to the geoLoad script to allow geohash aggregations by using the geo_point field type instead of the geo_shape field type.

  • Addressed the unexpected behaviour when changing time above limits and navigating away in the expensive query limit feature.

  • Addressed the issues with the tooltip display on the graph browser nodes.

  • Addressed an issue with the scatter plot visualization not working for 'Any Aggregator Data' or 'Filter Aggregator Data' configuration options.

10.5.0

New features and improvements

Product compatibility

  • Introducing compatibility with Elasticsearch version 7.x. You can use Siren Investigate with the latest version of Elasticsearch that is supported by the Siren Federate plug-in.

Improved performance

  • To improve system performance, the Web app bundle size is reduced and Siren Platform now employs more efficient dashboard rendering. This enhancement speeds up a typical dashboard-switching scenario by several seconds.

  • New ability to set limits on searches, which prompts the user with a warning before they configure large joins or set broad filters.

  • Back-end performance improvements for large, multi-index, multi-shard settings.

New look interface

  • The user interface has a new look, which provides a more cohesive experience as you navigate the modules.

New core features

  • Web services: You can now dynamically retrieve data from external APIs. This data can be stored in Elasticsearch and relationally linked to your existing data. Siren Platform includes examples of commonly-used Web services, such as Webhose, JsonWhois, and Twitter. Additionally, follow our documentation to create your own Web service driver for other APIs. Web services can form part of your graph scripts, dashboard scripts, alerting scripts, or your new visual components.

  • Scripting API: You can now automate workflows and create ad-hoc visualizations by using a layer of scriptable JavaScript.

  • Natural Language Processing (beta): The Siren NLP plug-in provides an out-of-the-box Elasticsearch ingestion pipeline with a variety of processors for enriching documents with entity extraction. It can enrich text fields with predefined taxonomies and annotation for named entities, such as organization, person, or location.

  • JDBC/ODBC drivers: In collaboration with CDATA, a featured SQL driver is now available for Siren Platform. The drivers allow custom data exports for use in scripts and integrations.

Updates to maps

  • Loading map layers from Elasticsearch: The Enhanced Coordinate Map visualization now allows you to load map references that are stored in Elasticsearch indexes into pre-defined spatial groups. You can add multiple layers of shapes and points of interest (POI), set properties for each layer, and arrange and activate them, dynamically, at the dashboard level.

  • Siren supports advanced positioning use cases, by making the following enhancements:

    • The Graph Browser can now be used as a “tracker map” to track the movements of entities, both historically and by using live updates.

    • Example scripts are provided to trace contact between individuals. Other proximity use cases are available in the dashboard

Updates to graphs

  • A new Cards tab is available in the Graph Browser. Graph cards are selection-dependent visualizations that can be configured for many purposes. When you select nodes, the out-of-the-box cards display a neat summary of specific field values and allow you to quickly select a subset.

  • Numbers in the graph now change instantly as you change the relations that are active in the sidebar. Numbers can also be easily refreshed.

  • A new common communicator graph algorithm allows you to find nodes that act as communicators between 3 or more other nodes.

Updates to alerts

  • Improvements to versioning, configuration, and editing.

Known Issues

  • Issues in expensive query limit feature:

    • The number of document limits should work when a user disables the ‘invert’ filter or edits by hand a filter that is saved with a dashboard but currently does not work as expected.

Bug Fixes

  • Addressed issue with visual builder giving an "Invalid Interval error" when changing the interval value.

  • Improved the responsiveness of the icon picker for the dashboard, dashboard groups, and index pattern searches.

  • Addressed an issue where changing the timeline in the graph browser multiple times in rapid succession would not update the layout.

  • Improved the automatic sizing of nodes in the graph browser.

  • Saved objects validation no longer verifies the existence of remote indices.

  • Addressed an issue where index data was not immediately visible in the data model page after creating a new index pattern.

  • Addressed an issue where it was not possible to fix an index pattern search that points to a missing index without disabling the saved objects validation.

  • Fixed a regression that caused a normal barchart series to appear as stacked.

  • Addressed an issue that prevented assigning a label through lenses to grouped nodes.

  • Siren now prevents the automatic download of Chromium when launching Investigate on Windows.

  • Addressed an issue that caused an error to be displayed when switching quickly between two dashboards that contain a graph browser.

  • Addressed errors that displayed in the graph browser when expanding nodes in a data model with a very high number of relations.

  • Addressed an issue in date fields processing when adding nodes from heterogeneous index pattern searches to the graph browser.

  • Addressed issue the inability to remove relations linked to the same entity type.

  • Addressed issue when calculating counts on relational buttons that are linked with virtual index.

  • Resolved the the inability to add nodes from a remote elasticsearch to the graph browser.

  • Resolved issue related to unreliable behaviour using force recount on the graph.

  • Addressed related to display of date picker in Dashboard 360 time filter.

  • Addressed issue of Dashboard 360 filter strategy not being persisted.

  • Addressed problems when changing an index pattern search from "time based" in datamodel.

  • Resolved issues related to display of filter state on the dashboard menu.

  • Resolved issues related to the display format of date in the graph browser tooltips and sidebar.