Release Notes


Breaking changes

  • i18n keys prefixed with sirenPlugins.accessControl now must be prefixed with kbn.accessControl instead


New features

Redesigned Graph Browser toolbar

The Graph Browser toolbar has been completely redesigned to provide a better user experience and lay the foundations for upcoming improvements.

For more information, see Using the toolbar.

User session auditing

The new user session auditing feature allows you to configure Siren Investigate to keep track of user activity by session.

For more information, see Auditing user sessions.

Compatibility with Elastic Cloud and ECE

Siren Investigate can now be used against clusters that are running in Elastic Cloud / ECE and that have a compatible version of the Siren Federate plugin.

Major framework updates

The bundled Node.js package has been upgraded to version 14.15.1 and the hapi package has been upgraded to version 20.0.2 as part of the ongoing effort to modernize the codebase.



  • The Data Model configuration screen has been moved to a standalone application in the navigation menu.


  • When an exception from a script is reported, the error details include the title of the script.

  • Fixed an issue that prevented whitelisting methods on the window.document such as document.getElementById.


  • Fixed an issue that would cause a dashboard to scroll to the first Graph Browser visualization instance upon loading.

  • Disabled the ability to set time filters on root nodes in a Dashboard 360 data model as they are ignored.

  • Fixed an issue that prevented the "Surrounding documents" button from displaying documents.

  • It is now possible to create filters on fields whose name starts with _, with the exclusion of known Elasticsearch metadata fields.

Graph Browser

  • Improved the reporting of errors and timeouts during the execution of shortest path and common communicator algorithms.

  • Added new functions to scripts: defaultExpansionAndParse and getCountsForNodes


  • Fixed a typo in the configuration of the Scatter Plot visualization.

  • Removed animations from the Tag Cloud visualization.

  • Fixed the ellipses in the Relational Navigator buttons.

  • Improved the icon that is displayed in visualizations that do not contain results from Elasticsearch.

  • Fixed an issue that prevented custom sorting from working correctly when using custom templates in the Record Table visualization.


  • It is now possible to configure the TLS version negotiated by Siren Investigate when connecting to Elasticsearch through the elasticsearch.secureProtocol configuration setting. The default value has been set to TLSv1_2_method (TLS 1.2).

  • Clarified in the UI that the permission to view an import configuration implies the ability to use it to import data.


  • Removed the elasticdump dependency for backup commands.

Breaking changes

hapi upgrade

The hapi dependency has been upgraded to version 20.0.2 following the end of life of releases older than 19.x. If you developed custom plugins that extend the back-end server, you might need to adjust their code to be compatible with the latest hapi conventions and APIs.

Disabled the jQuery legacy pre-filter by default

In jQuery version 3.5.0 or later, Angular templates with self-closing tags, such as <input/>, are no longer supported. If you have developed any custom plugins that contain templates with self-closing tags, they must be replaced with explicit opening and closing tags, for example, <input></input>, because they will not be rendered otherwise.

If you are not able to fix plugins right away, it is possible to enable a compatibility mode by setting the following options in investigate.yml:

optimize.jqueryLegacyPrefilterEnabled: true
optimize.jqueryMigrateEnabled: true

When these options are enabled, the jQuery Migrate plugin will be enabled and configured to log messages in the console whenever an invalid template is processed.

Graph Browser

  • The parameters of the addDocumentsByQuery sirenAPI function have changed. A saved search id is now used when querying Elasticsearch for entities.

  • Removed the following functions from scripts: executeGremlinQuery and executeGremlinQueryAndParse

Other breaking changes

  • The FieldSelect component has been deprecated and replaced by FieldSelectResponsive. It will be removed in a future release.

  • i18n keys prefixed with sirenPlugins.license now must be prefixed with kbn.license instead.

Security fixes

Bug Fixes


  • Fixed an issue that would prevent a resolution dialog from appearing when importing saved objects pointing to missing index patterns.

  • Fixed an issue that could cause a fatal error after deleting a saved search and opening a dashboard that was referring to it.

Data Model

  • Addressed an issue that could prevent the auto-relations wizard from working correctly when selecting Elasticsearch metadata fields in the list of candidates.

  • Fixed an issue that would cause a document details modal to not close automatically when switching between Data Model tabs.

Graph Browser

  • Fixed an issue that could cause numbers in node labels to be forcibly displayed at the end of the label.


  • While a document is being edited, filter buttons are automatically hidden in the document modal.

  • Fixed an issue that could delay or prevent the update of counts in the sidebar when applying a time filter across multiple dashboards.

  • When dragging a dashboard over a dashboard group, the group is now opened automatically.

  • Fixed an issue where a funnel icon was displayed next to a dashboard that did not have additional filters.

  • Fixed an issue where a user with limited access to a subset of dashboards would get redundant error notifications.

  • Resolved an issue that could cause extra count requests when removing filters from a dashboard.

  • Addressed an issue that was causing Elasticsearch field names to be hidden in the document details modal when column aliases were configured.

  • Addressed an issue that prevented the dashboard document count from being updated when removing saved filters.