05 Aug 19:02

sjones-github

0270ca0

Release 3.7.1 of cb-event-forwarder

v3.7.1

Features

EDR Event Forwarder continues to run during communication outages. Previously, it would exit on timeout.

Bug Fixes / Changes

Corrected signal handling, permitting EDR Event Forwarder to continue to execute during communication outages.

Assets 2

23 Jun 14:47

dseidel-b9

v3.7.0

be08f76

Release 3.7.0 of cb-event-forwarder

Features

We now support Antimalware Scan Interface (AMSI) events. This event is called ingress.event.filelessscriptload. Please note that you will need EDR 7.2.0 in order to receive these events.
New command-line option -pid-file <pid_filename> for better parity with other services, and to facilitate process monitoring.

Bug Fixes / Changes

Reverted use of Confluent Kafka client library to the pure Go Sarama client.
Removed configuration settings api_token, api_verify_ssl, and api_proxy_ssl. Event Forwarder no longer needs to use the EDR API to perform event post-processing. EDR now has built-in capability for adding report titles to feed hit events.
Changed some log messages in the protobuf processing code to debug level, to avoid filling log files with unneeded entries.
Specify CA/Client cert/keys in PEM format.
Deprecate Upstart in favor of sysvinit for service control on EL6 systems

Assets 2

18 May 15:57

dseidel-b9

v3.6.3

77fa91b

Release 3.6.3 of cb-event-forwarder

Features

Switched from the GZIP library to PGZIP for faster and more efficient compression.

Bug Fixes / Changes

The requirements of the s3out configuration setting have been relaxed such that
you may omit the leading "temp-file-directory" element. In other words, it is sufficient
to use the format s3out=[region]:[bucket-name].

Related Changes in CB EDR

Corrected the CB EDR configuration page for the Event Forwarder to allow changing
the "Max bundle size". Prior to this fix, submitting a configuration change with a
new value for that setting resulted in a server error. NOTE: this fix requires CB EDR
version 7.2.0 or higher.

Assets 2

24 Mar 18:08

dseidel-b9

v3.6.2

5b82546

Release 3.6.2 of cb-event-forwarder

Features

Event Forwarder can now be configured and operated from the CB EDR web console. NOTE: This requires CB EDR version 7.1.0 or greater.
There are no new features in Event Forwarder itself.

Bug Fixes

Fix signal handling for syslog and S3 output types
Fix error handling for AMQP connections

Assets 2

28 Jan 22:48

jcapolino

3.6.1

7cc6685

v3.6.1

Release v3.6.1 of CB Event Forwarder

Features

This version introduces CentOS/RHEL 7.x compatibility with separate packages for el6 and el7.

It also introduces new metric support, provides threading for the kafka output, and finally the ability to configure more options for kafka.

Bug Fixes

This release streamlines error reporting, removing superfluous and numerous 'blocked_netconn' exceptions from the event forwarder stream.

Assets 4

13 Aug 19:09

zacharyestep

3.6.0

5889d1e

v3.6.0

Release 3.6.0 -

Overhaul support for Kafka output , various fixes and support for compression in HTTP/S3 outputs.

Use the new [kafka.producer] section to specify arbitrary kafka producer options based on the kafka producer API -
https://docs.confluent.io/current/installation/configuration/producer-configs.html for details on the supported configuration options. This allows for supporting kafka producer TLS/SSL options, compression, and various others if desired. Continue to specify output_type=kafka and [kafka] brookers=comma-delimited-broker-list in your configuration file to try things out.

Assets 3