Note: We're releasing these versions simultaneously. Both sets of release notes are included for your reference.
We recommend skipping 4.4.0 and upgrading directly to 4.4.1 to take advantage of a number of improvements. Before upgrading, please read and be aware of the caveats listed in Upgrading to Console 4.4. These caveats continue to apply to version 4.4.1.
- We've added a "Detections" page where you can define "Policy Sets". Policy Sets are complete configurations that include one or more Policies and zero or more Lists that can be assigned to resources.
- We've built a new UI editor for Policies. For now, this feature is limited to editing existing policies, including enabling or disabling them. If you need to add or remove policies and lists, you can do so with the YAML Editor.
- Now you can configure a group of sensors at once! When you create a new Policy Set, the Assigned Resources card identifies a subset of your sensors to configure.
- Detailed instructions for these new configuration features are available at Configure and Deploy Detection Policy Set on the Console.
- The Hosts page has been renamed to "Resources". We've added a set of metadata labels for each resource. Click the "..." on a label to expand it into the full key:value pair.
- We've introduced an API to identify Amazon EC2 resources, including those without sensors installed. The Console UI still shows only resources with sensors, but expect to see non-sensor resources in a future release. You can optionally get a head start on configuration, and learn how to manually retrieve the resource list from our API, by following the instructions at Resource Management Configuration.
- We've added an API that lets vSphere admins submit a resource list to the Console. Like EC2, resources without sensors are not yet shown in the UI. Find details at Resource Management Configuration.
- Active Directory Federation Services is now a supported method for logging into the Console. Learn how to configure it at Active Directory Configuration.
- We're happy to introduce support for storing alerts in Microsoft Azure Queue Storage. This feature requires Capsule8 Sensor version 4.4.0 or greater. Learn more at Exporting alerts to Azure.
- Alongside our existing functionality to archive old alerts, we've added a new feature to permanently delete old archived alerts. Deletion is on by default, but you can disable it in the Global Settings. See Manage and delete archived events in the Console.
- We've added an optional flag to adjust the Console Server's minimum TLS version from its default of 1.1. Configuration instructions may be found at Serving the Console over HTTPS.
- The Hosts page (now "Resources") is fixed for users with many hosts:
- It now supports unlimited pagination. (It previously displayed a maximum of 50 hosts.)
- It now orders most recently seen hosts first. (It previously ordered oldest hosts first.)
- We've fixed a couple pain points for users setting up LDAP logins:
- The Console now logs LDAP connection errors.
- Connections to TLS-only LDAP endpoints are now supported. (Previous Console versions required a non-TLS endpoint, then upgraded to a TLS endpoint if available.)
- The Console UI now consistently refers to "Events" rather than "Alerts."
- If the Console or a CLI user attempts to use Policy API calls when that functionality is disabled, the error message now hints how to enable it. (Set CAPSULE8_CONSOLE_POLICY_CONFIG_ENABLED.)
- If a CLI user attempts to generate an API key with `capsule8-console generate-token` when the signing key was not specified, the error message now hints how to specify it. (Set CAPSULE8_CONSOLE_AUTH_SESSION_KEY.)
- We've fixed a bug that caused logins to fail with some Okta providers.
- You may have seen startup logs mentioning null backend. This mildly alarming log simply meant that the Console server was using its own database, rather than Amazon S3, Google Cloud or Microsoft Azure. We've renamed this to the more meaningful default backend.
- Once a policyset has had assigned resources saved, you cannot change the assignment to no resources. (You can change the assignment to a different set of resources.)
- You can now use Okta's SAML login flow to login to the Capsule8 Console.
- You can now find a "Providers" tab on the Resources page, with a UI to help you set up Amazon EC2 and VSphere resource discovery. The credentials are encrypted before being stored.
- You can opt in to beta features with a set of switches in the Global Settings page. Previously, these features were enabled by environment variables.
- The Resource Details page now shows you the most recently applied policyset.
- You can now delete policysets.
- When you login to the Console and have zero known resources, you'll see a dialog with some hints to help install sensors and connect them to the Console.
- When editing a policyset, you previously had to know the syntax of the rules to declare whether a process is matched or ignored. Now you can use a searchable dropdown populated with all available rule conditions.
- You can now automatically discover VSphere resources after setting console.vmware_resource_discovery_enabled and following the instructions in set up Amazon EC2 and VSphere resource discovery.
- The console.auth_required configuration has been removed. The console now always requires authentication.
- The console.crypto_key configuration has been added. This AES256/GCM signing key is only required if you use the new Providers tab on the Resources page to configure resource providers. If set, it must be a 64 character hexadecimal string.
- When you visit the default Incidents page in the Console, you'll now see the correct number of incidents. This fixes an issue where a page size of 50 could display a single incident, grouped with 49 associated events.
- The Global Settings options for configuring automated archival and deletion of alerts previously accepted invalid values. These controls now enforce valid inputs.
- For users with more than 1000 resources and/or more than 1000 events, you can expect performance improvements when viewing the Resources page.
- You will no longer encounter a console log indicating "broken pipe" when you close a browser tab that was viewing the Incidents page.
- When you attempt to navigate to a specific Console page but are not logged in, you'll now be redirected after a successful login.
- If you submit invalid or malformed YAML while creating a policyset, now you'll see what went wrong, rather than a silent failure.
- If you attempt to navigate away from a policyset that you're editing before saving, we now show a confirmation dialog.