- Resource Groups may now be duplicated.
- A console.resource_group_refresh_period configuration setting has been added. This setting defaults to 3 seconds and limits the maximum frequency of updating Resource Group membership. Users with over 1000 sensors can consider increasing this setting to reduce database load.
- Performance improvements have been made to Resource Grouping, increasing stability for users with over 500 sensors.
- Numerous quality of life improvements have been made to Resource Grouping.
- The list of policysets on the Detections page is now ordered by most recently updated.
- Previously, when a sensor was eligible for multiple policysets, it was difficult to know which would be applied. Now, the first matching policyset is always applied.
- Added example investigations configuration for sensors via the"manual import" yaml
- Create custom sensor groups on the Console and deploy detections to those groups. Access is controlled by new "View Groups" and "Edit Groups" permissions, enabled by default on Admin and Default roles
- Integration Portal now supports Slack and Pagerduty integrations
- When enabled, inactive sensors are now automatically deleted after 90 days
- Usability improvements for the Integration Portal – Send test alerts and enable/disable integrations temporarily
Notable Bug Fixes
- Policy Sets with no assigned resources can now be saved
- Resolved the conflict between sensor control and detection policy
- Custom policy editor recognizes whitespace
- Removed resolved button from archived alerts page
- Fixed an issue affecting deployments with user-provided certificates, where minimum TLS version was always 1.2
- The "Assigned Resources" dialog has been replaced with the new "Resource Groups" feature. During the upgrade to Console 4.8.0, we automatically populate one Resource Group for each policyset that had assigned resources. Please refer to Working with Resource Groups for details.
- Upgrade concern - Single-host Policysets that were created by a user in Console 4.2 or earlier, were hidden from view and stopped affecting sensors in Console 4.4. Upgrading to Console 4.8 will delete these legacy Policysets from the database.
- Upgrade concern - Console 4.8 improves the implementation of the Enable/Disable/Restart controls on the Resource Details page. A side effect of this improvement is that all sensors are enabled after the initial upgrade to Console 4.8.
- You can manually disable the sensors again after the upgrade.
- Alternatively, you may permanently prevent a sensor from becoming enabled by completely disconnecting it from the console, before upgrading to Console 4.8. To disconnect it, remove the `policy_input` configuration block from `capsule8-sensor.yaml` and restart the sensor.