Release Notes: Console 4.8 – Capsule8

4.8.1

Resource Groups may now be duplicated.
A console.resource_group_refresh_period configuration setting has been added. This setting defaults to 3 seconds and limits the maximum frequency of updating Resource Group membership. Users with over 1000 sensors can consider increasing this setting to reduce database load.

Performance improvements have been made to Resource Grouping, increasing stability for users with over 500 sensors.
Numerous quality of life improvements have been made to Resource Grouping.
The list of policysets on the Detections page is now ordered by most recently updated.
- Previously, when a sensor was eligible for multiple policysets, it was difficult to know which would be applied. Now, the first matching policyset is always applied.

Added example investigations configuration for sensors via the"manual import" yaml
Create custom sensor groups on the Console and deploy detections to those groups. Access is controlled by new "View Groups" and "Edit Groups" permissions, enabled by default on Admin and Default roles
Integration Portal now supports Slack and Pagerduty integrations
When enabled, inactive sensors are now automatically deleted after 90 days

Usability improvements for the Integration Portal – Send test alerts and enable/disable integrations temporarily

Policy Sets with no assigned resources can now be saved
Resolved the conflict between sensor control and detection policy
Custom policy editor recognizes whitespace
Removed resolved button from archived alerts page
Fixed an issue affecting deployments with user-provided certificates, where minimum TLS version was always 1.2

The "Assigned Resources" dialog has been replaced with the new "Resource Groups" feature. During the upgrade to Console 4.8.0, we automatically populate one Resource Group for each policyset that had assigned resources. Please refer to Working with Resource Groups for details.
Upgrade concern - Single-host Policysets that were created by a user in Console 4.2 or earlier, were hidden from view and stopped affecting sensors in Console 4.4. Upgrading to Console 4.8 will delete these legacy Policysets from the database.
Upgrade concern - Console 4.8 improves the implementation of the Enable/Disable/Restart controls on the Resource Details page. A side effect of this improvement is that all sensors are enabled after the initial upgrade to Console 4.8.

You can manually disable the sensors again after the upgrade.
Alternatively, you may permanently prevent a sensor from becoming enabled by completely disconnecting it from the console, before upgrading to Console 4.8. To disconnect it, remove the `policy_input` configuration block from `capsule8-sensor.yaml` and restart the sensor.