Version: 2.13.0

Release Notes

What's Fixed in Version 2.13.0

Log Retention Improvements

To help improve disk space by removing unnecessary files, we have made improvements to our retention rules for log files.

System Logs: Logs in /opt/data will be kept for 30 days
ECA Logs: ECA logs will be kept for 30 days, with the exception of install logs that are kept for one year
Log Size Reduction: Log size has been reduced to a maximum of 10 Megabytes

These improvements ensure better disk space management while maintaining sufficient log history for troubleshooting and auditing purposes.

Report Table Pruning

To reduce database sizes, we have enabled pruning rules on Sync IQ policy reports.

Default Retention: Reports will be kept for a maximum of 30 days
Customization: If you would like to keep these reports longer, you can edit the Report tag in /opt/superna/sca/conf/PruneConfig.xml

This enhancement helps maintain optimal database performance by automatically managing report data retention.

Recovery Manager for Active Auditor and Ransomware Events with the Same User

Fixed an issue where ransomware events and active auditor events for the same user were not properly coordinated in the recovery manager.

Previous Behavior:

If a ransomware event was raised while an active auditor event existed for the same user, the handling of affected files could be inconsistent.

Fixed Behavior:

When both event types exist for the same user, they now share the same list of affected files in the cyber recovery manager view
If an active auditor event is active while a ransomware event is raised for the same user, all files touched by that user from one hour before the active auditor event was raised will be included for recovery
The same coordination applies in reverse: when an active auditor event is raised while an existing ransomware event exists
Events are properly listed in the ransomware event user activity list

This fix ensures comprehensive file recovery coverage when multiple security events occur for the same user.

Garbled ECA Logs Removed

Resolved an issue with corrupted log files appearing in the ECA logs directory.

Issue: Strange directories with garbled characters were appearing in /opt/superna/eca/logs/
Resolution: These logs are no longer generated and existing garbled logs can be safely deleted

Intermittent Error When Archiving on False Positive

Fixed a rare issue affecting event archival as false positives.

Issue: In certain rare circumstances, events would not correctly archive when marked as False Positive
Resolution: Events now consistently archive properly when marked as False Positive

AirGap Improvements

Several outstanding issues related to AirGap jobs have been resolved for both PowerScale and ECS platforms.

PowerScale AirGap Fixes

Similar Job Names: Fixed issue where jobs with similar names could cause conflicts
Log Bundle Size: Reduced log gather bundle size for more efficient log collection
Retry Mechanism: Added retry mechanism to handle curl timeout errors, improving job reliability

ECS AirGap Fixes

Job Status Accuracy: Job statuses are now more accurate and reflect the true state of operations
Job Deletion: Jobs can now be deleted from the UI, which is useful for removed or renamed vault agents

These improvements enhance the reliability and manageability of AirGap operations across both platforms.

Command Not Available

The igls app pull-config command does not work in this release. The same effect can be accomplished by running the following steps:

On Old Eyeglass

Run restore backup

sudo /opt/superna/bin/create_troubleshooting_archive.sh /opt/data/archive/eyeglass-backup.zip -processExport -restore

SSH to appliance and transfer the backup

scp /opt/data/archive/eyeglass-backup.zip admin@<new-eyeglass>:/tmp

Stop the service
```
  sudo systemctl stop sca
```

On New Eyeglass

Restore the backup

  igls app restore /tmp/<restore-backup>

On ECA

Update the EYEGLASS_LOCATION variable in /opt/superna/eca/eca-env-common.conf to the new IP address
Push the configuration
```
ecactl cluster push-config
```

Restart the services

ecactl cluster exec ecactl cluster services restart --container=iglssvc

Known Issues

ECS AirGap: discover.sh Script Not Functioning (Version 2.13 Only)

The discover.sh script does not function correctly in version 2.13 for AirGap customers. Using this script may result in database inconsistencies and login issues.

Workaround: Do not use the discover.sh script in this release. A fix is in progress and will be delivered in an upcoming maintenance update. Contact Superna support if you need to use this script.
Webhook Test Results Not Displayed with Multiple Integrations

When multiple integrations are enabled, the sample payload is sent successfully, but the GUI does not display the test results.

Workaround: Verify webhook delivery through your integration endpoint's logs or monitoring tools to confirm the test payload was received.
OVA Deployment: Multiple DNS Servers Prevent Ethernet Interface Startup

The ethernet interface will not start if the OVA is deployed with more than one DNS server configured.

Workaround: Deploy the OVA with a single DNS server only. Additional DNS servers can be configured after the interface is up and running.

Upgrade Information

If you have questions about upgrading to version 2.13.0 or need assistance with any of the fixes mentioned in these release notes, please contact Superna Support.

What's Fixed in Version 2.13.0​

Log Retention Improvements​

Report Table Pruning​

Recovery Manager for Active Auditor and Ransomware Events with the Same User​

Garbled ECA Logs Removed​

Intermittent Error When Archiving on False Positive​

AirGap Improvements​

PowerScale AirGap Fixes​

ECS AirGap Fixes​

Command Not Available​

On Old Eyeglass​

On New Eyeglass​

On ECA​

Known Issues​

Upgrade Information​