All notable changes to this project will be documented in this file.
- Add compatibility with Graylog 6.0
- Wizard Alert Rule page uses same components as the event definition page (issue #24)
- The rule form permits to add Search Query to the event definition description (issue #124)
Note : This feature involves an internal updating of the API. The rules must be exported and deleted then imported with the new version of the plugin.
- Remove severity and use event definition priority (issue #100)
- Move wizard configuration in system/configurations (issue #83)
- Import failure when description is null (issue #132)
- List can't be deleted (issue #137)
- FIX Plugin compatibility with Graylog 5.1.9
- Add user notification when he imports rules with distinction_fields as array (issue #93)
- Rules where both is in list conditions and other field conditions should match, did not behave correctly (issue #119)
- The list of alert rules could not be displayed after the deletion of a notification associated to a rule (issue #116)
- The list of alert rules could not be displayed after the deletion of an event definition associated to a rule (issue #117)
- The list of alert rules could not be displayed after an alert with a field condition without the type is created (issue #120)
- The save button did not enable when changing the rule type (issue #114)
- The save button was enabled without the second block of conditions being filled for rules of type THEN, AND and OR (issue #86)
- In rule export, the selected rules count is reset when another set of rules is imported (issue #88)
- Switching the theme did not change the style of the typeahead field input (issue #118)
- Update graylog-plugin-logging-alert dependency to 5.1.3
- POST plugins/com.airbus_cyber_security.graylog.wizard/alerts and PUT plugins/com.airbus_cyber_security.graylog.wizard/alerts/{title} field condition_type should be not null
- When an alert is corrupted (for instance when the associated notification has been manually deleted), the severity field returned by the REST routes may be null
- Update graylog-plugin-logging-alert dependency to 5.1.2
- Fixed layout of buttons in several pages (issue #121)
- Clicking the delete button of a condition was always deleting the last condition (issue #74)
- Disabling/enabling a AND rule was throwing an exception (issue #129)
- Clone button was not working (issue #131)
- Update graylog-plugin-correlation-count dependency to 5.1.1
- Update graylog-plugin-logging-alert dependency to 5.1.1
- Stack-trace when hovering over the user in the table of alert rules. The tooltip is now shown on the header only
- Incorrect field being updated when a condition of type "is present in list" is selected during rule creation
- Fixed highlighting of AND, THEN and OR conditions in dark mode
- Add compatibility with Graylog 5.1
- Add compatibility with Graylog 5.0
- Removed column
Alerts
on the page displaying rules. When upgrading from a previous version, this field should be removed from the configuration. This can be done with the REST API (plugins/com.airbus_cyber_security.graylog.wizard/config endpoint) - GET plugins/com.airbus_cyber_security.graylog.wizard/alerts/data has been removed
- GET plugins/com.airbus_cyber_security.graylog.wizard/alerts now returns the full information of each alert rules (what endpoint plugins/com.airbus_cyber_security.graylog.wizard/alerts/data used to return)
- GET plugins/com.airbus_cyber_security.graylog.wizard/alerts plugins/com.airbus_cyber_security.graylog.wizard/alerts/{title} do not return field
alert_count
in their results anymore
- The rule description is now mapped to the event definition description (issue #102)
- POST plugins/com.airbus_cyber_security.graylog.wizard/alerts now returns data about the newly created alert rule
- Resource plugins/com.airbus_cyber_security.graylog.wizard/alerts returns the second event definition identifier (if any) as field
second_event_definition
- Disabling a wizard rule now disables the associated event definitions (issue #58)
- After deleting the stream associated with a rule, the list of rules would not load anymore (issue #105)
- The backlog size value set in the configuration is now taken into account in the event definition (issue #40)
- Several display bugs in dark mode fixed (issue #59)
- French translation of statistical condition 'sum' was incorrect (issue #112)
- Update graylog-plugin-logging-alert dependency to 4.4.1
- POST plugins/com.airbus_cyber_security.graylog.wizard/alerts, field
description
should be not null (use an empty string, if there is no description)
- Rules export was not exporting field notification_parameters anymore (issue #97)
- Rules import was not restoring notification split fields (issue #97)
- Add compatibility with Graylog 4.3 (issue #75)
- Update graylog-plugin-correlation-count dependency to 4.2.0 (issue #90)
- Update graylog-plugin-logging-alert dependency to 4.2.0 (issue #89)
- The default value of the matching type is set to "all" for the second stream too (issue #85)
- Creation a rule with the same name as a previously created rule does not raise an exception anymore (issue #96)
- When getting rest resources plugins/com.airbus_cyber_security.graylog.wizard/alerts/data and plugins/com.airbus_cyber_security.graylog.wizard/alerts/{title}: field title_condition is removed
- Removed the possibility to configure field, field type and field value (issue #94)
- Native aggregation is used instead of graylog-plugin-aggregation-count (issue #71)
- The pipeline rule created with lists now matches exact values of the list rather than substrings (issue #49)
- The default value of the severity in the wizard configuration is set to "Info" (issue #61)
- The default value of the time range unit in the wizard configuration is set to "minutes" (issue #62)
- The default value of the threshold type is set to "more than" (issue #63)
- The default value of the matching type is set to "all"
- The default value of the grace is set to 1 (issue #35)
- Updated graylog-plugin-correlation-count dependency to 4.1.2
- Group/Distinct condition now accepts at most only one distinct field. During import of old rules, only the first distinct field is kept
- Rest resources plugins/com.airbus_cyber_security.graylog.wizard/alerts and plugins/com.airbus_cyber_security.graylog.wizard/alerts/{title}: condition_parameters.distinction_fields renamed into distinct_by. It now accepts only one value
- Rest resources plugins/com.airbus_cyber_security.graylog.wizard/alerts and plugins/com.airbus_cyber_security.graylog.wizard/alerts/{title}: condition_parameters.threshold_type and condition_parameters.additional_threshold_type values MORE/HIGHER and LESS/LOWER are replaced by > and <
- Removed rest resource plugins/com.airbus_cyber_security.graylog.wizard/alerts/import, imports are now implemented using regular create POSTs
- Removed rest resource plugins/com.airbus_cyber_security.graylog.wizard/alerts/export, exports are now implemented using regular GETs
- Updated graylog-plugin-correlation-count dependency to 4.1.1
- Updated graylog-plugin-aggregation-count dependency to 4.1.1
- Rules import: added search input to filter rules by their title (issue #46)
- Rules import&export: replaced button "Select all" by checkbox to select/deselect all rules (issue #64)
- Updated graylog-plugin-logging-alert dependency to 4.1.1
- The correct value of the additional threshold is now displayed when editing an alert rule (issue #69)
- Rest resource plugins/com.airbus_cyber_security.graylog.wizard/alerts/{alert_name} now returns the same response as plugins/com.airbus_cyber_security.graylog.wizard/alerts/{alert_name}/data
- Removed rest resource plugins/com.airbus_cyber_security.graylog.wizard/alerts/{alert_name}/data
- Add compatibility with Graylog 4.2
- Add compatibility with Graylog 4.1
- Change plugin license to SSPL version 1
- Split "advanced settings" navigation button into two buttons, one to the alert definition, the other to the notification (issue #57)
- Remove blocking dialog box at the end of rule creation (issue #57)
- Add search input to filter rule to export by their title (issue #46)
- The Aggregation Time Range in the configuration of the plugin is now taken into account when creating the notification of a rule (issue #47)
- The input of Fields Conditions is now case sensitive (issue #48)
- Return correct value for the additional_threshold_type when requesting a rule (issue #34)
- Add compatibility with Graylog 3.3
- Update dependencies
- Update dependencies
- Fix #28 The log body defined in the Logging Alert Configuration Configuration is not used
- Update dependencies
- Update dependencies
- Fix front issue
- Add compatibility with Graylog 3.2
- Fix #19 Pipelines created with new rule
- Add the possibility to create lists and alert rules with condition on these lists
- Fix Performance problem
- Add compatibility with Graylog 3.0
- Export and Import all the notification parameters
- Fix the issue of infinite loading for the Field Rule component
- Fix the issue of notification reset (issue #5)
- Fix the issue of alert rule title when the title includes a slash (issue #4)
- Add compatibility with Graylog 2.5
- First release