Release Notes

You must upgrade to version 13.1 or later by April 30, 2023. After this date, earlier versions will completely lose graph functionality.

12.1.7

Bug fixes

  • Fixed a bug in sentinl that caused the to and from fields for email actions to not save correctly.

  • Fixed a bug in sirenapi where a chart’s click handler would set the incorrect value to indicate which part of the chart was clicked.

  • Fixed a bug that caused multiple confirm messages when the user logs out.

  • Fixed a bug where scroll search was called without index parameter, which in certain situations could cause migrations to fail.

  • Fixed a bug that caused a user to see a notifier saying that the savedObject saved successfully after the user clicked 'Cancel' on the modal.

  • Fixed a bug that caused the dashboard filter counter to not update after the user selects dashboard filters.

  • Fixed an issue that caused inverse relations not to be visible on the graph browser.

  • Fixed an issue on 360 dashboards that caused filters to be excluded from count queries in certain scenarios and the incorrect count to be shown.

  • Fixed an issue that caused the input control visualization to exclude the Include hours/minutes option in created filter labels.

  • Fixed an issue that caused the graph browser to crash when selecting a node with an image if the timebar is enabled.

  • Fixed an issue about missing dependency that didn’t allow the i18n extract scripts to run successfully.

  • Fixed a regression that caused long numbers to not render properly even when the support for long numbers is enabled in Advanced Settings through the siren:support-large-numbers property.

  • Fixed an issue that prevented the global search panel reopening after dragging and dropping a record on a dashboard.

  • Fixed an issue where a positive filter was being created when selecting the 'missing' bucket in the Tag Cloud visualization.

Security fixes

  • Fixed CVE-2022-47543. Modification of non-dataspaced objects is now restricted to admins only.

  • Fixed CVE-2022-47544. Script editing is now restricted to admins only.

Improvements

  • Added the capability to add a custom name for the aggregation layer in the enhanced coordinate map visualization.

  • Moved the dataspace ACL permissions to a separate section. This is to clarify that these permissions must be set explicitly and that setting the permission for Any type is not applied to a dataspace type.

  • Object owner can now transfer object ownership to another user. Previously, this action was reserved for investigate admin_role.

  • Introduced a new investigate audit log entry category called security. Currently this is used to log change of ownership events.

12.1.6

Security fixes

  • The TLSv1 and TLSv1.1 protocols are no longer supported by Investigate.

  • The following weak ciphers are now blocked: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA.

  • Upgraded vm2 dependency to version 3.9.11 to address CVE-2022-36067.

  • Upgraded canvg dependency to version 4.0.1.

Bug fixes

  • Fixed an issue in the Fields tab of the Datamodel page that causes a field with a configured formatter to always show as default.

  • Fixed an issue that caused sub-search filters to appear as dashboard filters in cloned dashboards with sub-searches.

  • Fixed a bug where it was possible to create a search object with siren.parentId with value equal to an empty string.

Improvements

  • Improved the performance of saved objects export operation when exporting objects from Management → Saved Objects → Export.

  • Added Thai language support in i18n.

  • Upgraded Node.js to version 14.21.1. For the full list of fixes, see the 14.21.1 changelog.

12.1.5

Improvements

  • Added the investigate_access_control.session.idleLogoutTime parameter which can force a logout when the user is inactive for the configured period of time.

  • Added the ability to use the current page records to apply dashboard filters by hovering over a single record or selecting all with the header checkbox.

  • Added the systemSearch session audit entry type for all system generated search requests.

  • Improved Graph Browser logs. Document IDs added to the Graph Browser are now logged in the UI audit entries.

  • Added the ability to configure the region map to reload the layer configuration from investigate.yml at runtime.

Bug fixes

  • Fixed a regression that caused dashboards to appear out of their groups when migrating from an earlier version of Siren Investigate.

  • Fixed an issue that caused created objects to be logged as updates. Created objects, such as dashboards and visualizations, are now logged as a create in the savedObject audit.

  • Fixed an issue that caused an error when the dashboard URL, generated by a custom watcher with the alternativeTimeField, is opened.

  • Fixed a bug that prevented access to the datamodel page if a user had permissions to a child search but not its parent.

  • Fixed an issue that caused custom watchers to fail when a dashboard uses a search query.

  • Fixed a bug that prevented a user from seeing other relations in the Relational Navigator when the user does not have permission to see one of the Entity tables.

  • Fixed a bug that caused the dashboards on the sidebar to not refresh when cloning a dashboard with the clone button from the top navigation bar.

  • Fixed a bug that removed the ability to use environment variable substitution when configuring Siren Investigate settings

  • Fixed a bug that made the system unresponsive when importing an entity table if it was misconfigured by setting siren.parentId to its own id.

12.1.4

Security fixes

  • Upgraded Node.js to version 14.20.1. For the full list of fixes, see the 14.20.1 changelog.

Improvements

  • Improved the getFirstRawFieldValue template method to avoid multiple requests to the backend.

  • The Siren API is now allowed to access a visualization’s most recent request/response for basic visualizations like histograms and pie charts.

  • Improved the graphBrowserVis.expandByRelation method to handle concurrent queries to not overload the backend.

  • Added a new configuration setting ingest.job_refresh_interval to customize the job refresh interval in the Data Import application.

  • Added the updateItemsUI and resetItemsUI methods to the GraphBrowserVis class in the Siren API.

  • Added an option to save the contents of a Graph Browser visualization to an A0 PNG image when map mode is not enabled.

Bug fixes

  • Fixed an issue that caused incorrect column names to be shown when a customized column was hidden.

  • When saving entity tables or searches, there are no longer inconsistencies in determining whether the time field can be selected.

  • Roles are no longer missing from audit logs upon login when Siren Investigate was configured to use OpenID Connect for authentication.

  • Fixed an issue that caused the sessionId property to be missing from audit logs when Siren Investigate was configured to use OpenID Connect for authentication.

  • The _id metadata field is now included when data is exported in CSV format.

  • Fixed an issue that caused an error when filtering fields in the Record View.

  • Disabled the ability to store the x-opaque-id header value in audit logs.

  • Fixed an issue that caused overlapping values in the Input Control visualization dropdowns.

  • Fixed an issue that scrolled the complete view when scrolling a tag formatter.

  • Fixed a bug in 360 dashboards that could prevent the data model graph from being displayed.

  • Record Table visualizations on 360 dashboards are now refreshed immediately after changing the join type.

  • Fixed an issue that could prevent the global time range from being applied to visualizations attached to the main search in 360 dashboards.

  • Fixed an issue that caused an unnecessary migration on sidebaroptions to be requested after creating some dashboards on an empty Siren Investigate installation.

  • Fixed an issue that prevented saving virtual indices on datasources of type federate.

  • Fixed an issue that prevented persisting the "Use global time filter" data model setting in 360 dashboards.

  • Fixed an issue that caused combined groups to not be selected when selecting all the elements of a graph browser.

  • Fixed an issue that would cause the creation of multiple objects of type sidebaroptions when restoring a Siren Investigate dump on version 12.0.6.

  • Fixed a bug in the Tag Cloud visualization that created an incorrect filter when clicking on the label configured for the "Other" bucket.

12.1.3

Improvements

  • Added Esri Vector Tile support for Enhanced Coordinate Map.

  • Added a returnOnlyNew` argument the the graphBrowserVis.expandByRelation Siren API method. If set to false, the method will return all the nodes resulting from the expansion, including existing nodes. The flag is true by default.

  • The Investigate status API will now return code 503 when there is a problem with any of the application components.

  • When creating a new Enhanced Coordinate Map visualization, the default map type is now set to Shaded Geohash Grid and the Place markers off grid option is disabled by default.

Bug fixes

  • Fixed an issue that caused the Create Entity Table button on the Data Model to be disabled for up to 30 seconds when opening Investigate for the first time.

  • Fixed an issue where the mapping from the dynamic template for req.headers.* sub-properties in audit index was not correctly applied.

  • When duplicate centroids are detected by the Enhanced Coordinate Map visualization a warning that suggests to disable the Place markers off grid option is displayed. This issue can happen when there are geopoint fields containing an array of locations in the dataset due to the Elasticsearch issue described in elastic/elasticsearch#24694.

  • Fixed an issue that caused pinned filters to not be applied when exporting data from a Record Table visualization.

12.1.2

Security fixes

  • Updated nodejs to v14.20.0. For the full list of fixes, see the 14.20.0 changelog.

  • Upgraded the moment dependency to version 2.29.4 to address CVE-2022-31129.

  • Upgraded the vm2 dependency to version 3.9.10 to address CVE-2021-23449 and additional security fixes with no advisory.

  • Upgraded the jszip dependency to version 3.10.0 to address CVE-2021-23413.

Bug fixes

Record View

  • Fixed an issue that could prevent the Record View from displaying edited records after upgrading Siren Investigate.

Data Model

  • Fixed an issue that prevented fitting the Data Model graph correctly when clicking on the button to center it.

  • Fixed an issue that caused the count in the Relations tab to be wrong in the presence of self relations.

  • Fixed an issue that caused the icon in the sidebar to be updated before saving changes to an entity table / search.

Dashboards

  • Fixed an issue that caused filters to not be applied correctly on 360 dashboards having a child entity table as the main search.

Visualizations

  • Fixed an issue that prevented the the entity table selector in the configuration panel from working when a previously used field was removed from the underlying index.

  • Fixed an issue that could cause the Timeline visualization to not display data when changing the dashboard time range.

Graph Browser

  • Addressed an issue that required to execute bin/investigate upgrade after creating a new Graph Browser visualization and restarting Investigate.

Improvements

Record View

  • Added the ability to open, pan and zoom images.

Graph Browser

  • Added two new Siren API methods to manipulate Graph Browser visualizations, reCount and entitiesWithNoCounts. Learn more.

Visualizations

  • Added an option to incorporate geohash bucket sizes when showing a heatmap to the configuration of the Enhanced Coordinate Map visualization.

12.1.1

Bug fixes

Data Model

  • Fixed bidirectional links on data model graph showing arrows in only one direction.

  • Fixed an issue that prevented editing documents in "Use same index mode" on entity tables pointing to existing Elasticsearch indices.

  • Fixed an issue where some changes in the Data Model Options tab were not being saved.

  • Fixed unlinked nodes positioning themselves away from the others when selecting the hierarchy layout on the Data Model graph.

Graph Browser

  • Fixed an issue that prevented sorting graph nodes by count when one or more edges were part of the selection.

Record Table

  • Fixed an issue that prevented sorting data by a scripted date field.

Record View

  • Fixed an issue that prevented the deletion of a NLP annotation in the record view.

  • Fixed an issue that prevented changes to NLP annotations to be displayed before clicking on the Save button in the record view.

Dashboard

  • Fixed an issue that prevented exporting to PDF dashboards containing visualizations with characters outside of latin1 character set.

  • Fixed an issue that caused a wrong search request to be generated after creating a negated filter having multiple values by holding CTRL/CMD.

  • Fixed a bug that hid the value input box when editing a filter if the dashboard was not associated with a saved search.

  • Fixed a Dashboard 360 issue where, in certain conditions, the wrong query would be generated if there was a negative filter or a query saved with an entity table.

  • Fixed a regression in Dashboard 360 where certain disabled filters saved with a visualization were incorrectly injected into the generated queries.

Web services

  • Fixed an issue that prevented loading web service plugins built without the web services generator.

Miscellaneous

  • Fixed an optimization failure when siren_scripting.enabled is explicitly set to false in the configuration.

Improvements

Data Model

  • Clicking on the circular layout button now applies a circular layout rather than a concentric layout.

  • Data model tabs now indicate if there is an error without needing to change to another tab.

Graph Browser

  • Limited the number of input nodes for Common Communicators to 4 to reduce browser freezing.

Auditing

  • Now requests sent from the dev-tools panel are being logged when siren_audit is enabled.

Reporting

  • A more detailed error stack trace has been added when template scripts fail. Now, the line and stack trace are displayed to the user.

12.1.0

New features

Custom record views

You can now create custom views for your documents in the Overview tab of the Record View by writing template scripts. Learn more.

Reporting

Template scripts can also be used to generate reports from Elasticsearch documents in many different formats (PDF, HTML, Word and more) through integration with jsreport. Learn more.

Filter to dashboard

You now have the option to apply the filters from one dashboard to another dashboard associated to the same entity table. Learn more.

Security fixes

Breaking Changes

Saved objects

  • The index-pattern saved object type has been removed; the methods that were previously exposed by IndexPattern instances are now part of the SavedSearch interface.

Migration to Babel 7

  • Siren Investigate is now built with Babel 7; if you made any custom plugin it is recommended to test it on a pristine Siren Investigate 12.1 instance before upgrading.

Deprecations

Discover

  • The Discover application has been deprecated and will be removed in a future release. The buttons to create and save child searches from the Discover application have been removed.

Improvements

Auditing

  • Added a configuration option that allows customization of the Elasticsearch fields to be put in data export audit log entries. Learn more.

Data model

  • Enabled granular editing of relations in the Relations tab. When saving or deleting a relation the changes will now be applied immediately.

  • Improved the performance of the relations tab with a high number of relations.

  • Added a button to aggregate multiple relations between two entities into a single link showing the number of relations. In this mode, the individual relation names are displayed in a tooltip.

  • When transforming data it is now possible to test the transformation against any of the sample source documents.

Dashboard

  • It is now possible to use a visual date/time picker when creating filters on date fields.

  • When editing a visualization on a dashboard, you can now save it and return immediately to the dashboard by clicking on a Save and return button.

  • The tooltips showing data model explanations on 360 Dashboards are now enabled by default.

  • Modified 360 Dashboards to include documents from both the target and the source entity when self relations have the same label in both directions.

  • Replaced the graph based widget to pick relations in the 360 Dashboard data model configuration with a simpler dropdown based widget.

Record Table

  • Added options to rearrange the columns of the table to the column context menu.

Record view

  • It is now possible to use a visual date/time picker when editing date fields.

  • It is now possible to add multiple values to a field when editing a document in the record view.

Graph Browser

  • Links that represent self relations on the same field are now automatically hidden when the source and the target are the same node.

  • Added explicit drag and drop handles to the lens listing.

  • Added an option to the Node to edge by fields lens configuration that allows you to automatically expand intermediate nodes when creating edge links.

Relational Navigator

  • Added a configuration option that allows you to group relations having the same label into a single button.

  • Modified the relation links to include documents from both the target and the source entity when self relations have the same label in both directions.

  • Removed the automatic capitalization of relation links.

Development

  • The EUI library dependency has been upgraded to version 34.6.0 .

Bug fixes

Auditing

  • Fixed an issue that caused data requests initiated by the Graph Browser to be classified as count requests.

  • Fixed an issue that caused dataExport requests to be assigned to the HOME dataspace instead of the current one.

Data Model

  • Fixed an issue that prevented child searches from inheriting the search query and filters from their parent.

  • Suppressed an unnecessary warning which was appearing after saving changes to a child search.

  • Fixed an issue in the data import flow that caused leading zeroes in fields to be automatically stripped.

Graph Browser

  • Fixed an issue that caused nodes created by a time/location lens to not disappear when disabling the lens.

  • You can now use custom icons in node glyphs.

  • Fixed an issue that could cause a node to edge lens to not be applied automatically when adding nodes to the graph.

  • Fixed an issue that could cause a fatal error when switching between two dashboards with a Graph Browser visualization in map mode.

  • Fixed an issue that would cause all the nodes to be expanded when no checkbox was selected in the expansion dialog.

  • Adjusted the formula to determine the size of nodes at high zoom levels to minimize overlapping.

  • Fixed an issue that prevented the deletion of edges created by Node to edge by fields lens instances.

  • Fixed an issue that prevented opening the record view of nodes containing spaces in the _id field.

Enhanced Coordinate Map

  • Fixed an issue that would cause unnecessary rendering operations while changing the configuration of a visualization.

Scripting

  • Fixed an issue that could cause a fatal error when editing a script containing JSX fragments.

Record Table

  • Fixed an issue that caused a wrong search request to be generated after creating a negated filter having multiple values by holding CTRL/CMD.

Dashboard

  • Fixed an issue that caused a wrong confirmation dialog to appear after deleting a dashboard whilst in edit mode.

  • Fixed an issue that prevented nodes from being added to a Graph Browser visualization when dragging a dashboard with a modified state.

  • The explanation tooltip for visualizations in 360 Dashboards is now enabled by default following recent performance improvements.

Miscellaneous

  • Added the investigate_core.search.max_buckets configuration setting. This setting prevents aggregations with a large number of buckets from being processed by visualizations and freezing the browser. The default value of the setting is 1000.

  • Improved the Elasticsearch periodic health check to wait for the ACL index to be ready in addition to the main Siren Investigate index.