Release Notes


Security fixes


This is an essential update. You must upgrade to version 13.1 or later by April 30, 2023. After this date, earlier versions will completely lose graph functionality.

Bug fixes

  • Fixed an issue in dashboard 360 where local filters on a visualization were getting applied to other visualizations.

  • Fixed an issue in the topic clustering visualization where it was showing a warning about mappings not being found.

  • Fixed a bug where it was not possible to delete records belonging to child searches.

  • Fixed an issue where an aggregated expansion would fail due to missing field in the starting document.

  • Fixed an issue where search.getDataModelEntity() scripting method was throwing an error.

Graph Browser

  • Fixed an issue where undo and redo actions were not working properly after creating a group.

  • Fixed a bug where groups were not getting included in the layout operations.

  • Fixed an issue where some nodes and their counts were not visible after the undo action.

  • Fixed an issue where the wrong icon class was being set when selecting entities.

  • Fixed a bug where clicking the Add all button was not adding all nodes to the graph.


  • Added the capability to include the graph model in the Siren API graph expansion event.

  • Improved simple relations table rendering time to ensure fast loading even when the number of relations are high.

  • Added a new proxy user which is used by the system for editing the records, sirenrecordeditor, to the distributions with security.

  • Bumped webpack to 5.76.2 which addresses the CVE-2023-28154.

  • Added the pretty option to the /api/status API.

  • In the graph browser, the fruchterman layout is now the default layout because it produces the best and the fastest results.


This is an essential update. You must upgrade to version 13.1 or later by April 30, 2023. After this date, earlier versions will completely lose graph functionality.

Breaking Changes

The required permissions for record editing have been changed. The Investigate backend user must have WRITE permissions on the index used to store the edited records. For more information, please refer to the Configuring security for record editing section of the documentation.

Bug fixes

  • Fixed a bug where the sorting on the visualize page was being done case sensitively.

  • Sub searches will no longer show up in the nested search selector without their parent searches.

  • Fixed a bug where the subsearches were not available in aggregated relations wizard.

  • Fixed an issue where the search name on dashboard 360 was visible only after saving the data model.

  • Fixed a bug where some translations keys were not generated when creating the translation file.

Graph Browser

  • Fixed an issue with the nodes not moving away when expanding a group.

  • Fixed a bug where the right-click was not consistent with the left-click.

  • Fixed an issue where nested groups are not selectable.

  • Fixed a bug with map panning and zoom not working with the keyboard after the brush selection is changed.

  • Fixed a bug in the Siren API methods visualization.getDataModelEntity and visualization.getSearchSource which were throwing an error.

  • Fixed an issue where the nodes were hidden when disabling the 'node to edge' lens.

  • Fixed an issue where the labels were missing for undirected relations.

  • Fixed a bug in a migration to handle nodes and edges that had configured the HTML color names.

  • Fixed an issue in the Siren API currentVisualization.addFromDashboard where the returned promise was getting resolved before the operation ends.


  • Upgraded Babel and its dependencies to 7.21.x.

  • Added support for extended labels on hover of aggregated edges.

  • Node.js version was bumped to version 16.19.1 because it’s a security release. The details are available in the node.js changelog

  • Improved the CSS of the i2 names reference list in the i2 plugin to make it clear that the list is not selectable.


This is an essential update. You must upgrade to version 13.1 or later by April 30, 2023. After this date, earlier versions will completely lose graph functionality.

Breaking Changes

Support for using a local TLS admin client certificate to send requests from the Search Guard configuration UI has been removed. Adding following options in investigate.yml will be no longer valid.




To grant access to the administrative API, use the searchguard.restapi.roles_enabled Elasticsearch setting.


  • Angular.js templates used in record table visualizations are now deprecated.

Bug fixes

  • Added back the functionality to save entity tables and child searches on the discover page.

  • Fixed an issue where the pagination of the tables used on scripted panels was not working.

  • Fixed a bug in JSON export where the exported file was incorrect when documents contained new lines.

Graph Browser

  • Fixed an issue in Siren API graphBrowserVis.loadGraph() where a parameter name was incorrect.

  • Fixed an issue where the count shown on the nodes was wrong.

  • Fixed a bug where combos were considered as selected when expanding the nodes.

  • Fixed an issue where groups and related edges were incorrectly put in the background.

  • Fixed an issue with undo/redo not working when moving unselected groups.

  • Fixed an issue with undo/redo with group of groups.

  • Fixed a bug about group resizing when moving a contained element.

  • Fixed a bug where nodes added with map enabled won’t overlap when disabling the map.

  • Fixed an issue with ctrl+click not adding elements to the current selection.

  • Fixed an issue with the selected relations counter showing the wrong number.

  • Fixed a bug with groups not moving when dragged with other elements.

  • Fixed an issue with keyboard shortcuts when there were multiple graph browsers on the same dashboard.

  • Fixed an issue with label truncation to show the full label on tooltips.

  • Fixed a bug with counts not being executed for nodes added by a node to edge lens.

  • Fixed an issue with the ping animation not taking the size of nodes into consideration.

  • Fixed a bug in temporal lens to work with the latest graph browser engine.

  • Fixed an issue in the Siren API function dashboard.fetchAllDashboards() which was using a deprecated function internally.

  • Fixed an issue where the undo operation on group move was excluding outdated edges.


  • Bumped webpack to version 5.75.0.

  • Improved updateItemsUI API to support changing images on nodes.

  • Sorting nodes through the contextual menu or sirenAPI now has undo and redo capabilities.


This is an essential update. You must upgrade to version 13.1 or later by April 30, 2023. After this date, earlier versions will completely lose graph functionality.

Breaking Changes

Graph Browser functionality

The rendering engine of the Siren Graph Browser has been completely overhauled to provide more scope for functionality in future releases. As a result of this work, there have been improvements to how the Graph Browser works:

  • Improved tooltip handling for fewer glitches with tooltips.

  • Improved timebar: the timebar now resolves in milliseconds and the left boundary is fixed when playing.

  • Additional play modes are coming in the next releases.

  • Improved contextual menu: width issues are resolved and the contextual menu no longer renders outside the boundaries of the visualization.

  • Improvements to the undo/redo engine - some operations are still missing and are planned for the next releases.

The following layouts were removed because they are incompatible with the new rendering engine:

  • Organic

  • Sequential

  • Tweak

  • Structural

The following advanced layouts were added:

  • Fruchterman’s forced layout

  • Lens layout

Temporary changes

Some functionality has been temporarily removed, or downgraded, and will be added back in subsequent releases. These are as follows:

  • The Temporal Connection lens.

  • The halo around a node for the advanced lens.

  • The status update bar at the top of the window when the layout is running.

  • The full label of an aggregated edge displaying on hover.

  • The ping animation currently does not take the size of the node into account, so it might look smaller if you make nodes bigger and vice versa.

  • Support for dashed and dotted link styles.

  • The selection change event has been moved from the global sirenAPI level to the visualization level. This means that only scripts attached to the visualization emitting the event will react to it.

To adapt your custom cards, first switch the listener:


sirenapi.on(sirenapi.EVENTS.CUSTOM, event => {


currentVisualization.on(sirenapi.EVENTS.CUSTOM, async (eventName, data) => {

The event object lost the innermost level that was accessed via the graphId property. For example, to access the cards configurations you only need to do:

const configurations = event["cardConfigs"] || [];

Refer to the histogram card source code for additional clarifications.

OnUpdate scripts
  • Previously deprecated onUpdate scripts have been removed.

Security fixes

New features

  • Introduced the ability to toggle filters on an individual visualisation panel from a dashboard.

Bug fixes

  • Fixed an issue where editing the Graph Browser while the selection table was open would prevent the entities from appearing in entities list.

  • The default label of an entity or node ID now shows when no fields are selected on the Graph Browser selection table.

  • Fixed an issue where the 'Query web service' visualisation sends 'float' inputs to web services as text.

  • Fixed an issue that caused the entity select on the graph to prevent entity selection when the selection sidebar was open.


  • Upgraded jquery to version 3.6.3. For the full list of changes, see the 3.6.3 changelog.

  • The sirenapi script type has been divided into three types - custom, record template and card.