Release Notes


Breaking changes

  • Siren Search UI is completely removed in this version.

Bug fixes

  • Fixed a bug where the geo shape query would throw an error when executed on a non-existing field.

  • Fixed a bug in Siren web services which did not allow any to be the field type.

  • Fixed an issue where the relationship matches preview would not work with relations based on the _id field.

  • Fixed a bug in the global search configuration where the fields would get sorted as soon as the values were updated.

  • Fixed an issue where data wasn’t ingested when the payload was too large.

  • Fixed a bug where it wasn’t possible to export data to Jira if the Summary field was not in the English language.

  • Fixed a bug where creating a search in an empty .siren index wouldn’t use the open API schema to create the Elasticsearch mappings.

  • Fixed an issue where the migrations in dashboards with Web service visualizations would be incorrectly triggered.

  • Fixed a bug in Siren Investigate logger where the logs would stop updating on Windows when using Node.js version 18.x.

  • Fixed an issue where alerts would continue to be executed by multiple Siren Investigate nodes at the same time when one node was briefly disconnected from the network.

  • Fixed an issue where an Investigate process would always create data.json file in the main folder when sentinl.settings.cluster.enabled was set to true.

  • Fixed a bug where visualizations with errors caused by missing/invalid typeNames prevented other saved objects from being loaded.

  • Fixed a bug where it was not possible to delete properties from a saved advanced watcher.

  • Fixed an issue where the Siren API currentVisualization.openModal wasn’t working as expected with multiple graph browser visualizations on the same dashboard.

Graph browser bug fixes

  • Fixed an issue where a layout operation was triggered when disabling the map mode.

  • Fixed a bug where nodes could be dragged and dropped into a combo.

  • Fixed a bug where subsequent expansions would lead to incorrect undo states.

  • Fixed an issue where changes to groups were not persisted when switching back and forth between visualizers.

  • Fixed an issue where the nodes were not refreshed after the link was edited.

  • Fixed a bug where the undo operation would throw an error.

  • Fixed an issue where editing a link on the graph would not work with multifield values.

  • Fixed an issue where reloading graphs on the sidebar wasn’t maintaining the changes made on the graph during the same session.

  • Fixed a bug where the timebar was applying the wrong offset.


  • Added current version value to the version property in saved objects to be displayed in the API documentation.

  • Bumped Node.js to version 18.18.2. For more information, refer to the changelog.

  • Improved responsiveness of components on the graph sidebar.

  • Babel has been bumped to 7.23.2. This addresses CVE-2022-25883 and CVE-2023-45133.

  • All files created when Investigate runs in multi-node alerts configuration are now created inside the optimize folder by default.

  • Both options sentinl.settings.cluster.gun.cache and are now respected.

  • Graph browser layouts are now deterministic: for a given set of nodes, the layout always puts the nodes in the same position even when the layout is run multiple times.

  • Improved the performance of the standard graph browser layout and the gforce layout.

  • A basic template structure is now provided when trying to create a new template.

  • Added a migration that moves all the saved graphs from Investigate version 13.x into a sidebar folder called 'migrated graphs'.


Bug fixes

  • Fixed an issue that threw the fatal error on the data model page if the user permissions were misconfigured.

  • Fixed a bug where an error was shown when user tried to delete default scripts.

  • Fixed a bug which showed a warning when saving a script multiple times.

  • Fixed an issue where the migration process would display false positive objects to migrate.

  • Fixed an issue that made it impossible to edit aggregated relations.

  • Fixed a bug where the login screen background was broken on mobile devices.

  • Fixed an issue where the WMS layers dropdown in the enhanced tilemap configuration would not appear making it impossible to select a layer.

  • Fixed an issue where the watcher script would throw an error when saving the script the second time.

Graph browser bug fixes

  • Fixed an issue where hidden nodes would still be represented with dots when zooming in and out on the map.

  • Fixed an issue where the graph timebar was reset after moving or laying out nodes.

  • Fixed a bug where inverting the selection would not consider selected groups.

  • Fixed an issue where the live filter was not maintained after switching between saved graphs.

  • Fixed a bug where switching out of the map mode and back into it would not correctly restore node size.

  • Fixed an issue where disconnected groups were not positioned correctly after a layout operation.

  • Fixed an issue where zoom operations using the navigator didn’t maintain the center of the graph as the focus point.

  • Fixed a bug where restoring the graph would not reset to the latest saved state.

  • Fixed an issue where dragging the timeline would stop the drag operation when going outside the timeline component with the mouse pointer.

  • Fixed an issue where creating a group in map mode would break the graph browser visualization.

  • Fixed a bug where the nodes would not center properly when the groups were expanded or collapsed.


  • The Siren API currentVisualization.groupSelectedNodes now accepts an optional object that can contain the name of the group.

  • When the sidebar is in an unlocked state, the drop area gets highlighted when dragging a sidebar item.

  • The hierarchy layout is now executed on each subgraph thus making the complete graph easier to peruse.

  • The Siren Fontcustom Docker image base was updated from Debian 11 to Debian 12.

  • The datasource_cache_size property is completely removed.

  • The response time for queries with aggregations is decreased by optimizing the JSON to string operations.

  • The standard layout on the graph browser is improved further by using the clustering information.


Breaking changes

  • The Docker images now use a Debian 12 base which has compatibility issues with the older versions of docker. It is recommended to use the Docker version 24.x or later to run the images.

  • JDBC datasources and Siren Search UI have been deprecated in this release. They will be removed completely in upcoming releases.

New features

  • It is now possible to set a preferred direction of a relationship in the relations tab in the data model. For more details, see Setting preferred relation directions.

  • Siren Investigate now validates the contents of saved objects before they are saved in Elasticsearch. For details, see Object Definitions API

  • The scripting editor now provides code autocompletion.

  • You can create and view graphs on a sidebar. For more details, see Graphs.

  • Siren Investigate now provides the capability to set a default dataspace by setting the kibana.defaultDataspace property in the investigate.yml.

  • This release includes the new Siren logo and rebranding changes.


  • The base image of the Docker images has been bumped from Debian 11 (bullseye) to Debian 12 (bookworm).

  • The calculation of the counts of relations has been optimized to use aggregation-based counts for relations landing on a single value.

  • The default client side cache size is increased to 5000 objects. Additionally, it is now possible to configure the property via the investigate_core.client_side_cache_size setting in the investigate.yml.

  • The computation of inherited relations was improved to decrease the loading time of the graph browser.

  • EID counts are disabled when dropping a dashboard into the graph browser if counts are disabled for the underlying relation.

Bug fixes

  • Fixed a bug in which all the nodes were not selected when loading a saved graph.

  • Fixed a bug where it was not possible to make changes to i2 export JSON fields.

  • Fixed an issue where a lot of errors were shown in the browser console when trying to edit template columns.

  • Fixed a bug where the upgrade procedure would throw an error if the user set kibana.index to an alias in investigate.yml.

  • Fixed a bug that prevented mouse drag operations in the parallel charts visualization.

  • Fixed a bug where the apply changes button was being disabled for the line chart visualization on the edit page.

  • Fixed a bug where modifying the saved search would not update the record table.