Release notes

Added the investigate_core.notify_uncaught_browser_exceptions setting, allowing uncaught browser exceptions to be displayed as standard errors in Siren Investigate.

Expanded the Upload Center search function to search for both project names and individual upload names.

Improved the error reporting when loading data from file imports.

Added the ablity to sort the source and target columns in the transform step of the import process. Also, the columns are now independently scrollable.

In the Copy Selection panel of Siren Search, the Create Graph button is now hidden for users that don’t have permission to create graphs.

Modified the upgrade procedure to no longer force logs to be written to stdout. This allows logs to be configured to write to a file.

Pinning or unpinning invalid IDs via the Siren API now returns clearer error messages.

Reduced the number of characters shown before highlighted terms in the search highlights panel, making matches easier to spot.

Fixed a bug where users without sufficient permissions did not receive a warning when attempting to save changes to the Entity Table.

Fixed a bug where saving scripted fields unnecessarily required access to the Dev Tools app.

Fixed an issue where the graph node count did not update automatically after importing nodes from a file and performing subsequent actions such as deleting nodes.

Fixed a bug where the lower-right graph info panel failed to display with a console error about "fetching metadata".

Fixed an issue where, in certain scenarios, edges were not generated for nodes belonging to middle entity table of a Record-as-Relation.

Fixed an issue where geofield or range field mappings could auto-populate even when no equivalent incoming field name existed.

Fixed a bug where CSV exports from the graph browser table did not correctly escape special characters, resulting in malformed files.

Fixed a bug where users without the Create Graph permission could not see the Add to Graph button in the Upload Center.

Fixed an issue where Record-as-Relation date formatting was not preserved when switching graphs.

Fixed an issue where unconnected nodes and groups were visible inside expanded groups in map mode.

Fixed a bug where closing the Change primary keys in all dataspaces? modal did not prevent changes from being applied in the Entity Table.

Fixed a bug where the project search functionality in the Upload Center did not work as expected.

Bumped node to 22.22.1. For more details, see https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V22.md#22.22.1.

Introduced the new Siren Map, replacing the legacy enhanced_tile_map and region_map visualizations. Siren Investigate now includes a single, unified map visualization that can be used both on dashboards and within graphs. Existing systems with enhanced_tile_map or region_map visualizations will be automatically migrated to the Siren Map during upgrade. For configuration details, see the map visualization documentation.

Introduced the capability of sharing graphs and dashboards with users and managing the level of access they have. For more information, see sharing with users.

The layouts in the graphs can now be kept steady with the new node pinning feature — connected nodes now stay put when adding new elements. Plus, Map Mode is now more flexible, visualizing nodes with or without geo-coordinates simultaneously.

Fields for entity types can now appear as bullet points under the nodes on graphs. For more information, see bullet points under default settings.

In order to import and upload data, the Investigate backend user must now have the admin/refresh permission which is associated with the maintenance Elasticsearch privilege. For configuration information, see imports and uploads in Elasticsearch.

A new x-siren-dls header is now passed between Investigate nodes and the Elasticsearch cluster to enforce data segregation between dataspaces and data projects. If a proxy is used between Investigate and Elasticsearch, ensure x-siren-dls is added to the proxy’s allowed headers list.

Improved the backend handling of saved object exports, preventing crashes in certain scenarios.

Unselected nodes can now be ungrouped directly by clicking their label on the Saturn timebar.

Disconnected nodes are now arranged in a grid layout, improving usability and space efficiency.

Added a fullscreen mode to text editors in Advanced Settings, providing a larger canvas for making substantial changes more easily.

Investigate now sets a safe default for investigate_access_control.session_termination_whitelist.local_storage_keys, including all local storage keys that do not contain sensitive information. This improves the user experience by preventing default help popups from reappearing after re-login.

Users now receive notifications when backend or frontend security certificates are within 30 days of expiration or have expired.

Removed timeout behind Investigate’s HapiJS requests when configured behind a base path proxy.

The standard graph layout has been significantly refined in this release. Key enhancements include a streamlined configuration (removing the tightness parameter), more accurate supernode detection, optimized handling for pinned nodes, and improved cluster separation for enhanced readability and spatial clarity.

The edges on the graph can now be grouped by selecting connected nodes which was only previously possible by selecting the edges between nodes. Grouped edges inherit consistent styling, are more visually distinct, behave correctly during graph undo/redo operations and can now be removed through the graph selection table.

Default graph browser scripts are now created with 'view' permission granted to the 'everyone' role.

Anchored the Next and Import buttons to the bottom of the Importing data modal to avoid scrolling, improving user experience.

Added a Sharing with users section in the Management page for easier access to user sharing controls.

Fixed a bug where overwriting a graph with multiple duplicate titles could overwrite the wrong graph.

Fixed a bug where transformer objects could be created with empty names.

Fixed an issue where sidebar apps loaded with a delay after installing a Siren license.

Fixed an issue where Siren Investigate attempted to reconnect to Elasticsearch too frequently.

Fixed a bug that could cause data to leak into unrelated data projects due to improper request caching on XPack/Elastic Security installations.

Fixed an issue where nodes were not fitted correctly on the graph when the timebar was enabled and the graph was resized.

Fixed a bug where hidden relations were not visible in the relational graph, and added a button to toggle their visibility.

Fixed an issue with icon layout in the dynamic filters pane when using custom icon packs.

Fixed a bug where pinned nodes affected subsequent graph layouts.

Fixed a bug where using suggested values while adding a filter did not enable the save button.

Fixed a bug where applying multiple filters using Ctrl + click did not work correctly on dashboards containing multiple visualizations of the same type bound to different entities.

Fixed an issue where the link to return to the home page was broken when users opened a page they did not have access to.

Fixed an issue that could prevent Siren Investigate from starting with Elasticsearch 7 under certain certificate verification configurations.

Fixed an issue where entity resolution could fail when mapped to a field that does not exist for a record.

Fixed a bug where copy and paste using keyboard shortcuts did not work in map mode.

Fixed an error that occurred during Siren Alarm template initialization on fresh installations.

Fixed a bug where saved object permissions would reset when upgrading Siren Investigate.

Fixed a bug where dashboard sidebar would keep closing in no security installations.

Fixed a bug where the Create button in the dashboard sidebar was not visible to users with the Private creator role.

Fixed a bug where multi-edges appeared in random positions when zooming out in map mode.

Fixed an error raised by the any_to_doc_single_equality EdgeCreator when expanding by relations on a graph with a local node.

Fixed a critical bug where the session ping no longer extended the Federate session lifetime, forcing a logout after 10 minutes in all Investigate installations that used the http-basic authenticator. Customers that used the openid or saml authenticators were not affected.

Updated a package to fix a critical CVE https://security.snyk.io/vuln/SNYK-JS-EXPREVAL-13508636.

Fixed a bug that prevented saving Elastic Security roles from the Access Control app.

Bumped node to 22.22.0. For more details, see https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V22.md#22.22.0.