Release notes

Introduced the new Siren Map, replacing the legacy enhanced_tile_map and region_map visualizations. Siren Investigate now includes a single, unified map visualization that can be used both on dashboards and within graphs. Existing systems with enhanced_tile_map or region_map visualizations will be automatically migrated to the Siren Map during upgrade. For configuration details, see the map visualization documentation.

Introduced the capability of sharing graphs and dashboards with users and managing the level of access they have. For more information, see sharing with users.

The layouts in the graphs can now be kept steady with the new node pinning feature — connected nodes now stay put when adding new elements. Plus, Map Mode is now more flexible, visualizing nodes with or without geo-coordinates simultaneously.

Fields for entity types can now appear as bullet points under the nodes on graphs. For more information, see bullet points under default settings.

In order to import and upload data, the Investigate backend user must now have the admin/refresh permission which is associated with the maintenance Elasticsearch privilege. For configuration information, see imports and uploads in Elasticsearch.

A new x-siren-dls header is now passed between Investigate nodes and the Elasticsearch cluster to enforce data segregation between dataspaces and data projects. If a proxy is used between Investigate and Elasticsearch, ensure x-siren-dls is added to the proxy’s allowed headers list.

Improved the backend handling of saved object exports, preventing crashes in certain scenarios.

Unselected nodes can now be ungrouped directly by clicking their label on the Saturn timebar.

Disconnected nodes are now arranged in a grid layout, improving usability and space efficiency.

Added a fullscreen mode to text editors in Advanced Settings, providing a larger canvas for making substantial changes more easily.

Investigate now sets a safe default for investigate_access_control.session_termination_whitelist.local_storage_keys, including all local storage keys that do not contain sensitive information. This improves the user experience by preventing default help popups from reappearing after re-login.

Users now receive notifications when backend or frontend security certificates are within 30 days of expiration or have expired.

Removed timeout behind Investigate’s HapiJS requests when configured behind a base path proxy.

The standard graph layout has been significantly refined in this release. Key enhancements include a streamlined configuration (removing the tightness parameter), more accurate supernode detection, optimized handling for pinned nodes, and improved cluster separation for enhanced readability and spatial clarity.

The edges on the graph can now be grouped by selecting connected nodes which was only previously possible by selecting the edges between nodes. Grouped edges inherit consistent styling, are more visually distinct, behave correctly during graph undo/redo operations and can now be removed through the graph selection table.

Default graph browser scripts are now created with 'view' permission granted to the 'everyone' role.

Fixed a bug where overwriting a graph with multiple duplicate titles could overwrite the wrong graph.

Fixed a bug where transformer objects could be created with empty names.

Fixed an issue where sidebar apps loaded with a delay after installing a Siren license.

Fixed an issue where Siren Investigate attempted to reconnect to Elasticsearch too frequently.

Fixed a bug that could cause data to leak into unrelated data projects due to improper request caching on XPack/Elastic Security installations.

Fixed an issue where nodes were not fitted correctly on the graph when the timebar was enabled and the graph was resized.

Fixed a bug where hidden relations were not visible in the relational graph, and added a button to toggle their visibility.

Fixed an issue with icon layout in the dynamic filters pane when using custom icon packs.

Fixed a bug where pinned nodes affected subsequent graph layouts.

Fixed a bug where using suggested values while adding a filter did not enable the save button.

Fixed a bug where applying multiple filters using Ctrl + click did not work correctly on dashboards containing multiple visualizations of the same type bound to different entities.

Fixed an issue where the link to return to the home page was broken when users opened a page they did not have access to.

Fixed an issue that could prevent Siren Investigate from starting with Elasticsearch 7 under certain certificate verification configurations.

Fixed an issue where entity resolution could fail when mapped to a field that does not exist for a record.

Fixed a bug where copy and paste using keyboard shortcuts did not work in map mode.

Fixed an error that occurred during Siren Alarm template initialization on fresh installations.

Fixed a bug where saved object permissions would reset when upgrading Siren Investigate.

Fixed a bug where dashboard sidebar would keep closing in no security installations.

Fixed a bug where the Create button in the dashboard sidebar was not visible to users with the Private creator role.

Updated a package to fix a critical CVE https://security.snyk.io/vuln/SNYK-JS-EXPREVAL-13508636.

Fixed a bug that prevented saving Elastic Security roles from the Access Control app.

Bumped node to 22.22.0. For more details, see https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V22.md#22.22.0.