Changelog#

This page includes IDSTower releases history & a highlight of Major features/enhancements added.


2.2.0 - (3-6-2022)

Changes:

  • Enterprise Feature: Added an AWS Connector, which lets you setup periodic export of IDS Rules & Indicators to AWS Network Firewall as stateful rule groups, this means that you can now use IDSTower to Manage your AWS Network Firewall Suricata Compatible Rules, expect more connectors in the future!

  • Feature: Allow user to change monitored interfaces easily on Suricata hosts.

  • Feature: Rules Management UI now supports searching & filtering using Rules Tags.

  • Feature: Rule Action Override, users can now easily Override the rule action (eg: alert, drop…etc) without having to edit the rule source code, IDSTower will transform this when the rules are sent to Suricata Hosts or exported to AWS, you can also set the rule action for multiple rules at once (aka: bulk change) via the Rules Management UI->Rules Actions dropdown menu, moreover, you can enable/disable this behavior via Settings as the case with other Overrides.

  • Feature: Indicators Management UI now supports searching & Filtering Indicators by indicator type (eg: FQDN, IP…etc).

  • Improved: Importing/Parsing/Transforming IDS Rules are now faster by utilizing all available threads in the system.

  • Improved: Rule Category are carried over to new rule revisions automatically, categories the rules as you wish and IDSTower will assign the new revisions of the same rule into the same Category.

  • Improved: Rules & Indicators search performance has been improved by adding more indexes!

  • Bugfix: updated host heartbeat script to fix a bug that prevents heartbeats from being sent when monitoring more than one interface.

  • Bugfix: updated suricata.yaml template to correctly set cluster-id when monitoring more than one interface.

  • Various other bug fixes and improvements.

Please Follow the Upgrade guide from v2.1.0 to v2.2.0 to update IDSTower to the latest version.


2.1.0 - (3-10-2021)

Changes:

  • Feature: Now you can add a custom IDS Rules Feed, with various authentication modes supported.

  • Feature: Now you can do bulk actions on all IDS Rules and IOCs in the IDSTower.

  • Feature: IDSTower is now available as an RPM and DEB packages, a repository is available for both.

  • Various other bug fixes and improvements.

Please make sure to do a config refresh after upgrading to this version to update IDS Hosts configuration files to the latest version, you can do this via Cluster->Hosts->Hosts Actions->All Hosts->Refresh stale config


2.0.2 - (10-8-2021)

Changes:

  • Feature: Https certificate setup, please follow this guide to configure https on IDSTower

  • Feature: Added support for AWS Amazon Linux 2, now you can install IDSTower on AWS Amazon Linux 2 VMs.

  • BugFix: Fixed an issue with indicators update.

  • Various other bug fixes and improvements

Please make sure to do a config refresh after upgrading to this version to update IDS Hosts configuration files to the latest version, you can do this via Cluster->Hosts->Hosts Actions->All Hosts->Refresh stale config


2.0.1 - (14-7-2021)

Changes:

  • Feature: Addded the ability to do an all-in-one install, now you can deploy Suricata to the same Host running IDSTower.

  • BugFix: Fixed an issue with Ubuntu 18 with old ansible versions.

  • Various other bug fixes and improvements.


2.0.0 - (19-6-2021)

Changes:

  • Major release with new features & significant improvements.

  • Suricata now is auto-configured to alert on Indicators of compromise, including Malicious IPs, Domains & Hashes using IPRep & DataRep features of Suricata.

  • Out-of-the-box integration with 14 Threat Intelligence feeds (free & commercial) that covers both IDS Rules & indicators of compromise (IOCs), with total control on update frequency, assigned score & auto-expiry date.

  • Easy-To-Use Indicators Management Interface, with integrated references to investigation tools like VirusTotal, IpInfo & SecurityTrails.

  • Complete IOCs Life-Cycle Management, covering ingestion from feeds, scoring, auto-deployment & auto-expiry, with manual control when needed.

  • Rules & IOCs changes are automatically pushed to Suricata Hosts & Suricata service auto-reload rules when changes detected.

  • Full Control on Rules Transformation settings, you can now enable/disable specific Transformations.

  • Rules Transformation option to set Rule Target Keyword using Heuristics.

  • Rules Transformation option to replace $EXTERNAL_NET rule variable with “any” to expand rules detection to cover lateral movements in your network.

  • Rules Transformation options to add IDSTower Rule ID, IDSTower Rule URL, user added tags & other information to rules metadata keyword for more contextualized alerts!

  • Full Control on Indicators Alerting settings, Enable/Disable alerting on Malicious IPs, Domains & Files.

  • User Management Interface to add/remove/enable/disable users.

  • The Built-in Packages repository (for offline deployment) is now offered as a separate package to allow it to be independently updated.

  • Various other bug fixes and improvements.

  • To upgrade from version 1.0.x to this version, please follow this guide: https://www.idstower.com/docs/upgrade/upggrade_from_v1_to_v2.0.0.html


1.0.2 - (11-4-2021)

Changes:

  • Now you can force remove a cluster even when hosts are unresponsive.

  • Improved how UI handle redirection.

  • Various other bug fixes and improvements.


1.0.1 - (16-2-2021)

Changes:

  • Added support to deploy & manager Suricata in Ubuntu 18.04 (Bionic) and Ubuntu 20.04 (Focal).

  • Added all packages necessary to deploy Suricata to an offline cluster.

  • Various bug fixes and improvements.


1.0.0 - (29-1-2021)

Changes:

  • Initial public release.