CS Release Notes

Added:
- Added API support for new CryptoSpike Server GUI
- Added possibility to add subject alt name in SSL generation
Changed:
- Improved blocking mechanism to take into consideration SID and IP of a blocked user
- Improved retrieval of filters mechanism via proxy
- Improved default values for ClickHouse save to avoid performance issues

Added:
- monit and ldapsearch capabilities (check user manual)
- Grafana reports Blocked User File Activity and FPolicy statistics
Changed:
- display NFS user for NFS activity (when user SID is not available)
Removed:
- phpmyadmin package

Fixed:
- allow filters with special characters

Added:
- ssl connection settings between FP and NetApp
- FILTER parameter for allowed expressions
- message queue and global actions limit configurations
Changed:
- Active users dashboard filtered also by userIP
- Deletion for old data from Clichouse at 00:00
- associate LDAP to all clusters

Fixed:
- volume duplication in cluster tree
- ghosts VScanner pools

Added:
- Email servers module in order to configure multiple email server
- Possibility to setup the interval to receive status email every x hours when an FPolicy Server gets disconnected and does not reconnect.
- Validate that certificate and key match when setup SSL certificates from GUI
- Mechanism to solve unknown ldap users automatically every X minutes. Use ldap.resolve.unresolved.users.job.interval config key from System-> Config-> Application
- Possibility to unblock multiple users
- Disabling double login will require a supervisor to approve the change
- LDAP allowed groups - added role testing mechanism
- Analyzer Learner - filter by actions
- Added windows style path in blocked user reason
- Endpoint to retrieve blocked users based on cluster and svm
- Reconnect system for the situations when an SVM has more LIFS and FP server is connected to more then one of them and disconnects only from one

Changed:
- Updated analyzer mechanism to allow a large quantity of blocked users (mostly for asynchronous config)
- Updated fpolicy status checker to trigger fpolicy disconnected email when it happens and not after the retry counter. also added status matrix to emails triggered by disconnect / reconnect states

Fixed:
- FPolicy status checker will now trigger reconnect email when the SVM has CIFS and NFS protocols enabled
- View logs from System status is now pointing to the correct URL
- New version notification now calculates correctly if a new version available
- Run Job on Quarz page will just run the job without messing the job schedule.
- Shares will be deleted on cluster refresh after they have been deleted from ontap
- Test Filter for Blocklist will now match for both lowercase and uppercase

Fixed:
- Double fixed

Fixed:
- Ignored reason save

Added:
- Force using mail.username.from when not empty

Added:
- Endpoints for blocking user for all CS instances
- Endpoints for Global Dashboard
- Api key for GW connections
- Force using mail.username.from when not empty
- Reverse lookup names for blocked users
- Allowed path accepts wildcard appended in svm name

Changed:
- FPolicy Status Checker not sending email when the disconnected reason is [No local lif present]
- FPolicy Status Checker email display in Outlooks
- LDAP allowed groups/roles - after authentication the specified roles will be added to current user
- Allowed expression on filters and patterns accepts UNIXID

Fixed:
- Drill down Active/Blocked users for NFS activity
- Endpoint for FP status (like matrix)
- Allowed expression escape for special characters in path
- Username not being displayed entirely for long names
- Blocked reason being cut off for files that contained dots

Fixed:
- Special chars in LDAP user name
- Change filter category name

Fixed:
- Ignored users save error and gone after restart

Fixed:
- Updated allowed exclusion rules from 1000 chars to longtext

Added:
- Time interval configuration for LDAP Refresh job [ldap.job.interval]
- Time interval configuration for FPolicy disconnect email [fpolicy.send.next.disconnected.email.interval]. Now if FP's are changing states because of environment, you will not be spammed with disconnected emails. We will only send disconnect email every x minutes defined by the configuration value
- Configuration for ignore user email alert [mail.ignore.user.username.to] and for displaying a dialog in which the ignore reason can be inputed [ignored.users.reason.dialog.show]
- Automatic refresh mechanism on Blocked users page. The key to activate the automatic refresh is [page.blocked.users.refresh.interval]
- Possibility to enable / disable sql logging of queries. Default disabled. The key in configuration is [sql_log_queries] under Log tab in System - Config
- The possibility to update Filter or Pattern from blocked users reason details
- Audit logging mechanism (audit.history config key) enabled for LDAP, email servers, system templates, analyzer patterns, filters.
- Added connection timeouts for Fpolicy external engine
- Added grafana session store
- Configuration for case sensitive processing for path variable in allowed expression [allowed.expression.case.sensitive], this config value is default set to Yes
- Parameters for blocking script for svm name, volume name, engine mode, and if the blocked user will be notified by email
- Added ignored users on cluster tree
- Added the possibility to use the variables from the email body in the email subject
- Confirmation dialog for LDAP servers deletion which are assigned to svms
- Added the possibility to add svm name and volume name for NFS allowed paths
- Automatic refresh of licenses when the Quartz checkLicenceJob runs
- Config keys for enabling the quartz jobs execution

Changed:
- Updated default events retention interval to 1 week
- Registration process it's not creating policy, scope and events on ONTAP, if there are no volumes setup for monitoring
- FPolicy Servers Status will show NOTHING TO MONITOR in the case of no volumes setup for monitoring
- Updated Blocked reason information using object instead of text

Fixed:
- Analyzer window message jumping
- Analyzer script null parameters set as empty
- Analyzer memory control refresh triggering error on browser after changing page
- FPolicy Servers Statistics correctly removes the interval for refresh when changing page
- Blocked user link in email will correctly display Grafana dashboard
- Test Blocklist missing column in query
- Advanced Analyzer processing for case sensitive paths

Fixed:
- Ignored users not being initialized after CryptoSpike Server update

Added:
- Email servers on cluster level (will be used for blocking users email)
- Blocked users add/edit feature
- Email notification for CIFS session close error on user block
- Added the possibility to add all the allowed exclusions via the Mass Exclude dialog in the Filters module

Changed:
- Ignored users update will automatically trigger a push to all fpolicy servers with the new list
- Called Clickhouse delete partitions every hour (with time interval where clause)

Fixed:
- Do not close CIFS and do not move to blocked group in asynch mode
- AD login for nested groups

Fixed:
- LDAP follow referral on AD login

Fixed:
- Blocked users Unblock all label
- Configuration value extended to longtext
- Policy label rename
- Blocked reason filters solve

Added:
- Checkbox to replace the default email subject for templates with the inputed one

Changed:
- The System Templates editor is now a dialog instead of a drawer

Fixed:
- Back to System Templates plain text editor

Fixed:
- Rich text editor for System Templates

Changed:
- Added more log info for AD login

Added:
- Configuration for notifying by email a blocked user that he has been unblocked [mail.unblock.user.notification]
- Configuration for http/https access to grafana link from blocked user email
- Configuration to use hostname instead of ip for grafana link from blocked user email
- Node location (Cluster/Svm/Volume|Share) in Ignored users email
- Warning message that shows duplicate values that appear in allowed exclusions input boxes

Changed:
- Persists in events the proper Svm/Cluster name when 2 volumes have the same MSID
- Ignored users - added more info about the cluster/svm/share
- Paths that match the filter's allowed path will be excluded from the test filter result by setting the [fpolicy.filters.test.with.pass.exclusions] configuration to Yes
- Delete clickhouse job updated to delete partition

Fixed:
- Email configurations for synch/asynch on blocking user
- Ignoring and removing a user from the ignored list will send the email to the address specified in the [mail.ignore.user.username.to] config
- Analyzer pattern allowed filter for file name

Fixed:
- Fixed null error on analyzer pattern edit

Added:
- Input to specify the TLS protocol supported versions for email servers
- Clear all notifications button

Changed:
- Retrieval for Blocked Reason filter (by Id instead of name)
- Allow duplicate ignored users for different treeNodeTypes

Fixed:
- Fixed svm_block on asynch blocked user
- Using $IP$ instead of IP in allowed expressions (and same for other fields)

Fixed:
- Ignored users load for large number of records

Added:
- Ignored users bulk add
- Possibility to setup start time for quartz jobs
- Monitor NFS and CIFS when protocol disabled but configuration key ontap.include.new.volumes.shares is Yes
- Advanced analyzer limits in Blocked users/Block reason tables.
- Sync/Async in Blocked users table.
- Unblock email to sync/async configured email address
- Added share in blocked reason

Fixed:
- Block NFS users for filter blocking activity from the same ip and using different UnixId
- Unblock NFS users with the same IP
- FileName/Path differences for AA blocking
- Ignored users for new Volume/Share
- LDAP error on LdapResolveUnresolved job

Added:
- Configuration blocked.users.asynch.count.limit to limit the number of asynch blocked users
- Usage of the wildcard operator into non regex matching

Fixed:
- ANALYSER_ALERT_USER_WARN_BY_EMAIL will act also for filter warnings
- Synchronous/asynchronous flag in blocked users from Advanced Analyzer
- Allowed expressions for regex matching

Fixed:
- FPolicy registration on different IP than Hazelcast one

Fixed:
- Proper Cluster/Svm/Volume names for NFS activity

Fixed:
- Check configuration blocked.users.asynch.count.limit with >= and not with >

Fixed:
- Fixed Analyzer Learner timezone offset

Added:
- Configuration ANALYSER_ALERT_USER_WARN_BY_EMAIL
- Default Clickhouse retention 1 week (for new installations)
- Report for blocked user file activity. This will show data only if the blocked.users.enable.history setting was enabled when the blocking occured
- Username column in Blocked user reason table
- Email notification for expired and soon to be expired licenses on the checkLicenseJob quartz job run
- Date and timestamp in notifications
- Created at column in Ignored users table
- Blocked.users.reasons.asynch.count.limit configuration key to limit the number of inserts in clickhouse table when running in asynch mode and a blocking event occurs. Default disabled.

Fixed:
- File activity button in Blocked users page will show history if blocked.users.enable.history is enabled
- Mail.username.from will act like a label when sending emails
- Blocked users reason table date sorting will sort all pages, not only current page
- Allowed path expression in filters / pattern will escape plus(+) and dot(.) when the path containers those symbols and the expression it's not prefixed with "(r)"

Fixed:
- svm_block templates variable is now working

Fixed:
- Fix cluster tree without node

Fixed:
- Fix LDAP ignored users log error

Added:
- Separate configuration for blocking user (Analyzer/Filter/Warn by email)
- FPOLICY_ANALYZER_NUMBER_BLOCK_FILTERS_WARN configuration (to warn the user for repeated action over a block filter - before being blocked)
- Test blocklist will be done in background, not blocking UI. Test blocklist will have history and download of past tests available.
- Show analyzer config popup after touching analyzer patterns
- Audit log compare mechanism (compare difference between versions)
- Email notification on manual user blocking
- Possibility to enable or disable patterns and/or filters blocking

Fixed:
- Fixed Allowed Path with format \\*\share\folder

Fixed:
- Fix Scheduled deletion for clickhouse events.

Fixed:
- Fix analyzer number of block filters

Fixed:
- Updated Log4j -> 2.15.0

Added:
- Aggregate information for call home
- Additional information for unblock user event sent to syslog

Fixed:
- Unblock action from notifications will check user permissions for unblock rights
- Correct email template used when blocking on filters / patterns is enabled / disabled
- Test proxy button
- Restore Mysql db from file with space in name

Fixed:
- Updated Log4j -> 2.16.0

Fixed:
- Updated Log4j -> 2.17.0 (fixing security vulnerability CVE-2021-45105)

Fixed:
- Updated Log4j -> 2.17.1 (fixing security vulnerability CVE-2021-44832)

Fixed:
- Grafana access based on active session from CryptoSpike or ProLion Control Panel

Fixed:
- Email alerting mechanism

Fixed:
- Email subject and synch

Fixed:
- Email alerting mechanism

Added:
- Unblock reason for unblock email
- Fallback link for blocking email when there is no active CryptoSpike session, in order to avoid empty grafana login page
- $name variable for user_alert_mail_unblock template

Added:

- Execute blocked script for NFS and unsolved users too

Fixed:

- Mass exclusion - remove white expression

- Test block list fix Excluded by white rules

Added:

- configuration ontap.register.exclude.disabled.volumes

Added:

- configuration EVLOG_SYSLOG_DISABLED_FOR_ERRORS to disable syslog for errors

Fixed:

- Syslog start error

Added:

- Configuration to delay FPolicy disconnect

Added:

- Decoupled SYSLOG message from email service

- Added JSON format in SYSLOG message ( for decoupled configuration )

- Added machine name in SYSLOG message

Added:

- Sent date in email header (internal)

Fixed:

- Blocked users history data retrieval

Added:

- Support for Grafana 9

- Support for Metrocluster

- Delay in hours to activate new filters

Changed:

- License check for missing licenses ( new or changed nodes )

Changed:

- Statistics generator interval to ten minutes

Changed:

- Moved grafana 9 reports to another folder

Added:

- Possibility to force garbage collection when the system used memory goes over 80 %. Enable configuration key gc.force.trigger.only.on.low.memory

Fixed:

- Ignored users import

Added:

- Timeout for solving user inside script executor