Beats version 7.17.6

edit

View commits

Breaking changes

edit

Bugfixes

edit

Affecting all Beats

  • Fix OS name reported by add_host_metadata on Windows 11. 30833 32259
  • Fix race condition when reloading runners. 32309
  • Fix race condition when stopping runners. 32433

Auditbeat

  • auditd module: Fix parsing of audit rules where arguments are quoted (like file paths containing spaces). 32421
  • auditd module: Fix minimum AuditStatus length so that library can support kernels from 2.6.32. 32421
  • system/socket: Reduce memory usage of the dataset. 32191 32192
  • libbeat/processors/add_process_metadata: Fix memory leak in process cache. 24890 29717

Filebeat

  • Fix threatintel module where MISP was paginating forever. 31784
  • Fix handling and mapping of syslog priority, facility and severity values in Cisco module. 32025
  • Fix http_endpoint input TLS handshake failures. 32105
  • Fix wrong state ID in states registry for AWS S3 direct input. 32164
  • Fix Cisco AMP rate limit and pagination. 32030
  • Fix race conditions when reloading filestream input. 32309
  • Fix handling of Checkpoint event for R81. 32380 32458
  • Fix MISP documentation for var.filters config option. 31434
  • Do not emit error log when filestream reader reaches EOF and close.reader.on_eof is enabled. 31109
  • Fix Cisco AMP rate limit and pagination. 32030
  • Fix using log_group_name_prefix in aws-cloudwatch input. 29695
  • Fix wrong state ID in states registry for awss3 s3 direct input. 32164
  • gcp-pubsub input: Restart Pub/Sub client on all errors. 32550 32712
  • Fix handling of stale log message handling in the winlog input 32168 32176

Metricbeat

  • Fix ARN parsing for Cloudwatch resource names with leading slashes. 32445
  • Add missing metrics in AWS Transit Gateway module. 32617
  • Replace internal expiring cache used by the Kubernetes module with in-memory dictionary. 32539

Winlogbeat

  • Fix handling of stale log message handling 32168 32176

Added

edit

Filebeat

  • Optimize grok patterns in system.auth module pipeline. 32360