LME v1.3.3

[1.3.3] - Timberrrrr! - 2024-02-12

What's Changed

• Fix deploy.sh data retention failure error by @aarz-snl in #179
• Update documentation to use "no cost to user" instead of "free" by @llwaterhouse in #188
• Update upgrading.md to include guidance on data retention failure error by @mitchelbaker-cisa in #189

Notes

• This is a hotfix to address an error with data retention failure in the deploy.sh script during a fresh LME install. We recommend you upgrade to the latest version if you require disk sizes of 1TB or greater.
• If you already have LME installed then no further action is necessary.

Full Changelog: v1.3.2...v1.3.3

LME v1.3.2

[1.3.2] - Timberrrrr! - 2024-01-24

What's Fixed

• Fixes dashboard_update.sh script not importing dashboards on a fresh install by @cbaxley in #167

Notes

• This is a hotfix to address dashboards which failed to load on a fresh install of v1.3.1. If you are currently running v1.3.0, you do not need to upgrade at this time. If you are running versions before 1.3.0 or are running v1.3.1, we recommend you upgrade to the latest version.
• Please refer to Upgrading to latest version to apply the hotfix.

Full Changelog: v1.3.1...v1.3.2

LME v1.3.1 - [DEPRECATED]

If you've downloaded v1.3.1 please refer to our documentation on upgrading to the latest version

[1.3.1] - Timberrrrr! - 2024-01-12

What's Fixed

• Update retention function to fix retention policy bug by @aarz-snl in #143
• Updated troubleshooting guide to account for index management by @aarz-snl in #134
• Update upgrading.md for 1.3.1 by @aarz-snl in #151

Notes

• This is a hotfix to the install script and some additional troubleshooting steps added to documentation on space management. Unless you're encountering problems with your current installation, or if your logs are running out of space, there's no need to upgrade to version 1.3.1, as it doesn't offer any additional functionality changes.
• This release will address the following error when running the ./deploy.sh install script:
  [!] Unable to determine retention policy - exiting

Full Changelog: v1.3.0...v1.3.1

LME v1.3.0

[1.3.0] - Timberrrrr! - 2023-12-20

What's Added

• Added alerting dashboard by @ddiabe in #119
• Added healthcheck overview dashboard by @ddiabe in #120
• Added git based deployment versioning and other deploy.sh improvements by @mreeve-snl #112
• Added branch naming conventions to CONTRIBUTING.md by @llwaterhouse in #85
• Created .gitattributes file by @adhilto in #105

What's Changed

• Updated user security and security dashboard - Security Log Dashboards by @rgbrow1949 in #114
• Updated workflow file to include linting and static security scans by @aarz-snl in #106
• Updated troubleshooting.md to include instructions for manually resetting Elastic password by @aarz-snl in #110
• Updated file downloads panels in process explorer dashboard by @rishagg01 in #109
• Removed elastic user password prompt from deploy.sh by @mitchelbaker-cisa in #107
• Updated upgrading.md and chapter3.md files by @llwaterhouse in #117
• Rearranged sysmon dashboard panels by @causand22 in #115

What's Fixed

• Fix documentation that was lost during a previous merge by @mreeve-snl in #90

Notes

• Please refer to Chapter4.md Section 4.2 to see how to enable Elastic prebuilt detection rules for the new Alerting Dashboard
• Please refer to upgrading.md for upgrading to the latest version

New Contributors

• @aarz-snl made their first contribution in #106
• @causand22 made their first contribution in #115

Full Changelog: v1.2.0...v1.3.0

LME v1.2.0

[1.2.0] - Timberrrrr! - 2023-12-12

Added

• Added documentation instructions to upgrade from 1.1.0→1.2.0

Changed

• Updated the Elastic Stack to v8.11.1 to fix the security vulnerability that was in earlier versions

Fixed

• Deploy script should not time out anymore, we now pull Elasticsearch images before doing upgrade or install

Notes

• Review upgrading.md for upgrade instructions

LME v1.1.0

[1.1.0] - Timberrrrr! - 2023-11-28

Added

• Templates for bug reports, feature requests and pull requests
• contributing.md for guidelines to contribute to the project
• releases.md to summarize release versioning and release steps
• Documentation to filter out verbose logs in filtering.md
• 3 new dashboards
• Dashboards Readme
• Python script (export_dashboards.py) to export one or all dashboards

Changed

• SetupTestbed.ps1 now takes an optional "location" parameter

Fixed

• Updates and additions to markdown documentation
• deploy.sh will exit after trying a certain number of times instead of hanging

Notes

• If you already have LME installed, the only change in functionality is new dashboards. Please reference upgrading.md for the full set of instructions to install them.
  • Note: if you made changes to our dashboards, save them to a dashboard with a new name so they are not overwritten in the update.
• There is an ELK Stack Buffer Overflow Bug that is fixed in a more recent version of Elastic. You can install the upgrade manually by doing the following:
  1. Change all occurrences of "8.7.1" to "8.10.3" in docker-compose-stack-live.yml in the Linux Server's /opt/lme directory.
  2. sudo docker stack rm lme (kill the old containers)
  3. sudo docker stack deploy lme —compose-file /opt/lme/Chapter\ 3\ Files/docker-compose-stack-live.yml (redeploy with new version)

We will update Elastic automatically in a future release.

LME-1.0

[1.0.0] - Timberrrrr! - 2023-10-27

Added

• Rearchitected and refactored documentation so explanations are more simple, complete, and clear
• Added ability to build documentation into PDF to work offline
• Added Powershell script to deploy testbed in Azure

Changed

• Switched NCSC logos to CISA logos
• Changed British English spelling and phrasing to American English
• Upgraded Elastic version to 8.7.3
• Upgraded Winlogbeats version to 8.5.0
• Moved certs to have U.S. naming convention

Fixed

• Improved and updated Dashboard functionality

@mreeve-snl @ddiabe @rgbrow1949 @rpdelaney @adhilto @jehamza @llwaterhouse