GreyNoise
Guides
Start typing to search…

SIEM Integration: Splunk Release Notes


RELEASE NOTES (VERSION 2.2.1)

  • Updated to support Splunk Cloud requirements

RELEASE NOTES (Version 2.2.0)

  • Added new FEED component to create lookuptable based on GreyNoise indicators
  • Added new command gnipsimilar and new Similar IP Lookup dashboard
  • Added new command gniptimeline and new IP Timeline Lookup dashboard
  • Updated gnenrich command to use batch lookups
  • Updated gnquery command with new parameters page_size and exclude_raw
  • Updated GreyNoise SDK to v2.0.1

RELEASE NOTES (Version 2.1.5)

  • Fix bug with gnenrich, gnriot, and gnfilter where proxy wasn't being used for API key validation
  • Fix credentials.py to deal with null API keys on fresh install

RELEASE NOTES (Version 2.1.4)

  • Add support for configuring proxy information in conf file
  • Add support for IP Destination Geo feature fields
  • Fix bug in gnriot when IPv6 address is sent for lookup
  • Update to use GreyNoise SDK 1.3.0
  • Update to use splunktaucclib 6.0.6

RELEASE NOTES (Version 2.1.2)

  • Fixed issue where API key could not be entered on new installs
  • IMPORTANT: GreyNoise API Key must be re-entered if upgrading from a previous version

RELEASE NOTES (Version 2.1.1)

  • Fixed JQuery 3.5.0 compatibility issue identified via Upgrade Readiness
  • Fixed Python3 compatibility issue identified via Upgrade Readiness
  • Fixed missing explict definition for cache_maintenance script to use py3
  • Update to use GreyNoise SDK 1.2.0
  • Updated splunklib to version 1.6.18

RELEASE NOTES (Version 2.1.0)

  • Python2 and Splunk7.x support is dropped starting from this release, GreyNoise now only supports Splunk 8.x and Python3
  • Updated to latest GreyNoise SDK 1.1.0
  • Added gnriot custom command for the RIOT endpoint
  • Improves error messages for non-routable and invalid IP address
  • Updated splunklib to version 1.6.16
  • Updated the time in gnoverview saved search to 6 hours
  • Added 2 new codes to the csv file
  • Updated the custom commands, saved searches, and dashboards to handle the RIOT key
  • Fixed an issue to handle Splunk fields with unallowed characters
  • Added Caching feature for all the custom commands and saved searches.

UPGRADING FROM VERSION 2.0.1

Follow the below steps to upgrade the app to the latest version:

  • Disable all the saved searches which uses alert actions and custom commands of GreyNoise.
  • Backup your current app/configurations outside of the Splunk install path.
  • To upgrade the app from the UI, follow the steps in the INSTALLATION section below. Ensure that Upgrade app. checkbox is selected before clicking on the Upload button.
  • Follow the steps mentioned in CONFIGURATION section to reconfigure the app.
  • If SCAN DEPLOYMENT feature was already configured before app upgradation then go to SCAN DEPLOYMENT tab inside the Configuration tab and Click on Save button to re-configure the scan deployment saved search in the backend.

Note: Upgrade is only supported from UI and not supported from the backend.

Updated about 19 hours ago