Releases: cisagov/LME
Releases · cisagov/LME
LME v2.0.0
[2.0.0] - Timberrrrr! - 2024-11-08
What's Changed
- Install v2 pipeline by @cbaxley in #392
- Create Readme and scripts to upgrade from v1.x to v2.0 by @cbaxley in #428
- Update API and Selenium tests to validate Raw Access Read panel on User Security Dashboard by @rishagg01 in #426
- Install pipeline and tests by @cbaxley in #429
- Upgrade API tests by @rishagg01 in #465
- Add vault user password encryption by @cbaxley in #458
- Add new post install scripts and documentation by @mreeve-snl in #477
- Add Sysmon Install Powershell Script by @rgbrow1949 in #480
- Add elastalert2 and small container updates by @mreeve-snl in #483
- Make the pipeline use the post install Ansible playbook script by @cbaxley in #481
- Refactor v2.0 dashboards by @ddiabe in #486
- Harden the pipeline steps by @cbaxley in #493
- LME v2.0 dashboard updates and bug fixes by @aarz-snl in #501
- Update selenium tests by @rishagg01 in #499
- Update API & Selenium tests for Powershell Network Connections panel on User Security Dashboard by @rishagg01 in #415
- Update API & Selenium tests for Create Remote Threads panel by @rishagg01 in #408
- Update API & Selenium tests for suspicious powershell panel by @rishagg01 in #405
Documentation
- Documentation update to volume and index management by @aarz-snl in #468
- Add updated LME v2.0 documentation by @mreeve-snl in #506
Bugs Fixed
- Fix tests after password encryption by @cbaxley in #466
- Clean up a couple of install bugs by @cbaxley in #487
Full Changelog: v1.4.0...v2.0.0
Contributors
cbaxley, rgbrow1949, and 4 other contributors
Assets 3
0
Join discussion
LME v1.4.0
[1.4.0] - Timberrrrr! - 2024-09-04
What's Changed
- AD ID Logging Dashboards and New Wec Config XML File #347, #388
- New API and Selenium tests for dashboard panels #343, #395, #400, #405, #408, #415
Notes
- Adds more security visibility on the network through windows event logs and dashboards that curate the new information
- Four new dashboards to use the new AD ID logs captured through the new audit policies in the Chapter 1 Group Policy Objects
- Changed lme_wec_config.xml file to forward the new logs
CISA's LME ver1.4.0 Webinar Recording (19 Sept 2024)
The session covered how Logging Made Easy (LME) simplifies log management and enhances cybersecurity for 'target rich, cyber poor' organizations. LME is a government-managed log management solution at no-cost to users for small to medium-sized organizations with limited resources that would otherwise have little to no functionality to detect attacks.
Webinar Highlights:
- Discover what LME is and how it operates
- Explore LME’s key features and capabilities
- Learn how LME streamlines log management, accelerates threat detection, and reduces manual tasks
- Watch an LME demonstration
- Engage in a Q&A session with our experts
LME v1.3.3
[1.3.3] - Timberrrrr! - 2024-02-12
What's Changed
- Fix deploy.sh data retention failure error by @aarz-snl in #179
- Update documentation to use "no cost to user" instead of "free" by @llwaterhouse in #188
- Update upgrading.md to include guidance on data retention failure error by @mitchelbaker-cisa in #189
Notes
- This is a hotfix to address an error with data retention failure in the deploy.sh script during a fresh LME install. We recommend you upgrade to the latest version if you require disk sizes of 1TB or greater.
- If you already have LME installed then no further action is necessary.
Full Changelog: v1.3.2...v1.3.3
LME v1.3.2
[1.3.2] - Timberrrrr! - 2024-01-24
What's Fixed
Notes
- This is a hotfix to address dashboards which failed to load on a fresh install of v1.3.1. If you are currently running v1.3.0, you do not need to upgrade at this time. If you are running versions before 1.3.0 or are running v1.3.1, we recommend you upgrade to the latest version.
- Please refer to Upgrading to latest version to apply the hotfix.
Full Changelog: v1.3.1...v1.3.2
LME v1.3.1 - [DEPRECATED]
If you've downloaded v1.3.1 please refer to our documentation on upgrading to the latest version
[1.3.1] - Timberrrrr! - 2024-01-12
What's Fixed
- Update retention function to fix retention policy bug by @aarz-snl in #143
- Updated troubleshooting guide to account for index management by @aarz-snl in #134
- Update upgrading.md for 1.3.1 by @aarz-snl in #151
Notes
- This is a hotfix to the install script and some additional troubleshooting steps added to documentation on space management. Unless you're encountering problems with your current installation, or if your logs are running out of space, there's no need to upgrade to version 1.3.1, as it doesn't offer any additional functionality changes.
- This release will address the following error when running the ./deploy.sh install script:
[!] Unable to determine retention policy - exiting
Full Changelog: v1.3.0...v1.3.1
LME v1.3.0
[1.3.0] - Timberrrrr! - 2023-12-20
What's Added
- Added alerting dashboard by @ddiabe in #119
- Added healthcheck overview dashboard by @ddiabe in #120
- Added git based deployment versioning and other deploy.sh improvements by @mreeve-snl #112
- Added branch naming conventions to CONTRIBUTING.md by @llwaterhouse in #85
- Created .gitattributes file by @adhilto in #105
What's Changed
- Updated user security and security dashboard - Security Log Dashboards by @rgbrow1949 in #114
- Updated workflow file to include linting and static security scans by @aarz-snl in #106
- Updated troubleshooting.md to include instructions for manually resetting Elastic password by @aarz-snl in #110
- Updated file downloads panels in process explorer dashboard by @rishagg01 in #109
- Removed elastic user password prompt from deploy.sh by @mitchelbaker-cisa in #107
- Updated upgrading.md and chapter3.md files by @llwaterhouse in #117
- Rearranged sysmon dashboard panels by @causand22 in #115
What's Fixed
- Fix documentation that was lost during a previous merge by @mreeve-snl in #90
Notes
- Please refer to Chapter4.md Section 4.2 to see how to enable Elastic prebuilt detection rules for the new Alerting Dashboard
- Please refer to upgrading.md for upgrading to the latest version
New Contributors
- @aarz-snl made their first contribution in #106
- @causand22 made their first contribution in #115
Full Changelog: v1.2.0...v1.3.0
LME v1.2.0
[1.2.0] - Timberrrrr! - 2023-12-12
Added
- Added documentation instructions to upgrade from 1.1.0→1.2.0
Changed
- Updated the Elastic Stack to v8.11.1 to fix the security vulnerability that was in earlier versions
Fixed
- Deploy script should not time out anymore, we now pull Elasticsearch images before doing upgrade or install
Notes
- Review upgrading.md for upgrade instructions
LME v1.1.0
[1.1.0] - Timberrrrr! - 2023-11-28
Added
- Templates for bug reports, feature requests and pull requests
- contributing.md for guidelines to contribute to the project
- releases.md to summarize release versioning and release steps
- Documentation to filter out verbose logs in filtering.md
- 3 new dashboards
- Dashboards Readme
- Python script (export_dashboards.py) to export one or all dashboards
Changed
- SetupTestbed.ps1 now takes an optional "location" parameter
Fixed
- Updates and additions to markdown documentation
- deploy.sh will exit after trying a certain number of times instead of hanging
Notes
- If you already have LME installed, the only change in functionality is new dashboards. Please reference upgrading.md for the full set of instructions to install them.
- Note: if you made changes to our dashboards, save them to a dashboard with a new name so they are not overwritten in the update.
- There is an ELK Stack Buffer Overflow Bug that is fixed in a more recent version of Elastic. You can install the upgrade manually by doing the following:
- Change all occurrences of "8.7.1" to "8.10.3" in docker-compose-stack-live.yml in the Linux Server's /opt/lme directory.
- sudo docker stack rm lme (kill the old containers)
- sudo docker stack deploy lme —compose-file /opt/lme/Chapter\ 3\ Files/docker-compose-stack-live.yml (redeploy with new version)
We will update Elastic automatically in a future release.
LME-1.0
[1.0.0] - Timberrrrr! - 2023-10-27
Added
- Rearchitected and refactored documentation so explanations are more simple, complete, and clear
- Added ability to build documentation into PDF to work offline
- Added Powershell script to deploy testbed in Azure
Changed
- Switched NCSC logos to CISA logos
- Changed British English spelling and phrasing to American English
- Upgraded Elastic version to 8.7.3
- Upgraded Winlogbeats version to 8.5.0
- Moved certs to have U.S. naming convention
Fixed
- Improved and updated Dashboard functionality
@mreeve-snl @ddiabe @rgbrow1949 @rpdelaney @adhilto @jehamza @llwaterhouse
