IMPORTANT: No additional bug fixes or documentation updates
will be released for this version. For the latest information, see the
current release documentation.
Beats version 7.8.0
editBeats version 7.8.0
editBreaking changes
editAffecting all Beats
-
Introduce APM instrumentation, which is active when running the beat with
ELASTIC_APM_ACTIVE=true
. 17938
Filebeat
-
Improve ECS field mappings in panw module.
event.outcome
now only contains success or failure, as recommended by the ECS specification. 16025 17910 -
Improve ECS categorization field mappings for nginx module.
http.request.referrer
is now lowercase, and it is only populated when nginx sets a value. 16174 17844 -
Improve ECS field mappings in santa module.
hash.sha256
is moved toprocess.hash.sha256
, and certificate fields are now undersanta.certificate
. 16180 17982
Bugfixes
editAffecting all Beats
Heartbeat
- Fix TCP TLS checks to properly validate hostnames. In previous 7.x versions, this only worked for IP SANs. 17549
Metricbeat
Added
editAffecting all Beats
-
Update supported versions of
redis
output. 17198 -
Add
replace
processor for replacing string values of fields. 17342 -
Add
urldecode
processor for decoding URL-encoded fields. 17505 -
Add support for AWS IAM
role_arn
in credentials config. 17658 12464 - Add Kerberos support to Elasticsearch output. 17927
-
Set
agent.name
to the hostname by default. 16377 18000 - Add keystore support for autodiscover static configurations. 16306
- Add support for basic ECS logging. 17974
-
Add config example of how to skip the
add_host_metadata
processor when forwarding logs. 13920 18153 - Add backoff configuration options for the Kafka output. 16777 17808
- Add keystore support for autodiscover static configurations. 16306
- Add Kerberos support to Elasticsearch output. 17927
-
Add support for fixed length extraction in
dissect
processor. 17191
Auditbeat
- Add system module process dataset ECS categorization fields. 18032
- Add system module user dataset ECS categorization fields. 18035
- Add system module login dataset ECS categorization fields. 18034
- Add system module package dataset ECS categorization fields. 18033
- Add ECS categories for system module host dataset. 18031
- Add system module socket dataset ECS categorization fields. 18036
- Add file integrity module ECS categorization fields. 18012
-
Add
file.mime_type
,file.extension
, andfile.drive_letter
for file integrity module. 18012
Filebeat
- Add source field in k8s events. 17209
-
Add new
crowdstrike
module for ingesting Crowdstrike Falcon streaming API endpoint event data. 16988 - Improve ECS categorization field mappings in mongodb module. 16170 17371
- Improve ECS categorization field mappings for mssql module. 16171 17376
- Improve ECS categorization field mappings for mysql module. 16172 17491
- Add new Checkpoint Syslog filebeat module. 17682
- Add config option to select a different azure cloud env in the azure-eventhub input and azure module. 17649 17659
-
Enhance
elasticsearch/server
fileset to handle ECS-compatible logs emitted by Elasticsearch. 17715 17714 - Add Unix stream socket support as an input source and a syslog input source. 17492
- Improve ECS categorization field mappings in misp module. 16026 17344
-
Enhance
elasticsearch/deprecation
fileset to handle ECS-compatible logs emitted by Elasticsearch. 17715 17728 -
Make
decode_cef
processor GA. 17944 - Add new Fortigate Syslog filebeat module. 17890
- Improve ECS categorization field mappings in redis module. 16179 17918
- Improve ECS categorization field mappings in rabbitmq module. 16178 17916
- Improve ECS categorization field mappings in postgresql module. 16177 17914
- Improve ECS categorization field mappings for nginx module. 16174 17844
- Add support for Google Application Default Credentials to the Google Pub/Sub input and Google Cloud modules. 15668
- Improve ECS categorization field mappings for zeek module. 16029 17738
- Improve ECS categorization field mappings for netflow module. 16135 18108
-
Add an input option
publisher_pipeline.disable_host
to disablehost.name
from being added to events by default. 18159 - Improve ECS categorization field mappings in system module. 16031 18065
- Improve ECS categorization field mappings in osquery module. 16176 17881
- Add support for v10, v11 and v12 logs on Postgres 13810 17732
- Add dashboard for Google Cloud Audit and AWS CloudTrail. 17379
Heartbeat
- Add additional ECS compatible fields for TLS information. 17687
Metricbeat
- Refactor windows/perfmon metricset configuration options and event output. 17596
- Add more detailed error messages, system tests and small refactoring to the service metricset in windows. 17725
-
Stack Monitoring modules now auto-configure required metricsets when
xpack.enabled: true
is set. 16471 17609 - Add Metricbeat IIS module dashboards. 17966
- Add dashboard for the azure database account metricset. 17901
- Allow partial region and zone name in googlecloud module config. 17913
- Add aggregation aligner as a config parameter for googlecloud stackdriver metricset. 17141 17719
- Move the perfmon metricset to GA. 16608 17879
-
Stack Monitoring modules now auto-configure required metricsets when
xpack.enabled: true
is set. 16471 17609 - Add static mapping for metricsets under aws module. 17614 17650
- Add dashboard for googlecloud storage metricset. 18172
-
Collect new
bulk
indexing metrics from Elasticsearch whenxpack.enabled:true
is set. 17977 17992 - Remove requirement to connect as sysdba in Oracle module. 15846 18182
- Update MSSQL module to fix some SSPI authentication and add brackets to USE statements. 17862
Winlogbeat
-
Set
process.command_line
andprocess.parent.command_line
from Sysmon Event ID 1. 17327 - Add support for event IDs 4673,4674,4697,4698,4699,4700,4701,4702,4768,4769,4770,4771,4776,4778,4779,4964 to the Security module. 17517
- Add registry and code signature information and ECS categorization fields for sysmon module. 18058