IMPORTANT: No additional bug fixes or documentation updates
will be released for this version. For the latest information, see the
current release documentation.
Beats version 7.10.0
editBeats version 7.10.0
editBreaking changes
editAffecting all Beats
-
Added
certificate
TLS verification mode to ignore server name mismatch. 12283 20293 -
Remove redundant
cloudfoundry.*.timestamp
fields. This value is set in@timestamp
. 21175 - Allow embedding of CAs, Certificate of private keys for anything that supports TLS in outputs and inputs 21179
-
API address is a required setting in
add_cloudfoundry_metadata
. 21759
Auditbeat
- Change network.direction values to ECS recommended values (inbound, outbound). 12445 20695
- Docker container needs to be explicitly run as user root for auditing. 21202
-
File integrity dataset no longer includes the leading dot in
file.extension
values (e.g. it will report "png" instead of ".png") to comply with ECS. 21644
Filebeat
- Cisco 18753
- CrowdStrike 19132
- Fortinet 19133
- iptables 18756
- Checkpoint 18754
- Netflow 19087
-
Zeek 19113 (
forwarded
tag is not included by default) -
Suricata 19107 (
forwarded
tag is not included by default) -
CoreDNS 19134 (
forwarded
tag is not included by default) -
Envoy Proxy 19134 (
forwarded
tag is not included by default)
Heartbeat
Journalbeat
Metricbeat
Packetbeat
Winlogbeat
Functionbeat
Bugfixes
editAffecting all Beats
- Remove unnecessary restarts of metricsets while using Node autodiscover 19974
-
[Metricbeat][Kubernetes] Change
cluster_ip
field fromip
tokeyword
. 20571 - [Autodiscover] Handle input-not-finished errors in config reload. 20915
- Orderly close processors when processing pipelines are not needed anymore to release their resources. 16349
- Fix parsing of expired licences. 21112 22180
Auditbeat
Filebeat
-
Fix mapping of
fortinet.firewall.mem
asinteger
. 19335 - Fix auditd module syscall table for ppc64 and ppc64le. 20052
- Fix Filebeat OOMs on very long lines 19500, 19552
- Ignore missing in Zeek module when dropping unecessary fields. 19984
-
Fix
event.outcome
logic for azure/siginlogs fileset 20254 - Improve validation checks for Azure configuration 20369 20389
-
Fix
event.kind
for system/syslog pipeline 20365 20390 -
Fix
event.type
for zeek/ssl and duplicateevent.category
for zeek/connection 20696 -
Remove wrongly mapped
tls.client.server_name
fromfortinet/firewall
fileset. 20983 - Handle multiple upstreams in ingress-controller. 21215
-
Provide backwards compatibility for the
append
processor when Elasticsearch is less than 7.10.0. 21159 - Fix checkpoint module when logs contain time field. 20567
- Fix syslog RFC 5424 parsing in the CheckPoint module. 21854
- Fix incorrect connection state mapping in zeek connection pipeline. 22151 22149
-
Fix for
field [source] not present as part of path [source.ip]
error in azure pipelines. 22377 - Fix handing missing eventtime and assignip field being set to N/A for fortinet module. 22361
Heartbeat
-
Add support for new
service_name
option to all monitors. 19932.
Journalbeat
Metricbeat
-
Add support for azure light metricset
app_stats
. 20639 - Fix ec2 disk and network metrics to use Sum statistic method. 20680
- Fix ec2 disk and network metrics to use Sum statistic method. 20680
- Update fields.yml in the azure module, missing metrics field. 20918
- Disable Kafka metricsets based on Jolokia by default. They require a different configuration. 20989
- Fix timestamp handling in remote_write. 21166
- Visualization title fixes in aws, azure and googlecloud compute dashboards. 21098
- Fix retrieving resources by ID for the azure module. 21711 21707
- Use timestamp from CloudWatch API when creating events. 21498
- Report the correct windows events for system/filesystem 21758
- Fix regular expression in windows/permfon. 22146 21125
- Fix azure storage event format. 21845
- Fix panic in kubernetes autodiscover related to keystores 21843 21880
- [Kubernetes] Remove redundant dockersock volume mount 22009
-
Revert change to report
process.memory.rss
asprocess.memory.wss
on Windows. 22055 -
Add interval information to
monitor
metricset in azure. 22152 -
Remove
io.time
from windows 22237 - Fix instance name in perfmon metricset. 22218 22261
Packetbeat
Winlogbeat
- Fix invalid IP addresses in DNS query results from Sysmon data. 18432 18436
-
Fix
event.outcome
in the security module for non-English languages. 20079 20564 - Fields from Winlogbeat modules were not being included in index templates and patterns. 18983
- Protect against accessing undefined variables in Sysmon module. 22219 22236
Functionbeat
Added
editAffecting all Beats
- Add minimum cache TTL for successful DNS responses. 18986
-
Add support for DNS over TLS for the
dns
processor. 19321 - Add leader election for Kubernetes autodiscover. 20281
-
Add capability of enriching process metadata with container id also for non-privileged containers in
add_process_metadata
processor. 19767 -
Add
replace_fields
config option inadd_host_metadata
for replacing host fields. 20490 20464 - Add ingress controller dashboards. 21052
-
Added experimental
citrix
module. 20820 -
Added experimental
cyberark
module. 20820 -
Added experimental
proofpoint
module. 20820 -
Added experimental
snort
module. 20820 -
Added experimental
symantec
module. 20820 -
Added experimental dataset
barracuda/spamfirewall
. 20820 -
Added experimental dataset
cisco/meraki
. 20820 -
Added experimental dataset
f5/bigipafm
. 20820 -
Added experimental dataset
fortinet/fortimail
. 20820 -
Added experimental dataset
fortinet/fortimanager
. 20820 -
Added experimental dataset
juniper/netscreen
. 20820 -
Added experimental dataset
sophos/utm
. 20820 - Add Cloud Foundry tags in related events. 21177
- Cloud Foundry metadata is cached to disk. 20775
-
Add option to select the type of index template to load:
legacy
,component
,index
. 21212 -
Release
add_cloudfoundry_metadata
as GA. 21525 - Added Kafka version 2.2 to the list of supported versions. 22328
Auditbeat
Filebeat
-
Add support for reading auditd logs that are prefixed with
node=
. 19659 -
Add
event.ingested
to all Filebeat modules. 20386 -
Add
event.ingested
for Suricata module 20220 -
Add support for custom header and headersecret for filebeat
http_endpoint
input 20435 -
Convert
httpjson
to v2 input 20226 -
Add
event.ingested
to all Filebeat modules. 20386 - Return error when log harvester tries to open a named pipe. 18682 20450
- Avoid goroutine leaks in Filebeat readers. 19193 20455
-
Improve Zeek x509 module with
x509
ECS mappings 20867 -
Improve Zeek SSL module with
x509
ECS mappings 20927 -
Added new properties field support for
event.outcome
in azure module 20998 -
Improve Zeek Kerberos module with
x509
ECS mappings 20958 -
Improve Fortinet firewall module with
x509
ECS mappings 20983 -
Improve Santa module with
x509
ECS mappings 20976 -
Improve Suricata Eve module with
x509
ECS mappings 20973 - Added new module for Zoom webhooks 20414
-
Add
type
andsub_type
to panwpanos
fileset 20912 - Always attempt community_id processor on zeek module 21155
-
Add
related.hosts
ecs field to all modules 21160 -
Keep cursor state between
httpjson
input restarts 20751 - Convert aws s3 to v2 input 20005
- Add support for additional fields from V2 ALB logs. 21540
- Release Cloud Foundry input as GA. 21525
- New Cisco Umbrella dataset 21504
-
New
juniper.srx
dataset for Juniper SRX logs. 20017 - Adding support for Microsoft 365 Defender (Microsoft Threat Protection) 21446
- Adding support for FIPS in s3 input 21446
- Update Okta documentation for new stateful restarts. 22091
-
Use workers in
aws-s3
input to process SQS messages. 27199
Heartbeat
- Add index and pipeline settings to monitor configurations. 20610
Journalbeat
Metricbeat
-
Add
state_statefulset
metricset to Metricbeat recommended configuration for k8s. 17627 - Infer types in Prometheus remote_write. 19944
-
Add
cloud.instance.name
into aws ec2 metricset. 20077 - Add host inventory metrics into aws ec2 metricset. 20171
-
Add
scope
setting for Elasticsearch module, allowing it to monitor an Elasticsearch cluster behind a load-balancing proxy. 18539 18547 -
Add
state_daemonset
metricset for Kubernetes Metricbeat module 20649 - Add host inventory metrics to googlecloud compute metricset. 20391
- Add host inventory metrics to azure compute_vm metricset. 20641
- Add host inventory metrics to system module. 20415
- Add billing data collection from Cost Explorer into aws billing metricset. 20527 20103
-
Migrate
compute_vm
metricset to a light one, mapcloud.instance.id
field. 20889 - Request prometheus endpoints to be gzipped by default 20766
- Add latency config parameter into aws module. 20875
-
Add
billing
metricset into googlecloud module. 20812 20738 -
Release all kubernetes
state
metricsets as GA 20901 -
Move
compute_vm_scaleset
to light metricset. 21038 20985 -
Sanitize
event.host
. 21022 - Add support for different Azure Cloud environments in the metricbeat azure module. 21044 20988
- Add overview and platform health dashboards to Cloud Foundry module. 21124
-
Release
lambda
metricset in aws module as GA. 21251 21255 -
Add dashboard for
pubsub
metricset in googlecloud module. 21326 17137 - Move Prometheus query & remote_write to GA. 21507
-
Map cloud data filed
cloud.account.id
to azure subscription. 21483 21381 - Expand unsupported option from namespace to metrics in the azure module. 21486
Packetbeat
Functionbeat
Winlogbeat
Elastic Log Driver - Add support to change beat name, and support for Kibana Logs. 20522
Deprecated
edit- N/A