Maintenance release 3.3.3#

Product

EclecticIQ Intelligence Center

Release version

3.3.3

Release date

October 2024

Time to upgrade

~40 minutes to upgrade an instance with 2.67 million entities, 1.85 million observables.

  • From the previous release

  • Using the installation script

  • For an instance running on one machine

Time to migrate

For an instance with 2.67 million entities, 1.85 million observables:

  • PostgreSQL migration: 13m30s

  • Elasticsearch migration: 18m40s

eclecticiq-extension-commons deprecated in 3.3, removed in 3.4

If you have written your own extension or modified an existing extension, that extension may contain references to the eclecticiq-extension-commons package.

In particular, if your extension:

  • depends on eclecticiq-extension-commons

  • imports from extension.common

Use our migration guide to remove or change those references in your extension before upgrading to release 3.4.

Fixes#

  • Update ELK versions
    In response to the recent Security Advisory EIQ-2024-0001 with regards to the Kibana versions vulnerable to arbitrary code executions, this release updates Elasticsearch, Logstash, and Kibana (ELK) to v8.15.1.

  • STIX 2.1 exports adding Derived from relationships
    Fixes a bug where non-existing Derived from relationships would be added to intelligence exported using STIX v2.1 .

  • Collection ID is not shown for outgoing TAXII 2.1 Feed
    Fixes an issue where packages for Outgoing TAXII 2.1 feeds are created without the Collection ID showing.

  • Diff strategy on Outgoing feeds exports duplicate data
    Fixes a bug where Outgoing feeds created with the Diff update strategy would export intelligence that was already present in earlier runs, leading to very big packages with duplicate data.

Public API compatibility#

From EclecticIQ Intelligence Center 2.12.0 onward, the public API is packaged together with EclecticIQ Intelligence Center.

The following reference table lists the versions of the public API package and EclecticIQ Intelligence Center versions they are compatible with:

Intelligence Center version(s)

Public API package version(s)

Public API version

2.11 - 2.12

eclecticiq-extension-api==1.0.*

v1

2.13.0

eclecticiq-extension-api==1.*

v1

2.14.0 and newer

Now follows EclecticIQ Intelligence Center versioning scheme.

E.g., EclecticIQ Intelligence Center 2.14 is now compatible with eclecticiq-extension-api==2.14.*

v1

3.0.0 and newer

EclecticIQ Intelligence Center 3.0 and newer uses Public API v2.

Follows EclecticIQ Intelligence Center versioning scheme.

E.g., EclecticIQ Intelligence Center 3.0.2 is compatible with eclecticiq-extension-api==3.0.*, EclecticIQ Intelligence Center 3.1.0 is compatible with eclecticiq-extension-api==3.1.*, etc.

v2

Download#

For more information about setting up repositories, refer to the installation documentation for your target operating system.

EclecticIQ Intelligence Center and dependencies for Rocky Linux and RHEL

  • Platform packages: https://downloads.eclecticiq.com/platform-packages-centos/

  • Platform dependencies: https://downloads.eclecticiq.com/platform-dependencies-centos-2.9/

    Note

    The Intelligence Center dependencies URL for versions 2.9 and later is https://downloads.eclecticiq.com/platform-dependencies-centos-2.9/. It contains packages that are incompatible with versions 2.8 and earlier.

EclecticIQ Intelligence Center extensions

  • Platform extensions: https://downloads.eclecticiq.com/Extensions/

Upgrade#

In order to upgrade to EclecticIQ Intelligence Center 3.0 and later, you must:

  • Be running one of the supported operating systems.

    Upgrade to Red Hat Enterprise Linux 8 or Rocky Linux 8 if .

  • Upgrade from EclecticIQ Intelligence Center 2.14.

    If you are running an older version of EclecticIQ Intelligence Center, you must upgrade to 2.14 before attempting to upgrade to EclecticIQ Intelligence Center 3.0.

    See Install Configure Upgrade.

Upgrade diagram

Upgrade diagram#