Release notes 2.12.1#

Product

EclecticIQ Intelligence Center

Release version

2.12.1

Release date

21 June 2022

Summary

Minor release

Upgrade impact

Medium

Time to upgrade

~18 minutes to upgrade an instance with 4 million entities.

  • From the previous release

  • Using the installation script

  • For an instance running on one machine

Additional ~6 minutes to run pre-upgrade scripts for upgrading from 2.8.x and earlier.

Time to migrate

  • PostgreSQL database: ~6 minutes per 4 million entities

  • Elasticsearch database: ~1 minute per 4 million entities

  • Neo4j database: ~1 minute per 4 million entities.

Fixes#

  • Issue where users could not save certain graphs

    Fixed a misleading permissions error that prevented users from saving certain graphs despite being able to access the graph and its data.

  • Issue where UI would cause high resource usage when viewing list of feeds

    Fixed an issue where the application would repeatedly attempt to load the list of feeds when viewing the list of incoming feeds or outgoing feeds in the UI.

  • Performance issues

    Fixed an issue where an expensive database query would cause most operations in the Intelligence Center to stall, causing performance issues.

  • Issue where some IC installations cannot be upgraded

    Certain Intelligence Center versions could not be upgraded to 2.12 because of issues with database migration scripts. This has been fixed.

Known issues#

  • Delete observable actions in policies may cause policies to run for excessively long periods of time.

    In 2.12, Delete observable actions are skipped by default to allow policies to run more reliably.

  • Elasticsearch 7 encounters “Data too large” errors: See Elasticsearch 7: “Data too large”.

  • Entity incorrectly warns it is outdated: When viewing an entity, the entity may warn that it is not the latest version when it actually is. This is related to an issue where with attachments that have been deduplicated multiple times, causing issues in the final state of the entity.

  • When you configure the Intelligence Center databases during a Intelligence Center installation or upgrade, you must specify passwords for the databases.

  • Systemd splits log lines exceeding 2048 characters into 2 or more lines.

    As a result, log lines exceeding 2048 characters become invalid JSON, causing Logstash to be unable to parse them correctly.

  • When more than 1000 entities are loaded on the graph, you cannot load related entities and observables by selecting Load entities, Load observables, or Load entities by observable from the context menu.

  • When creating groups in the graph, it is not possible to merge multiple groups into one.

  • If an ingestion process crashes while ingestion is still ongoing, data may not always sync to Elasticsearch.

  • Users can leverage rules to access groups that act as data sources, even if those users are not members of the groups they access through rules.

  • Running multiple outgoing feed tasks may cause the Intelligence Center to consume a large amount of memory over time, because certain outgoing feeds such as HTTP download must load the data into memory in order to make it available to feed consumers.

Download#

For more information about setting up repositories, refer to the installation documentation for your target operating system.

EclecticIQ Intelligence Center and dependencies for CentOS and RHEL

  • Platform packages: https://downloads.eclecticiq.com/platform-packages-centos/

  • Platform dependencies: https://downloads.eclecticiq.com/platform-dependencies-centos-2.9/

    Note

    The Intelligence Center dependencies URL for versions 2.9 and later is https://downloads.eclecticiq.com/platform-dependencies-centos-2.9/. It contains packages that are incompatible with versions 2.8 and earlier.

  • Python 3.8: https://downloads.eclecticiq.com/intelligence-center-dependencies-rpm/centos/7/x86_64/python/3.8

EclecticIQ Intelligence Center extensions

  • Platform extensions: https://downloads.eclecticiq.com/Extensions/

Upgrade#

The following diagram describes upgrade paths available.

When upgrading from 2.8.x and earlier to 2.9.x and later:

  • You must run the pre-upgrade script to allow it to work with Elasticsearch 7.9.1.

  • You must run the pre-upgrade script on the Intelligence Center version you are upgrading from.

    For example, when upgrading from 2.8.0 to 2.10.1, you must run the pre-upgrade script on the Intelligence Center while it is running version 2.8.0.

When upgrading from 2.11.x and earlier to 2.12.x and later, you must install the EIQ-provided python38 package. For more information, see the upgrade instructions for your OS.

Upgrade diagram

Upgrade diagram#

These upgrades paths have been tested using the EclecticIQ Intelligence Center install script compiled by Rundoc.

The script only supports:

  • Single machine installs.

  • Instances installed using the Intelligence Center install script.

and does not support Intelligence Center instances installed in distributed environments.