Maintenance release 3.4.3#
Product |
EclecticIQ Intelligence Center |
|---|---|
Release version |
3.4.3 |
Release date |
October 2024 |
Time to upgrade |
~40 minutes to upgrade an instance with 2.67 million entities, 1.85 million observables.
|
Time to migrate |
For an instance with 2.67 million entities, 1.85 million observables:
|
eclecticiq-extension-commons deprecated in 3.3, removed in 3.4
If you have written your own extension or modified an existing extension,
that extension may contain references to the eclecticiq-extension-commons
package.
In particular, if your extension:
depends on
eclecticiq-extension-commonsimports from
extension.common
Use our migration guide to remove or change those references in your extension before upgrading to release 3.4.
Fixes#
Increased ingestion performance when dealing with hyper-connected Observables
Fixes the issue wherein ingestion could take a lot of time and resources because of the hyper-connectedness of its Observables. Ingestion will no longer update the timestamp of all related intelligence. To accomodate, theAPPENDstrategy Outgoing feeds has changed.
Importantly, if a new version of a hyper-connected Observable is ingested, a change in maliciousness will only be reflected in the Entities related to it if the number of those Entities don’t exceed theEXTRACT_ENTITY_LINK_PROPAGATION_LIMIT. By default, this number is 10,000, but can be changed by in- or decreasingEXTRACT_ENTITY_LINK_PROPAGATION_LIMITin settings.py.Improved autoscaling during upgrade on hosted instances
During upgrade, the number of workers on theutilitiesqueue was pegged at one to avoidgauge_celery_queue_sizereporting stale data. This could however result in the queue becoming blocked onpropagate-extract-state-updates.
This fix movespropagate-extract-state-updatesout of theutilitiesto thereindexingqueue to avoid blockage.
You are still advised to clean celery queues before a RHEL upgrade or Rocky upgrade.
Public API compatibility#
From EclecticIQ Intelligence Center 2.12.0 onward, the public API is packaged together with EclecticIQ Intelligence Center.
The following reference table lists the versions of the public API package and EclecticIQ Intelligence Center versions they are compatible with:
Intelligence Center version(s) |
Public API package version(s) |
Public API version |
|---|---|---|
2.11 - 2.12 |
|
v1 |
2.13.0 |
|
v1 |
2.14.0 and newer |
Now follows EclecticIQ Intelligence Center versioning scheme. E.g., EclecticIQ Intelligence Center 2.14 is now compatible with
|
v1 |
3.0.0 and newer |
EclecticIQ Intelligence Center 3.0 and newer uses Public API v2. Follows EclecticIQ Intelligence Center versioning scheme. E.g., EclecticIQ Intelligence Center 3.0.2 is compatible with
|
v2 |
Download#
For more information about setting up repositories, refer to the installation documentation for your target operating system.
EclecticIQ Intelligence Center and dependencies for Rocky Linux and RHEL |
|
|---|---|
EclecticIQ Intelligence Center extensions |
|
Upgrade#
In order to upgrade to EclecticIQ Intelligence Center 3.0 and later, you must:
Be running one of the supported operating systems.
Upgrade to Red Hat Enterprise Linux 8 or Rocky Linux 8 if .
Upgrade from EclecticIQ Intelligence Center 2.14.
If you are running an older version of EclecticIQ Intelligence Center, you must upgrade to 2.14 before attempting to upgrade to EclecticIQ Intelligence Center 3.0.
Upgrade diagram#