Here you will find the steps to filter this type of event:
Action
Steps
1
Activate Security Command Center service
Info
When SCC is activated, the events will go directly through the Logging service to the default sink. The following steps are optional but recommended to filter SCC events on another Pub/Sub.
In order to receive this type of event, it is necessary to have the Security Command Center service activated.
Changed log level to some messages from info to debug
Changed some wrong log messages
Upgraded some internal dependencies
Changed queue passed to setup instance constructor
Ability to validate collector setup and exit without pulling any data
Ability to store in the persistence the messages that couldn't be sent after the collector stopped
Ability to send messages from the persistence when the collector starts and before the puller begins working
Ensure special characters are properly sent to the platform
Upgrade
v1.3.0
Status
colour
Yellow
title
IMPROVEMENTS
Status
colour
Red
title
BUG FIXING
Improvements:
Improved base64 generation.
Updated DCSDK from 1.6.3 to 1.7.2.
Added a lock to enhance sender object
Added new class attrs to the __setstate__ and __getstate__ queue methods
Fix sending attribute value to the __setstate__ and __getstate__ queue methods
Added log traces when queues are full and have to wait
Added log traces of queues time waiting every minute in debug mode
Added method to calculate queue size in bytes
Block incoming events in queues when there are no space left
Send telemetry events to Devo platform
Upgraded internal Python dependency Redis to v4.5.4
Upgraded internal Python dependency DevoSDK to v5.1.3
Fixed obfuscation not working when messages are sent from templates
Obfuscation service can be now configured from user config and module definiton
Obfuscation service can now obfuscate items inside arrays.
Bug fixing:
Fixed a known issue on the DevoSender with the DCSDK update.
Upgrade
v1.2.2
Febr 27, 2023
-
-
-
v1.2.1
Nov 29, 2022
Status
colour
Yellow
title
IMPROVEMENTS
Status
title
BUG FIXING
Improvements:
Devo Collector SDK upgraded from version 1.4.2 to version 1.4.4b.
Added some extra checks for supporting MacOS as development environment
The "template" supports the controlled stop functionality
Some log traces now are shown less frequently
The default value for the logging frequency for "main" processes hsa been changed (to 120 seconds)
Added log traces for knowing the execution environment status (debug mode)
Fixes in the current puller template version
The Docker container exits with the proper error code
Bug Fixing:fixing
Configurable logging traces for undelivered messages in GCP moved to thread model to avoid a special case in which is never triggered. pubsub_undelivered_messages_request_interval changed to pubsub_undelivered_messages_request_interval_in_seconds. New default value, every 600 seconds.
Recommended version
v1.1.4
Status
colour
Green
title
IMPROVEMENT
Improvements:
New tag cloud.gcp.unknown.none for all services.
When the collector processes a message that is not in JSON format, it sends it to the cloud.gcp.unknown.none table (only if the custom tag is not used).
The behaviour of custom tags has been changed: If a custom tag is used the message will always go to the custom tag even if it is not in JSON format.
Upgrade
v1.1.3
Status
colour
Green
title
IMPROVEMENT
Improvements:
Validated base64 variables from config.yaml. A new function was created to check if the base64 token in the configuration file has a valid format.
Increase the Queue consuming throughput
Upgrade
v1.1.2
Status
colour
Green
title
IMPROVEMENT
Status
colour
Yellow
title
VULNS
Improvements:
The underlay Devo Collector SDK has been upgraded to v1.1.4 to improve efficiency, increase the resilience and mitigate vulnerabilities.
The hard-reset procedure when losing connection with Devo has been improved.
Vulnerabilities mitigated:
CVE-2022-1664
CVE-2021-33574
CVE-2022-23218
CVE-2022-23219
CVE-2019-8457
CVE-2022-1586
CVE-2022-1292
CVE-2022-2068
CVE-2022-1304
CVE-2022-1271
CVE-2021-3999
CVE-2021-33560
CVE-2022-29460
CVE-2022-29458
CVE-2022-0778
CVE-2022-2097
CVE-2020-16156
CVE-2018-25032
Upgrade
v1.1.1
Status
colour
Green
title
IMPROVEMENT
Improvements:
The underlay Devo Collector SDK has been upgraded to v1.1.3 to improve efficiency and performance.
When the collector loses the connection with Devo it executes a hard-restart protocol to force the reconnection with a fresh configuration.
Upgrade
v1.1.0
Status
colour
Green
title
IMPROVEMENT
Improvements:
The following properties have been renamed to be more user-readable:
credentials_file to filename
credentials_file_content_base64 to file_content_base64
Added new optional categorization mode which categorizes the events based on their fields to create the Devo Tag.
The underlay Devo Collector SDK has been upgraded to v1.1.0 to improve efficiency.
