Release notes for CrowdStrike Intelligence collector

Feature

• Added indicators service.

Feature

• Added EPP Detection Summary events as a default service.

Improvements

• Updated DCSDK

Feature

• Added new service Alerts.

Improvements

• Solved CVE-2024-45490, CVE-2024-45491, CVE-2024-45492 by updating docker base image version to 1.3.1.

Improvements

• Updated DCSDK from 1.12.2 to 1.12.4

  • Change internal queue management for protecting against OOMK

  • Extracted ModuleThread structure from PullerAbstract

  • Improve Controlled stop when both processes fails to instantiate

  • Improve Controlled stop when InputProcess is killed

  • Fixed error related a ValueError exception not well controlled.

  • Fixed error related with loss of some values in internal messages

Improvements

• Updated DCSDK from 1.11.1 to 1.12.2- Updated the DCSDK base image to 1.3.0.

Bug fixing

• Fixed duplicated logs in event services.

Improvements

• Add compatibility when reading configuration to accept older parameters.

Bug fixing

• Fix a bug when getting the estream listing and improve the log message.

Improvements

• Updated to DCSDK 1.11.1

  • Added extra check for not valid message timestamps

  •    Added extra check for improve the controlled stop

  •    Changed default number for connection retries (now 7)

  •    Fix for Devo connection retries

  • Updated DevoSDK to v5.1.9

  • Fixed some bug related to development on MacOS

  • Added an extra validation and fix when the DCSDK receives a wrong timestamp format

  • Added an optional config property for use the Syslog timestamp format in a strict way

  • Updated DevoSDK to v5.1.10

  • Fix for SyslogSender related to UTF-8

  • Enhance of troubleshooting. Trace Standardization, Some traces has been introduced.

  • Introduced a mechanism to detect "Out of Memory killer" situation

Improvements:

• New functionality, access to File Vantage API

• Updated DCSDK from 1.8.0 to 1.10.2:

  •   Upgrade internal dependencies

  •   Store lookup instances into DevoSender to avoid creation of new instances for the same lookup

  •   Ensure service_config is a dict into templates

  •   Ensure special characters are properly sent to the platform

  •   Changed log level to some messages from info to debug

  • Changed some wrong log messages

  •   Upgraded some internal dependencies

  •   Changed queue passed to setup instance constructor

  • Added input metrics

  • Modified output metrics

  • Updated DevoSDK to version 5.1.6

  • Standardized exception messages for traceability

  • Added more detail in queue statistics

  • Updated PythonSDK to version 5.0.7

  • Introduced pyproject.toml

  • Added requirements.dev.txt

  • Fixed error in pyproject.toml related to project scripts endpoint

Improvements:

• Updated DCSDK from 1.7.2 to 1.8.0:

  • Ability to validate collector setup and exit without pulling any data.

  • Ability to store in the persistence the messages that couldn't be sent after the collector stopped.

  • Ability to send messages from the persistence when the collector starts and before the puller begins working.

  • Ensure special characters are properly sent to the platform.

Improvements:

• Added @devo_pulling_id field.

• Update the `details` endpoint to use the v2 API (due to v1 deprecation)

Bug Fixing:

• Fixed a bug that prevented overriding the base URL.

Improvements:

• The RegEx validation has been updated to enforce the HTTP[S] protocol for all services when this parameter is filled in by the user.

• The Event Stream (eStream) service has been updated to use the same overriding parameter for the base_url than the other previous services. This allows to the user define this only one time for all available services through override_base_url user config file.

Improvements:

• Upgraded underlay IFC SDK v1.3.0 to v1.4.0.

• Updated the underlying DevoSDK package to v3.6.4 and dependencies, this upgrade increases the resilience of the collector when the connection with Devo or the Syslog server is lost. The collector is able to reconnect in some scenarios without running the self-kill feature.

• Support for stopping the collector when a GRACEFULL_SHUTDOWN system signal is received.

• Re-enabled the logging to devo.collector.out for Input threads.

• Improved self-kill functionality behavior.

• Added more details in log traces.

• Added log traces for knowing system memory usage.

New Features:

• CrowdStrike Event Stream (eStream) data source is now available. This service leverages the CrowdStrike Falcon Event Streams API to obtain the customer’s DataFeed URLs and continuosly fetch events that will be ingested under the edr.crowdstrike.falconstreaming.* family of tables. For more information, check the CrowdStrike’s official documentation.

Improvements:

• Upgraded underlay IFC SDK v1.1.3 to v1.3.0.

• The resilience has been improved with a new feature that restart the collector when the Devo connections is lost and it cannot be recovered.

• When an exception is raised by the Collector Setup, the collector retries after 5 seconds. For consecutive exceptions, the waiting time is multiplied by 5 until hits 1800 seconds, which is the maximum waiting time allowed. No maximum retries are applied.

• When an exception is raised by the Collector Pull method, the collector retries after 5 seconds. For consecutive exceptions, the waiting time is multiplied by 5 until hits 1800 seconds, which is the maximum waiting time allowed. No maximum retries are applied.

• When an exception is raised by the Collector pre-pull method, the collector retries after 30 seconds. No maximum retries are applied.

Improvements:

• The underlay IFC SDK has been updated from v1.1.2 to v1.1.3.

• The resilience has been improved with a new feature that restart the collector when the Devo connections is lost and it cannot be recovered.

Vulnerabilities mitigation:

• All critical and high vulnerabilities have been mitigated.

New Features:

• Initial release that includes the following data sources from CrowdStrike API:

  • Hosts

  • Incidents

  • Vulnerabilities

  • Behaviors