Release Notes

CS Enterprise 3.6.0

3 min read

CloudShark is excited to announce the release of version 3.6.0 which delivers a big upgrade to our web-based packet viewer. It’s all new and a lot faster than the old one and opens the door to a bunch of new features. We’re also introducing the “CS Enterprise” branding into the product with this release.

CS Enterprise and CloudShark.io

Same great product, same amazing team building it — and now a new name and new branding both in the product, and on our new cloudshark.io domain. Please check out the new site if you haven’t yet. This move is designed to help us differentiate better between our hosted and self-managed offerings.

Note: Our email addresses have changed to use the new .io domain as well, but we still will receive messages sent to the old .org addresses for now. It’s a good time to update your address book.

All of our support documentation at support.cloudshark.io has been revamped and updated as well.

New Features

Next-Gen Packet View

The biggest update in this release is our new Packet View which boasts incredible speed, flexibility, and usability. It’s been about a year in the making and is also available as a stand-alone devkit for 3rd parties.

Highlights
  • Sortable columns!
  • Instantly scroll through up to 400,000 packets at once
  • New side-by-side decode layout makes better use of space
  • Drag & Drop decode field values as display filters!
  • New annotation editor with markdown previews and color support

New Profile Editor

We also have added a dedicated Profile editor, letting you change all your per-capture preferences in a single place.

  • Consolidated all the settings into one dialog box
  • Cleaned up the Analysis Tools menu
  • Still includes our favorite column presets
  • Simplified RSA key management rules

We’re working on making profile management a first-class feature within CloudShark, and this is the first step towards that goal.

[Action Required] Upgrade your profiles

The new Profile Editor uses a new format to store profiles on disk. If you would like to migrate your existing capture settings to the new format, you must run an additional command after upgrading.

Step 1. Make sure you are the cloudshark user:

su - cloudshark

Step 2. Run the upgrade tool from the correct directory:

cd /var/www/cloudshark/current
bin/run bin/upgrade-profiles.rb

This command will convert custom settings like columns, decode-as rules, and protocol preferences to the new storage format.

Note: RSA key-based decryption is not automatically migrated

Due to the security concerns around exposing decrypted traffic, the RSA Key assignments from prior versions are not automatically migrated. If you have applied RSA Keys to perform decryption, you will need to go back into each file in CS Enterprise and re-apply those keys. The upgrade tool will print out a list of the affected capture files.

Updated Internals

Wireshark is updated to version 2.6.10

Threat Assessment

Updated version of Suricata to 4.1.4 as well as refreshed of the ET Open rule set. If you aren’t keeping your rules up to date on a daily or weekly basis, and want to be, you can learn how from our support article.

Bug fixes and other changes

  • Remove uploads from /tmp if they aren’t imported for some reason
  • Support API Open requests that have single-encoded spaces in the requested URL
  • Added http.time (response time) to the HTTP columns preset