Release Notes

CS Enterprise 3.7.1

3 min read

We have been laying the ground work for one feature over the past few releases and we’re very excited to finally deliver it to you: You can now import your favorite Wireshark profiles into CloudShark and share them with your team!

If you’ve been waiting to update, now is a great time to upgrade your CS Enterprise instance and take advantage of all these new profile features as well as the usual bugfixes and performance improvements!

What’s new?

Import your Wireshark profiles

We’re big fans of using the right Profile for the right analysis situation, and we’ve made it even easier for everybody to take their favorite profiles from Wireshark and import them into CloudShark!

There are lots of sources of Wireshark profiles out there on the internet, or from training classes that you’ve taken. Bring all that knowledge with you and share it with your team.

This feature can be toggled on and off by the administrator if necessary, and there is a profile file-size limit that can be adjusted depending on your situation.

If you haven’t explored the new Profile Management features yet, you should watch our recent webinar where we went over a bunch of different use-cases.

Import Profile from a .zip

CloudShark supports importing a single profile at a time, uploaded as a .zip of the profile’s directory.

For example:

 ProfileDir/
    preferences
    colorfilters
    decode_as_entries
    tls_keylog_file

Please note, bulk-import of more than one profile in a single .zip is not currently supported.

Export profile

Profiles can also be exported to a .zip file and downloaded for use on other installations of CloudShark, or in your favorite open source analyzer!

Profile Improvements

In addition to importing profiles, we’ve also improved things a little bit from our initial 3.7.0 release.

Markdown support

CloudShark profiles let you add a description to remind yourself and help others understand what that profile is for, or where it came from. These now support markdown to let you embed links and other formatting.

New profile-switcher layout

We’ve updated the profile switcher layout to give your descriptions a little more room to breathe. Taking the time to write a good profile description will save you tons of time in the future deciding which one to use. Go wild!

Support for additional features

Additional profile features like Coloring Rules are supported on imported profiles. They aren’t able to be edited within the browser yet, but these, and other Wireshark-specific features will be applied to your capture and supported.

Updated Internals

  • Wireshark has been updated to version 2.6.XXX

Bug fixes and other changes

  • Fix incorrect/extra HTML escape sequences when importing pcap-ng packet comments and annotations
  • Improve layout of login screen when using OAuth/SAML
  • Avoid linking to invalid frame numbers in Threat Assessment table summary
  • Stop preventing audio playback in Firefox
  • Fix bug in curlrc that was creating duplicate custom HTTP headers in some situations
  • Remove <em> from Threat Details pop-up caption

Reminder: Upgrade your profiles if you are upgrading from CS Enterprise 3.6.0 or older.

Starting with CS Enterprise 3.6.0, the CloudShark Profile Editor uses a new format to store profiles on disk. If you are upgrading from a version prior to CS Enterprise 3.6.0 and would like to migrate your existing capture settings to the new format, you must run an additional command after upgrading to 3.7.1:

Read the Upgrade Instructions in the 3.6.0 release notes.