Release Notes

CS Enterprise 3.8.0

3 min read

See your PCAP from a totally new perspective with our new Zeek Logs analysis tool. CS Enterprise 3.8 comes with the industry standard Zeek (formerly Bro) analysis tool pre-installed and configured to run against your capture files.

New: Zeek Logs Analysis Tool

We are very excited to introduce a new Analysis Tool in CloudShark that is built on top of the industry standard Zeek network security monitoring tool.

We have a sample PCAP posted for you to play with right now over on our hosted instance.

Zeek (formerly Bro) delivers concise logs for all the traffic in a PCAP file. These logs are higher level than CloudShark’s typical full-packet-decode views and give you a different way to approach your analysis.

Because these logs are built on top of the full PCAP data, CloudShark is uniquely able pivot back to the packets from a Zeek log entry.

Use Zeek to get a wider, zoomed out view of your traffic, then dive back down to the protocol level with one click.

Read our documentation to learn more about the Zeek Logs analysis tool.

CentOS 8

We’ve dropped CentOS 6 and added CentOS 8 support in CloudShark!

Did you know that CentOS 6 stops getting maintenance updates at the end of November 2020? It’s time to move on. We’re really excited to bring support for more modern Linux internals in CentOS 8. But beyond that, we’re happy to leave a bunch of stuff behind by dropping CentOS 6.

A few of the things we’ve been able to streamline:

  • Long Term Support for CentOS 8 through May, 2029
  • Consistent dependencies between OS’s
  • Fewer packages to install
  • All daemons run via systemd
  • LDAP/AD External Authentication is much easier to configure

If you are still running CS Enterprise on CentOS 6 please contact support@cloudshark.io for upgrade assistance including a free transition license.

Suricata 5.0

CS Enterprise 3.8 brings an update to the Suricata engine that powers our Threat Assessment Addon. There’s a lot of new things in 5.0 like:

  • Improved rule syntax and faster analysis
  • Support for GeoIP based rules and alerts
  • JA3 support for enhanced alerts on encrypted traffic
  • Better update mechanism with suricata-update

If you are a Threat Assessment customer and are using the stock out-of-the-box rule sets, there is nothing for you to do. However, if you are utilizing custom rules, pulling in ET Pro or some other 3rd-party rule set, please contact support@cloudshark.io for help migrating to the 5.0 rule set.

Bug fixes and other changes

  • Passwords of local accounts can now be up to 255 characters in length.
  • Correctly resolve a users $HOME directory.
  • Resolve a crash when a Threat Assessment returned too many results.

Upgrading

This upgrade is not supported on CentOS 6. Please contact CloudShark Support for help migrating.

Upgrading to CloudShark 3.8 requires a helper script and will not work with the old cloudshark-admin command. Please run the following up prepare your system for the upgrade:

Run as root:
bash <(curl -s https://support.cloudshark.io/upgrade3.8)

This script will update your cloudshark-admin command first, and then proceed with the usual upgrade. It is required due to changes in the underlying OS and service configuration.