Reporter for Palo Alto Release Notes
Subscribe
Reporter for Palo Alto 1.0.1.61 (2022-04-29)
  • Fixed issue with the new keyword feature introduced in 1.0.1 59 that causes the software to freeze and lockup under certain keyword matching conditions.
Reporter for Palo Alto 1.0.1.60 (2022-04-19)
  • The Unassigned Productivity list (Settings | Productivity) now has a limit of 200 values.
  • Added support for Destination Country. This field can be used in report and alert filters, and added to alert evidence tables.
  • Fixed and worked around logging issues in PanOS 10.2 including one where invalid log data could creep into the Category field causing hundreds of thousands of categories in the Productivity ‘Unassigned’ list, causing reporting issues.
  • Improved application risk assignment using new log fields in PanOS v10.2. Previously the risks were shown as Low, Medium and High. New assignments are:
    • 1 – Very low
    • 2 – Low
    • 3 – Medium
    • 4 – High
    • 5 – Very high
  • High risk alert now triggers on Very high as well as High. Click the ‘Reset to default’ option on the Alert in Settings | Alerts, or simply add ‘Very high’ to the Alert’s criteria.
Reporter for Palo Alto 1.0.1.59 (2022-03-17)
  • Added Keywords Feature centralizing all safeguarding keywords in one place (Settings | Keywords). The keywords lists apply to both reports and alerts, are automatically updated, and now include ‘whole word matching’. Each keyword has its own list of excluded keywords to reduce false positives.
  • Renamed the ‘Suspicious Searches’ widget in Overview Reports to ‘Keyword matched searches’
  • Added ‘Keyword Matched Videos’ widget that matches YouTube video titles against the new Keyword lists.
  • Added Keyword highlighting to keyword matching widgets in Overview Reports.
  • Alerts can now include columns in the Alert Evidence table for:
    – Search Terms with Keyword Highlighting
    – Search Terms Keyword Group
    – Search Terms Matched Keyword
    – Media Title with Keyword Highlighting
    – Media Title Keyword Group
    – Media Title Keyword Highlighting
  • Fastvue’s default alerts now have a ‘Reset to factory defaults’ option. This lets you reset the Search Term alerts to the new defaults which reference the new Keyword groups instead of having all keywords entered directly in the Alert’s criteria.
  • Fixed issue where alert emails could be sent with an empty alert evidence table.
  • Modified the default/suggested data retention size policy for new installs to better account for the disk’s available space.
  • Critical disk space thresholds now default to to 2GB instead of 5%.
  • Fixed an issue that may prevent the data retention policy from running for up to one hour, before it starts working again.
Reporter for Palo Alto 1.0.1.58 (2022-02-18)
  • Security fix: Added extra mitigations to prevent javascript embedded in log data (such as script tags in URL query strings) from executing when viewing the log data within Fastvue Reporter’s web interface.
Reporter for Palo Alto 1.0.1.57 (2021-12-22)
  • Added mitigations for log4j “Log4Shell” vulnerability (https://nvd.nist.gov/vuln/detail/CVE-2021-44228). Fastvue Reporter now starts Elasticsearch with the JVM property that mitigates the vulnerability in Elasticsearch 5.6.14 (the version that Fastvue Reporter uses).

    Unfortunately, we cannot easily update Elasticsearch or its Log4j version at this time, so Fastvue Reporter may still trigger vulnerability scanners.

    Please see our article on further mitigation steps and latest updates: How to mitigate the Log4j vulnerability on your Fastvue Reporter server.
  • Fixed Security Group filtering for users with a different sAMAccountName to the user portion of their User Principal Name in Active Directory (e.g. sAMAccountName = testuser but UPN = testuser2@domain.com)
  • Fixed issue where the YouTube Videos widget showed a blank row with ‘unknown video’ thumbnail image when exported to PDF.
Reporter for Palo Alto 1.0.1.56 (2021-11-24)
  • Fixed the ‘Test YouTube Integration’ feature in Settings | YouTube to test a range of video IDs in case a test video is removed. This fixes the ‘Object reference not set to an instance of an object’ error that you may have seen if you used the Test YouTube Integration feature.
  • Added a success message to the main Settings | YouTube page if the integration is working.
  • Charts updated to include two more colours (yellow and purple) also moved orange and light blue around in the order.
Reporter for Palo Alto 1.0.1.55 (2021-10-21)
  • Fixed issues receiving syslog when using IPv6 addresses.
  • Reduced extra CPU and RAM usage introduced in 1.0.1.54 when improving the performance of loading UI resources and API requests.
Reporter for Palo Alto 1.0.1.54 (2021-10-13)
  • The YouTube Videos section in reports now links to the video’s watch URL in the Video Thumbnails and Video Title columns.
  • Exporting the YouTube Videos section to CSV now includes the video’s watch URL and excludes the Thumbnail.
  • Improved the performance of loading UI resources and API requests.
Reporter for Palo Alto 1.0.1.53 (2021-09-28)
  • Fixed a rare deadlock issue that may cause the Fastvue Reporter service to lockup, and the front-end user interface to load very slowly or timeout.
  • Fixed issues where the data outside of the retention policy may not be deleted.
  • Folder paths added to the Windows registry are now quote qualified, resolving ‘unquoted service path enumeration vulnerability’ issues.
  • Removed the ability to change the Data Storage path in Settings | Data Storage, as doing so would cause the user interface to be unresponsive until all data had moved to the new location. This was a poor user experience and had the potential to cause further issues if the server is rebooted during the data move, potentially corrupting data. You can still change the Data Storage location, but this must be done manually. See our knowledge base article: Changing Fastvue Reporter’s Data Location.
Reporter for Palo Alto 1.0.1.52 (2021-09-14)
YouTube Videos Report
  • Historical log import and file system sources have better exception handling for non-supported zip file formats.