Reporter for Palo Alto Release Notes
Subscribe
Reporter for Palo Alto 1.0.1.51 (2021-08-17)
  • Fixed issue introduced in build 1.0.1.49 where users only get associated with one Security Group, causing issues filtering reports by Security Groups.
  • You can now add LDAP and Email servers with no authentication details (fixes issue introduced in build 1.0.0.50) 
  • Fixed issue in Settings | Sources where the issue “Unable to read data from the transport connection” could repeatedly appear. 
  • Fixed URL parsing issues when the URL includes the wildcard * character.
  • Improved the display of expired license keys in Settings | Licensing.
Reporter for Palo Alto 1.0.1.50 (2021-07-26)
  • Fixed a critical security vulnerability where anyone with access to the Fastvue Reporter site could potentially exfiltrate the credentials specified for connecting to your email server, LDAP server, or proxy server.

    Please update your Fastvue Reporter software immediately, and change the password associated with the credentials specified in Settings | Email, Settings | Proxy Server and any specified LDAP server in Settings | Directory / LDAP (you’re not affected if you’re using the ‘Default Domain Controller’ option).

    Also, make sure authentication and authorization is configured for the Fastvue Reporter site so that only the required people have access to the site. To do this, see our KB article: How do I secure the Fastvue Reporter interface with login credentials. ​​

    Thank you to security researcher, Sina Kheirkhah (LinkedIn, Twitter), for reporting the vulnerability.
  • Improved memory usage associated with importing log data.
  • When the Memory Settings in Settings | Diagnostic | Database are set to ‘Automatic’, the JVM Xms (initial heap size) now scales from 256MB to 2GB depending on total physical RAM.
  • Fixed issue preventing the ‘no syslog data received’ alert from triggering. To configure this alert see our KB article: How to setup email notifications when syslog data is not received.
Reporter for Palo Alto 1.0.1.49 (2021-06-22)
  • Reduced the impact of syslog data import on system performance.
  • Improved the raw loading speed of log data into the Elasticsearch database.
  • Improved search term extraction.
Reporter for Palo Alto 1.0.1.48 (2021-05-18)
  • Fixed a major issue introduced in x.0.1.47 causing high resource usage and Overview Reports to fail.
  • Search Terms are now extracted for the common search engine URLs regardless of the URL category. Previously, Fastvue Reporter only extracted search terms from URLs where the URL Category was set to ‘Search Engines’ or equivalent and a few other categories. This was an issue for customers whitelisting sites such as Google, resulting in a different category being logged for the traffic.
  • Fixed issues preventing the Report page’s “Cancel Report” button from correctly cancelling the generating report.
  • SourceHost, DestinationHost, and ReferrerHost are now imported as lowercase resolving case sensitivity issues.
Reporter for Palo Alto 1.0.1.47 (2021-04-01)

Fastvue has recalled this version due to issues reported by several customers after upgrading. If you have upgraded to this version and are experiencing high resource usage (CPU/RAM) and/or reports are failing, please downgrade to the previous build below. Download the update and click Next through the installation wizard without making any changes.

  • Improved the performance of the Alerts engine resulting in lower RAM usage of the Fastvue Reporter process.
  • Fixed the extraction of YouTube searches after a YouTube change altered the way search results get logged by firewalls.
  • IT Network and Security reports now include buttons for Network Traffic and Web Traffic for some widgets. This prevents the extra information logged by Palo Alto’s URL log from bloating bandwidth figures on in the Network Traffic section, while still allowing results to be displayed when filtering the reports by URLs and other data only logged in the URL logs.
  • Added Virtual System column to the Palo Alto Firewalls widget in IT Network and Security Reports.
  • Search Terms are now always extracted from the common search engines, regardless of the URL category logged by the firewall (a different category can be logged due to whitelists and custom categories).
  • Updated default keywords relating to Drug Searches. Note: You will not see the changes to Alerts automatically. Please see our article on Updating Alerts to the latest version while keeping any custom alerts.
  • Alert Evidence that contains special HTML characters such as < > & “” are now displayed correctly on the Alerts tab and in Alert emails.
  • Fixed issue that occurs on some non-english systems (such as Turkish) where some aspects of the user interface would not function correctly.
  • Fixed issue that prevented installation on systems without a .vbs file association.
  • The Source issue “Unable to read data from the transport connection” is no longer regularly displayed when importing syslog data over TCP.
Reporter for PaloAlto 1.0.1.46 (2021-02-16)
  • Improved log import speed.
  • The Blocked Unacceptable Sites widget no longer shows IPs from application traffic.
  • Updated text in Settings | Licensing to remove the message about the number of license keys relating to licensed sources. A single key can now license multiple sources.
  • Updated default keywords relating to Adult and Profanity alerts and suspicious searches. Note: You will not see the changes to Alerts automatically. Please see our article on Updating Alerts to the latest version while keeping any custom alerts.
Reporter for Palo Alto 1.0.1.45 (2020-11-17)
  • First GA Release of Fastvue Reporter for Palo Alto!
  • Improved licensing system. Each installation of Fastvue Reporter can now support a single key in Settings | Licensing that can be renewed rather than replaced at renewal time with a new key. Fastvue Reporter also no longer requires a separate key for each firewall that needs monitoring.
  • Added a Proxy Settings page to enter the details of your proxy server if one is required for Fastvue Reporter to connect to the internet. The Fastvue Reporter server needs to access licensing.fastvue.co and api.fastvue.co for license activation and Site Clean updates.
  • Size is now shown for web data (URLs) when running in Demo Mode.
Reporter for Palo Alto 1.0.0.13 BETA (2020-10-26)
  • Fixed issue introduced in 1.0.0.12 that can increase RAM usage, make the software unresponsive, and prevent the import of data.
  • Reports and Alerts can now be filtered by Virtual System.
  • Fixed issue preventing the export of reports with long titles.
  • Reports are now automatically unloaded from memory after 15 minutes of inactivity.
  • Fixed issue preventing the import of Security Groups with more than 1500 members.
  • Improved search results extracted from Yahoo, Bing and YouTube.
  • Authenticated traffic is now correctly matched to an Active Directory user object when the firewall logs the UserPrincipalName as the user.
  • Fixed issue where filtering Activity Reports by Productivity groups provided unexpected results in some cases.
Reporter for Palo Alto 1.0.0.12 BETA (2020-09-22)
  • All reports have been adjusted to show the bandwidth information for Sites. Fastvue Reporter is now calculating the size of URLs in the Threat log using the matching session ID in the Traffic log.
    • Added Top Sites and Top Downloads widgets to the Bandwidth Dashboard.
    • Renamed the Usage section to Bandwidth in the Internet Usage and All Usage reports. Added Top Sites by Size widget, and added size columns to other widgets in the report.
    • Activity Reports now show a ‘Size’ column.
    • The Allowed Sites section in the IT Network and Security and All Usage report now includes size columns.
  • The filter in for the Allowed Sites section in the IT Network and Security Report was adjusted as it was also showing blocked sites.
  • The duplicated Most Allowed Undesirable Application widget in the IT Overview section of the IT Network and Security and All Usage Reports was replaced with Top Rule.
  • Fixed inconsistencies in column naming in the IT Network and Security report
Reporter for Palo Alto 1.0.0.11 BETA (2020-09-02)
  • Size of URLs in the Threat log are now calculated by matching the session ID in the Traffic log. For sessions with more than one URL in the Threat log, the size is attributed to the last URL in the session.
  • The ‘Any’ category is no longer attributed to a Productivity list. This was causing a large amount of traffic to show under the ‘Unassigned’ Productivity group.
  • Renamed the Firewall Server field to Firewall Hostname
  • Added Firewall IP field
  • Fixed issue with excessive memory and CPU usage when an alert is configured using the ‘Greater than’, ‘Less than’, ‘Greater than or equal’, or ‘Less than or equal’ operators on numeric fields that are not aggregates, such as Hours or Ports.