Sophos Reporter Release Notes
Subscribe
Sophos Reporter 3.0.1.61 (2022-04-29)
  • Fixed issue with the new keyword feature introduced in 3.0.1 59 that causes the software to freeze and lockup under certain keyword matching conditions.
Sophos Reporter 3.0.1.60 (2022-04-19)
  • The Unassigned Productivity list (Settings | Productivity) now has a limit of 200 values.
  • Added support for Source and Destination Country, Source and Destination Zones, Zone Type as well as Source and Destination Interfaces. These field can be used in report and alert filters, and added to alert evidence tables. Note, these fields are logged by Sophos XG/XGS, not the SG/UTM models.
  • IT Network and Security reports now include widgets for Zones, Interfaces and Countries.
Sophos Reporter 3.0.1.59 (2022-03-17)
  • Added Keywords Feature centralizing all safeguarding keywords in one place (Settings | Keywords). The keywords lists apply to both reports and alerts, are automatically updated, and now include ‘whole word matching’. Each keyword has its own list of excluded keywords to reduce false positives.
  • Renamed the ‘Suspicious Searches’ widget in Overview Reports to ‘Keyword matched searches’
  • Added ‘Keyword Matched Videos’ widget that matches YouTube video titles against the new Keyword lists.
  • Added Keyword highlighting to keyword matching widgets in Overview Reports.
  • Alerts can now include columns in the Alert Evidence table for:
    – Search Terms with Keyword Highlighting
    – Search Terms Keyword Group
    – Search Terms Matched Keyword
    – Media Title with Keyword Highlighting
    – Media Title Keyword Group
    – Media Title Keyword Highlighting
  • Fastvue’s default alerts now have a ‘Reset to factory defaults’ option. This lets you reset the Search Term alerts to the new defaults which reference the new Keyword groups instead of having all keywords entered directly in the Alert’s criteria.
  • Fixed issue where alert emails could be sent with an empty alert evidence table.
  • Modified the default/suggested data retention size policy for new installs to better account for the disk’s available space.
  • Critical disk space thresholds now default to to 2GB instead of 5%.
  • Fixed an issue that may prevent the data retention policy from running for up to one hour, before it starts working again.
Sophos Reporter 3.0.1.58 (2022-02-18)
  • Security fix: Added extra mitigations to prevent javascript embedded in log data (such as script tags in URL query strings) from executing when viewing the log data within Fastvue Reporter’s web interface.
  • Sophos SG / UTM’s pppd-l2tp failed CHAP authentication events are now shown in the ‘Failed VPN logins’ widgets.
Sophos Reporter 3.0.1.57 (2021-12-22)
  • Added mitigations for log4j “Log4Shell” vulnerability (https://nvd.nist.gov/vuln/detail/CVE-2021-44228). Fastvue Reporter now starts Elasticsearch with the JVM property that mitigates the vulnerability in Elasticsearch 5.6.14 (the version that Fastvue Reporter uses).

    Unfortunately, we cannot easily update Elasticsearch or its Log4j version at this time, so Fastvue Reporter may still trigger vulnerability scanners.

    Please see our article on further mitigation steps and latest updates: How to mitigate the Log4j vulnerability on your Fastvue Reporter server.
  • Fixed Security Group filtering for users with a different sAMAccountName to the user portion of their User Principal Name in Active Directory (e.g. sAMAccountName = testuser but UPN = testuser2@domain.com)
  • Fixed issue where the YouTube Videos widget showed a blank row with ‘unknown video’ thumbnail image when exported to PDF.
Sophos Reporter 3.0.1.56 (2021-11-24)
  • Fixed the ‘Test YouTube Integration’ feature in Settings | YouTube to test a range of video IDs in case a test video is removed. This fixes the ‘Object reference not set to an instance of an object’ error that you may have seen if you used the Test YouTube Integration feature.
  • Added a success message to the main Settings | YouTube page if the integration is working.
  • Charts updated to include two more colours (yellow and purple) also moved orange and light blue around in the order.
Sophos Reporter 3.0.1.55 (2021-10-21)
  • Fixed issues receiving syslog when using IPv6 addresses.
  • Reduced extra CPU and RAM usage introduced in 3.0.1.54 when improving the performance of loading UI resources and API requests.
Sophos Reporter 3.0.1.54 (2021-10-13)
  • The YouTube Videos section in reports now links to the video’s watch URL in the Video Thumbnails and Video Title columns.
  • Exporting the YouTube Videos section to CSV now includes the video’s watch URL and excludes the Thumbnail.
  • Improved the performance of loading UI resources and API requests.
Sophos Reporter 3.0.1.53 (2021-09-28)
  • Fixed a rare deadlock issue that may cause the Fastvue Reporter service to lockup, and the front-end user interface to load very slowly or timeout.
  • Fixed issues where the data outside of the retention policy may not be deleted.
  • Folder paths added to the Windows registry are now quote qualified, resolving ‘unquoted service path enumeration vulnerability’ issues.
  • Removed the ability to change the Data Storage path in Settings | Data Storage, as doing so would cause the user interface to be unresponsive until all data had moved to the new location. This was a poor user experience and had the potential to cause further issues if the server is rebooted during the data move, potentially corrupting data. You can still change the Data Storage location, but this must be done manually. See our knowledge base article: Changing Fastvue Reporter’s Data Location.
Sophos Reporter 3.0.1.52 (2021-09-14)
YouTube Videos Report
  • VPN widgets now populate when running in ‘Demo Mode’
  • Improved search term extraction to exclude non-search data from certain domains.
  • Historical log import and file system sources have better exception handling for non-supported zip file formats.