Release Notes
note
Alert Manager Enterprise Version 2.0 and higher only support Splunk Enterprise 9.0 and higher and Splunk Cloud using python3.
Version 3.2.0
What's new:
- AME-322 Display object references in UI
- AME-531 Extend the freeform search filter to allow searching for all data
- AME-598 Hide tenant field column in event summary if single tenant
- AME-639 SLA Management
- AME-644 MS-Teams: Connectors deprecated
- AME-665 Allow usage of client certificates if required by splunkd
- AME-672 Warn users that their license is about to expire (1 Month before expiration)
- AME-673 Improve event summary field inputs
- AME-686 Extend summary with notable fields
- AME-716 Provide an API Endpoint for retrieving events from AME
- AME-725 Implement "Select all" and "Select page" for events in summary
- AME-738 Extend status option resolution restrictions
- AME-747 Add ability to save multiple views of event summary on tenant
- AME-790 License management should consume the complete json license
- AME-791 Add status_type option for
ameevents
andameenrich
- AME-792 Highlightning of selected event rows
Fixed issues:
- AME-717 Store field filters in saved filters
- AME-783 Bulk deletes missing hard Flag
- AME-793 Error messages wrong, when a valid license is in place, but the user does not have the permissions
Version 3.1.3
Fixed issues:
- AME-780 Bulk update does not chunk existing query
- AME-781 Bulk update modal should only allow save if something is updated
Version 3.1.2
Fixed issues:
- AME-671 Notification action alert_data incorrectly rendered
- AME-692 Unpopulated Assignee Data
- AME-694 Deselection of events not working
- AME-701 Log stdout & return code of vsl / vsw execution
- AME-712 Repository methods missing user name
- AME-719 apply_tll does not check for empty list of new-type status options
- AME-720 Fix typo in authorize.conf
- AME-721 Fixing appinspect warnings (default.meta, collections.conf and dependencies)
- AME-721 Adapting comment prefix
- AME-727 Set event host field to SH in HEC events
- AME-729 Bulk insert failing if to many existing keys to check
- AME-732 Check AM migrated tags for empty strings on events
- AME-736 Write role returning None from SDK
Version 3.1.1
Fixed issues:
- AME-666 Update bulk creating invalid queries if no entries supplied
- AME-667 Expanded event header percentages are reset on event expand
- AME-667 Template contains custom tag references rather than tag value
- AME-669 Rule cron documentation link broken
- AME-670 Fix README.md license bin path
Version 3.1.0
What's new:
- AME-220 Add chips to tags impact and urgency
- AME-253 Add a timeline to event summary
- AME-412 The Full Name of the assignee should be displayed
- AME-413 Event Summary should provide a compact and extended mode
- AME-578 Wildcard matching for contains operator in matching engine
- AME-597 Notable fields should support internal ame fields
- AME-611 Ensure compatibility with Python 3.9
- AME-627 Allow bulk comment on events
- AME-631 Suspend refresh while filter windows is open
- AME-633 Enable rule execution on event update
- AME-652 Add a command to look up where a object reference is used
Fixed issues:
- AME-600 Event summary status should sort on status_name
- AME-606 Some filters are reset when reloading the event summary
- AME-608 Fix reload for update modal when refreshing
- AME-634 Creating an event directly form search does not respect the tenant param
- AME-635 Assignee filter broken due to selection of username extended name as filter
- AME-636 Manual event creation failing with template error
- AME-637 Notification exception if alert data contains multi value fields
- AME-640 Configuration logging background color off in light mode
- AME-641 ameenrich performance improvements
- AME-642 ttl_target missing as alert action parameter + type missmatch
Version 3.0.8
Fixed issues:
- AME-605 Notification-Templates: TextArea and better access to alert data
- AME-609 Correct ame_server log level
- AME-610 Inconsistent Event state after updating event via REST
- AME-613 Action-Notification: allow empty structured templates
- AME-614 Migration tags are not handled the same for event and tag creation
- AME-615 Add count=0 to user list in user tenant mapping to fetch all users
Version 3.0.7
Fixed issues:
- AME-468 ameenrich: verify that it filters what it should, and the filters work as expected
- AME-554 Search not possible if a not initialized tenant exists
- AME-570 Event key filter should use all time search
- AME-573 KVWrapper: dynamically load maximum amount of items
- AME-576 EventService, Event update: skip updates to value event already has (no op)
- AME-581 AM->AME: fix tags migration
- AME-584 CIS Tags not sorted correctly
- AME-586 The selection of event count should persist a page reload
- AME-588 Ensure graceful conversion between int <-> float in models
- AME-591 Scrolling custom filter dropdown out of page crashes page
- AME-592 For field actions, we should not limit protocols in GET Requests
- AME-596 Saved search filter reusing removed search job
Before proceeding with an update, review the Before upgrading guide for this release.
Version 3.0.6
Fixed issues:
- AME-589 Driver gets loaded with wrong Python version on Cloud when default python version is set to python2
- AME-593 Cloud splunk-system-user cache edge case
Version 3.0.5
Fixed issues:
- AME-528 Implement custom persistent appserver to prevent cross app interpreter issues in Splunk Cloud
- AME-567 Fixing inheritance for power / admin role
- AME-571 Workaround for alert action issue with 9.0.x (dot entity)
- AME-580 Adding admin to cloud admin list
- AME-582 Splunk Cloud Port check prevents setup
Version 3.0.4
Unreleased.
Version 3.0.3
Unreleased.
Version 3.0.2
What's new:
- AME-452 Update Reporting Dashboards to support Resolutions
- AME-563 Log initial query in migration task
Fixed issues:
- AME-503 remove app from url query
- AME-513 include resolution dropdown on all status changes
- AME-514 Removing ref check from status option
- AME-515 Do not store
action_params
in originQuery - AME-516 Refresh filter does not update on filter change
- AME-517 Click away the event update modal without closing / submit opens the event
- AME-519 ameevents and ameenrich should give the status type back
- AME-520 Filtering with Status All does not work
- AME-521 Do not use login at SMTP if no credentials configured
- AME-526 Hide password for validation script
- AME-527 notification upgrade task expects wrong amount of old_schemes backed up
- AME-530 Action notifications issues
- AME-553 User timezone frontend using wrong param
- AME-555 Filtering by custom tags is using key instead of tag value
- AME-562 splunk 9.0.7: cannot create entities with
.
in key // cannot create events
Known issues:
- AME-528 Hotfix: conflicting app installations // unload modules on Splunk On-Premises for Scientific Python and Splunk Cloud
Version 3.0.1
Unreleased.
Version 3.0.0
What's new:
- AME-130 Rules scope not specific enough
- AME-207 Implement resolution functionality
- AME-219 Add link to Notification Scheme and Template in Event Summary
- AME-261 Refactor Notifications
- AME-298 Rule conditions match literal strings, wildcard strings and CIDR
- AME-299 Set port number to 443 by default for HEC if Splunk Cloud is detected
- AME-303 Move the refresh time from filters to the icon bar
- AME-306 Refactor Notifications
- AME-307 Refactor Tags
- AME-308 Refactor Rules
- AME-309 Refactor Templates
- AME-312 Refactor Event Service
- AME-313 Refactor Event Report Service
- AME-321 Refactor Tasks
- AME-332 Allow easy copy of the event title
- AME-339 Notable fields order should be kept if only configured from one source
- AME-342 Add direct link to event (for notifications and sharing)
- AME-346 AME should cache User/Tenant mappings in a KVStore Collection
- AME-357 Migration for templates, rules and status_options
- AME-360 Drop support for non-slackapp (legacy) notification channel
- AME-365 EventService: Create AppendTrigger on append (if flag is set)
- AME-366 EventService: Create AssignedTrigger on assignment
- AME-367 Notification-Migration-Task: Create AppendFlow that sends mail to assignee
- AME-376 Migrate AM Migration to 3.0 release
- AME-406 Upgrade migrations.conf to a replicated conf file and remove app.conf setup
- AME-419 Hitting enter in the event summary filter should run the filter
- AME-423 Trigger-condition should contain auto-resolved field references instead of reference keys
- AME-428 Link to Cron Docs should open a new tab
- AME-429 Resolutions Groundwork
Fixed issues:
- AME-213 Alert Handler insert_entry failes with API size limit
- AME-316 Notable Fields column does not scale with long field names
- AME-317 Search based filter takes a long time
- AME-337 Ensure cache is bypassed when fetching data from the REST API in the frontend
- AME-344 Comments missing timezone awareness
- AME-348 E-Mail Link in Splunk Cloud
- AME-361 ame_migration: include fix for tags as list
- AME-383 Exception Handler in create_alert can fail when trying to determine the search_time
- AME-384 alerts in the ame_alertqueue should be deleted with hard=True to prevent the collection from growing large over time
- AME-399 Only show power users in frontend for assignee / default assignee
- AME-420 Set Max-Width for notification-flow-label column
Version 2.0.4
What's new:
- AME-274 Allow the filtering of Workflow Actions
- AME-283 Notable Fields should support wildcards to show all fields
Fixed issues:
- AME-340 Do not show empty notable fields
- AME-343 ameenrich not showing event for all time search
- AME-345 Assign to myself filter broken
- AME-347 E-Mail Link in Splunk Cloud wrong
- AME-349 Migration some ISO timestamps are epoch
- AME-350 Bulk edit comment nor reset
- AME-352 Tag filter for custom tag uses _key instead of tag value
- AME-356 Improved templates for setup page
Version 2.0.3
Fixed issues:
- AME-326 Switch everything to v2 search API
- AME-327 Prevent endless recursion in role manager
- AME-328 Prevent none type mail recipients
- AME-329 Tags existing in multiple accessible tenants are all shown in event
- AME-330 Ignore invalid AM data for migration
Version 2.0.2
Fixed issues:
- AME-264 Setup page shows "Incomplete Restore KV-Store Data" task when it shouldn't
- AME-292 Custom tags are not removed from tag manager after deletion
- AME-297 Premium tags are generated as tenant tags
- AME-304 Large number of users are not displayed properly in Event Summary
- AME-316 Notable Fields column does not scale with long field names
- AME-323 Migration remains failing due to header size
Version 2.0.1
Fixed issues:
- AME-225 Migrating too many AM Incidents exceeds header limits
- AME-269 Appending of alert does not check for custom closed status
- AME-270 Searches get killed by Workload Manager if the timerange is All Time
- AME-271 Search in alert HTML uses all time and wrong context
- AME-286 Email Address Validation fixed
Known issues:
- AME-264 Setup page shows "Incomplete Restore KV-Store Data" task when it shouldn't
Before you upgrade:
- If you are upgrading from AME <1.x, there have been syntax changes in how tags and notable_events are overriden with event fields and savedsearches.conf attributes. See the Advanced Event Creation page.
Version 2.0.0
What's new:
- AME-4 Add UI Theming support
- AME-59 Improve Search in Event Summary
- AME-60 Allow sorting columns in event summary
- AME-177 Backend Filtering Definition + UI Refresh
- AME-181 Knowledge objects should not be shared globally if not needed
- AME-194 Verify that the KV Store can be reconstructed from index events
- AME-201 SPLUNK_BINDIP support
- AME-204 Validate input validation on all handlers
- AME-205 Allow custom dashboards to be added to the Reports Menu
- AME-206 Reporting improvement for Event Analysis
- AME-210 It should not be possible to set the status to assigned without assigning an assignee
- AME-216 Create ameenrich transforming command
- AME-243 Add a link to docs in nav.xml
- AME-247 Move Multi-Rule License check from Security Pack to the Support License
- AME-248 Add event summary page for Splunk Mobile app
- AME-250 Allow the use of template names in savedsearches.conf
Fixed issues:
- AME-182 Custom status closed is shown open
- AME-188 Health Overview ame_service_logs data source needs additional criteria
- AME-232 tag override with multiple tags in savedsearches.conf creates whitespace tags
- AME-233 notable_fields override in savedsearches.conf should support whitespaces
- AME-234 Notable fields are not shown when they contain upper-case letters or white-spaces
- AME-238 Notification modal not loading all alert_actions
- AME-245 Alerts Action not firing in notifications
- AME-246 Remove license check from Alert Action Notifications
Known issues:
- AME-225 Migrating too many AM Incidents exceeds header limits
- AME-264 Setup page shows "Incomplete Restore KV-Store Data" task when it shouldn't
- AME-269 Appending of alert does not check for custom closed status
- AME-270 Searches get killed by Workload Manager if the timerange is All Time
- AME-271 Search in alert HTML uses all time and wrong context
Version 1.2.6
Fixed issues:
- AME-192 Timerange is not applied on first fetch
- AME-215 SHC captain check does not work if cluster uses IPs
- AME-231 Detecting the SHC Captain does not work reliably in Splunk Cloud Victoria stacks with Search Head Clustering
Version 1.2.5
Fixed issues:
- AME-188 updated health overview drill down by token
- AME-189 fixed ame-audit-records behaviour
- AME-191 fixed path of workflow actions
Known issues:
- AME-192 Timerange is not applied on first fetch
- AME-225 Migrating too many AM Incidents exceeds header limits
- AME-215 SHC captain check does not work if cluster uses IPs (Contact Support for Workaround)
- AME-231 Detecting the SHC Captain does not work reliably in Splunk Cloud Victoria stacks with Search Head Clustering (Contact Support for Workaround)
Version 1.2.3
What's new:
- AME-95 added search bar to all tabs in tag manager
- AME-168 improved loading comments for ack tokens
- AME-183 Comment preview that displays rendered Markdown
- AME-184 Comment send on {ctrl}+{enter}, new line on {enter}
Fixed issues:
- AME-175 updated server.conf and added reload on handler_logging.py
- AME-179 Rule Manager crashes when trying to enter timerange
- AME-180 Prevent excessive number of appends to an event
- AME-182 Custom status *closed- is shown open
- AME-185 read_tenantlist_auditreport() returns unexpected keyword error
- AME-186 Alertqueue Consumer log needs more extensive logging
Version 1.2.2
What's new:
- AME-42 Rule Manager rules for periodic time frames
- AME-64 Markdown in comments
- AME-169 Show message to non-admin users on configuration and setup
- AME-160 Allow additional overrides in savedsearches.conf
- AME-165 Improve Supportability
- AME-167 HEC Acknowledgements are possible now
Fixed issues:
- AME-146 Priority column is now colored in priority color
- AME-170 Notable Fields are no longer being ordered
- AME-171 Error fetching tenant and event information
- AME-173 handler_abstract throws attribute error in module splunklib.results
- AME-176 CIM Add-on overrides sourcetype and index for ame:modalert sourcetype
- AME-179 Rule Manager crashes when trying to enter timerange
Version 1.2.1
Fixed issues:
- AME-150 fixed e2e and alertqueue problem
Version 1.2.0
What's new:
- AME-26 Use savedsearches.conf annotations to assign tags
- AME-27 Allow the creation and presentation of tags that are not managed by tag manager
- AME-37 Existing Splunk Alert Action can be used as additional channels
- AME-50 Add CIS v7 (CIS20) Tags to Security Knowledge Pack
- AME-51 Add CIS v8 Tags to Security Knowledge Pack
- AME-52 Add NIST Tags to Security Knowledge Pack
- AME-53 Add CVE Tags to Security Knowledge Pack
- AME-112 Add Paginator for Notable Fields for once per search trigger is selected
- AME-128 Support new Slack App based Webhooks
- AME-129 Add flag to enable/disable notifications for appended events
- AME-135 Roles should be assignable through intermediate roles
Fixed issues:
- AME-132 % in title prevents events from being generated
- AME-136 Once per search events should only be counted as one event in trend indicators
- AME-141 Template Manager allows upper case custom tag definition
- AME-142 Tenant Manager UI validation does not allow valid Splunk Cloud HEC Host