3.3 Release notes

What's new in this release?

Unomaly 3.3 was released on April 1, 2019.

Introducing the Explore page

The Explore page is a new section where you can explore the data that Unomaly has seen and processed. With your feedback we hope to promote these visualizations to fully-fledged features in an upcoming release.

The Explore page includes two views, Event profiles and Infrastructure.

  • Event profiles gives you access to all the log events that Unomaly learned while analyzing your environment.
  • Infrastructure displays a dynamic visualization of your environment. Each bubble represents a system. The size of the systems indicate the volume of events per second that system generates. The colors indicate whether the system has seen at least one anomaly in the last hour.

In upcoming releases, we'll add more data visualizations to help you better understand the state of your systems. We would love to hear what you think about this feature. You can use the "Was this helpful?" button on the bottom right of the Explore page to send us your feedback.

Transforms (Experimental)

Transforms allow users to help the Unomaly algorithm correctly cluster log events by merging tokens. This can significantly decrease the rate of false positive anomalies detected by Unomaly when log structures can vary a lot. Experimental transforms are enabled by default.

For more information, see the Technical note for Experimental transforms.

Metrics dashboard

In this release, it's possible for you to see the metrics about your Unomaly instance and the Analytics that you provide to us. Navigate to your Unomaly instance: https://<unomaly_host>/grafana

You can find two dashboards:

  • Full system metrics: This dashboard show you information about the state of the instance that Unomaly is running on. You can see your CPU and Memory usage, as well as system load and uptimes.
  • Unomaly metrics: This dashboard shows you the product metrics and user interaction information that we see when you enable Analytics.

User authentication and login

We have reimplemented how we handle user authentication. This means that if you are currently using SAML and LDAP, you will need to redo your configurations. See "Configure user authentication".

With this release, we strongly recommend that each user have their own account to access your Unomaly instance. Our intention is to provide more personalized or customized content for user accounts.

Important:

  • If you are currently using SAML and LDAP, you need reconfigure your authentication.
  • The API token is now located under Settings > Authentication > API Access. The API token will be migrated for existing customers. New customers will have the API access disabled by default.
  • Users must have a unique username and email address for the migration to succeed.

Other changes

Upgrading to 3.3 will run a database migration. The time it takes to run the migration depends on how many systems you have and the kind of logs that have been processed. This could take up to several hours if the dataset is very large.

Changelogs

3.3.4

April 24, 2019

Unomaly 3.3.4 includes the following changes.

  • Admins can now configure Local Signup in Settings > Authentication to allow users to create an account using the Unomaly login page. See Configure user authentication.
  • When creating users, admins can now add more than one user at a time in Settings > Users by supplying a list of comma-separated email addresses.
  • Users can now reset their password by clicking "Forgot password?" on the login page. (This used to be available only from the console menu.)
  • An admin can send audit logs to a syslog receiver by configuring the audit trail functionality in Settings > General.
  • Added new functionality to Explore > Event profiles: You can now select a time range to filter the events list. Knowns are matched in the events list, and you can edit the known.
  • Reduced IO writes by moving the free text search index for Event profiles. Expect to wait at least 24 hours before using free text search because the search index will be re-created as new logs come in, and the search will not yield results until logs has been seen.
  • Fix 3219 HTML escape situation event when sending email.
  • Passwords created before 3.3 will now be rehashed using Argon2Id to improve password security.
  • Removed EULA from installation scripts.
  • Run mongo in container and uninstall from host.
  • Added ability to create knowns in events profile page.
  • Added ability to copy log text in events profile page.
  • Added last seen filter to event profile page.
  • Redis is now running in a container instead of on the host.

3.3

April 1, 2019

Unomaly 3.3 includes the following changes:

  • Replace PHP authentication with API-service based authentication
  • Fix issues using rest API with basic auth
  • Fix issue where the UI sometimes displays a blank page
  • Changed database queries so that searching for situations with a filter (free text, known, known tag) is faster
  • Add new setting to enable/disable away situations
  • Add a toggle to enable/disable experimental transforms
  • Remove experimental score
  • Enable gzip compression for all REST API endpoints
  • Remove auth from grafana and prometheus endpoints
  • Add new Explore page