Skip to content

Release history for the OPNsense addon for Splunk

The latest version of the OPNsense addon for Splunk is version 1.5.4. See Release notes for the OPNsense addon for Splunk of the latest version.

v1.5.3 May 14, 2023

What's changed

  • Fixed "unknown" action for nat rules #85.
  • Added the field dest_interface for CIM compliance.

Known issues

This version of the OPNsense addon for Splunk has the following known issues. If no issues appear here, no issues have been reported. Issues can be reported on the OPNsense addon for Splunk's Github page.

v1.5.2 Dec 15, 2022

Warning

Only applies if you are upgrading from a version < 1.5.0

This version includes packages for the new version of Add-on builder (v4.0.0) which may cause API credentials to no longer work after updating. After updating to this version, you may have to re-enter the API credentials for the modular inputs to work again by editing the existing account configurations.

What's changed

  • Updated Add-on builder packages.
  • Updated documentation to address required log formats #67.

v1.5.1 Nov 30, 2021

Warning

Only applies if you are upgrading from a version < 1.5.0

This version includes packages for the new version of Add-on builder (v4.0.0) which may cause API credentials to no longer work after updating. After updating to this version, you may have to re-enter the API credentials for the modular inputs to work again by editing the existing account configurations.

  • Adding default allowed action for suricata events
  • Updating field extractions for Suricata events in Drop mode - #58
  • Fixed certificate issue when no cert checking is enabled - #61

v1.5.0 Aug 7, 2021

Warning

This version includes packages for the new version of Add-on builder (v4.0.0) which may cause API credentials to no longer work after updating. After updating to this version, you may have to re-enter the API credentials for the modular inputs to work again by editing the existing account configurations.

  • deprecating sourcetype "opnsense:access" and moving to "opnsense:audit"
  • updated CIM mapping for Authentication events
  • updated to latest add-on builder version

v1.4.3 July 8, 2021

  • fixed script to initial an upgrade check - #49
  • added ability to use a cron schedule for the modular input interval - #52
  • added ability to specify port number for modular input - #53

v1.4.2 June 2, 2021

  • Adding support for absolute paths in modular input setup for certificates - #44
  • Fixed issue with the Verify Certificate checkbox not working properly - #47

v1.4.1 May 27, 2021

  • Fixed incorrect sourcetype transform for modular input - issue #41
  • Increased the truncate limit to allow large events.

v1.4.0 May 27, 2021

  • Added modular input to pull system information (Available Updates, Versions, Installed Packages/Plugins).
  • Updated the suricata sourcetyper to recognize the json data without the standard syslog message header.
  • Fixed ipv6 ICMP events not extracting properly - issue #37

v1.3.2 Dec 14, 2020

  • Added meta field for event length (opnsense_event_length).
  • Added sourcetype for Syslog-ng logs (opnsense:syslog).
  • Added action for "Redirect" if port forwarding logging rules exist.
  • Fixed "unknown" severity for opnsense:suricata:json events - issue #27.
  • Fixed IGMP events not being extracted - issue #32.
  • Fixed Access logs not being extracted - issue #35.

v1.3.1 Oct 31, 2020

  • fixed KV_MODE for opnsense:unbound sourcetype.

v1.3.0 Aug 15, 2020

  • Added compatibility for eve syslog format for Suricata events.
  • Removed incorrect field extraction for DHCP events.

v1.2.9 Aug 5, 2020

  • Added compatibility for new syslog format released in OPNSense v20.7.
  • Updated the 'vendor_options' field to be multi-valued.
  • Appinspect fixes.

v1.2.7 Jul 15, 2020

  • Removed Dependency for CIM app.
  • Fixed multiple regex statements under one stanza.
Last update: October 5, 2023