Skip to main content
Version: 3.7.0

Release Notes

warning

Before proceeding with an update, review the Before Upgrading guide. Failing to do so may result in data loss or downtime.

Furthermore, users are strongly encouraged to review the release notes for each version before upgrading, to understand the impact of changes, including feature removals or default behaviour modifications.

For more information regarding the release process, please see the Versioning page.

See below for the latest changes and fixes. For older versions, please refer to the respective documentation version.

Version 3.7.1

  • AME-1559 Non-documented Splunk Cloud app installation process caused missing library dependency errors

Version 3.7.0

What's new:

  • AME-1463: Remove support for python3.7
  • AME-1496: Allow Export of Vulnerability Realizations from Realization Overview
  • AME-851: Allow Export of Events from Event View
  • AME-1510: Add risk events changed notification flow
  • AME-1501: Add active or inactive status badge to realization rules
  • AME-1446: Add remaining TTL in expanded event view
  • AME-1438: Add observables columns by risk event status if observable_info set
  • AME-1474: Add number of Open Events KPI to Vulnerability Report
  • AME-1334: Add number of notable realization KPI to Vulnerability Report
  • AME-1333: Add percentage closed within given days realization KPI to Vulnerability Report
  • AME-1471: Add support for ame_host variable in Vulnerable Drilldowns
  • AME-1349: Add schema validationg / hints for matching components
  • AME-1337: Add Copy Event Data functionality with rendering to templated based format
  • AME-1233: Add OAuth2 authentication support for mail sending
  • AME-1197: Add optimized automated recalcualtion of observable group memberships on group delete
  • AME-953: Add support for overriding description field from savedsearch.conf or alert field
  • AME-872: Add Copy tooltip support for arbitrary and configurable event fields
  • AME-855: Add support for editing existing field filters from filter component
  • AME-1466: Add deprecation check for Windows starting with 4.0
  • AME-1459: Add upgrade task to remove case_sensitive_match from existing non-default tenant transforms

Fixed Issues

  • AME-1534: AccessRecordModel missing default values
  • AME-1448: Fix internal links with using query parameters
  • AME-1406: Prevent testing CVE fetch with unsaved changes
  • AME-1476: Fix alignment for Vulnerability Report Status Info
  • AME-1531: TicketIntegration for Jira failing if no status mapping is defined
  • AME-1503: Use certifi in case Splunk does not provide certificates
  • AME-1495: Event Summary Colors not matching color scheme
  • AME-1483: Long dropdowns don't shrink with narrow browser windows
  • AME-1477: Vulnerability Report Dropdown marked mandatory when it is not
  • AME-1468: Switching tabs does not keep tenant selection
  • AME-1467: Tenants are not ordered the same in all tabs
  • AME-1462: Invalid earliest & latest time with undefined values
  • AME-1457: Vulnerability Reports should contain the AME Event-ID
  • AME-1456: Vulnerability Report Timestamps should be converted from epoch into human readable format
  • AME-1453: Support Central purge is only deleting half of all elements in the collection
  • AME-1445: TicketIntegration for Jira ignores fields with "create_only" on create
  • AME-1444: RealizationDetail link to event broken
  • AME-1443: Slack Append notification has wrong text
  • AME-1440: TTL behaviour not set to true on "new" status option
  • AME-1412: Fix alignment in MatchPopover
  • AME-1410: Saving the vulnerability configuration also sets the last execution time
  • AME-1407: Direct From Search Data Trigger Metadata is not flattened and cannot be used in matching
  • AME-1398: AQEntry does not accept int in ame._time
  • AME-1374: Pagebreaks aren't included in Vulnerability Intelligence Reports
  • AME-1316: API docs for matching conditions contain obsolete string

Deprecation notice:

Starting with version 4.0.0, the following features will be deprecated and removed:

  • “squash” configuration option on notification targets
  • Removal of CVE Tag view
    • moved to CVE overview in vulnerability intelligence
    • requires configuration of NIST API key for fetching CVE information
  • Windows Plattform Support

Version 3.6.1

Fixed issues:

AME-1510: Feature parity in trigger types between ticketing integration and notifications

  • AME-1501: Add realization rule active or inactive status badge
  • AME-1496: Export of Vulnerability Realizations from Overview
  • AME-1476: Fix alignment for Vulnerability Report Status Info
  • AME-1474: Add Number of Open Events KPI to Vulnerability Report
  • AME-1471: Support ame_host in Vulnerable Drilldowns
  • AME-1466: Create deprecation check for Windows starting with 4.0
  • AME-1463: Remove python3.7
  • AME-1460: Investigate slow processing times for realization
  • AME-1459: Create upgrade task to remove case_sensitive_match from existing non-default tenant transforms
  • AME-1448: Check links with query params
  • AME-1446: Investigate if remaining TTL can be shown in the UI
  • AME-1438: ameevents: discuss how observables should be marked as "without active risk event"
  • AME-1406: Testing the NIST API Key should notify if the key is not yet saved
  • AME-1381: Implement in-product deprecation message center
  • AME-1366: Add before/after logging in update_group_order
  • AME-1349: Improve matching components with schema for left hand side
  • AME-1337: Add Copy Event Data functionality
  • AME-1334: H KPI 5
  • AME-1333: H KRI 1
  • AME-1233: Splunk 10: Implement OAuth2 authentication for mail sending
  • AME-1197: Observable Groups delete: should referencing observables be updated?
  • AME-953: Feature Request: Allow override of the alert search_description as with other ame.meta_fields
  • AME-872: Feature Request: Enable Copy tooltip on additional fields (configurable) or alternative
  • AME-855: Filter Functionality Enhancements - Allow editing of existing items in column filter flyout
  • AME-851: CSV Export from Event View

Version 3.6.0

What's new:

  • AME-1304 Ticketing integration with Jira Software
  • AME-1321 Option to make comments mandatory when changing status and enforcing comment format
  • AME-1331 Option to disable ServiceNow work_notes updates unless explicitly mapped
  • AME-1299 Sender address overwrite in notification targets
  • AME-1278 Improved filters for staged realizations allowing to search by observable value and stage reason
  • AME-1354 Lazy result loading for observables ingest
  • AME-1257 Limiting number of risk events per event to 1000
  • AME-1328 Configurable deletion of remote tickets
  • AME-1309 Staged Realizations now load by default and search fixed
  • AME-1159 Improved comment modal behavior preventing left open dropdowns
  • AME-1307 Vulnerability drilldowns for notifications, ticketing integrations and reports
  • AME-1327 Read exploitability from NIST tags into additional field
  • AME-1273 Date equal queries for vulnerability overview
  • AME-1175 Introduced valid_from / valid_until in exception rules
  • AME-1261 Migrated to TanStack Router for better routing and nested routes
  • AME-1300 Upgraded to React UI 5.3
  • AME-1110 Option to clear/remove staged realizations

Fixed issues:

  • AME-1355, AME-1351, AME-1323, AME-1322 Introduced batching and pagination in housekeeping, realization fixes, and ticketing integration to improve performance and scalability
  • AME-1359 Removed misleading UI hint for bulk-update flows
  • AME-1353 Fixed realizations can not be deleted if referenced by risk event
  • AME-1296 Setup now correctly marked as complete without reload
  • AME-1292 Improved “Tenant not found” message
  • AME-1341 Replaced buggy unixTimestampToDate method
  • AME-1339 Fixed is-truthy operator selection and deserialization
  • AME-1335 Corrected accelerations for observable fields
  • AME-1330 CVE Overview no longer allows invalid filter creation
  • AME-1329 Improved modinput run check for kvstore startup
  • AME-1324 Improved handling of stale ticketing integration queue entries
  • AME-1290 Migrated HTTP handling from requests to httpx
  • AME-1240 Replaced react-beautiful-dnd with maintained alternative

Deprecation notice:

Starting with version 4.0.0, the following features will be deprecated and removed:

  • “squash” configuration option on notification targets
  • Removal of CVE Tag view
    • moved to CVE overview in vulnerability intelligence
    • requires configuration of NIST API key for fetching CVE information

Version 3.5.5

What's new:

  • AME-1299 Implement sender address overwrite in notification targets

Fixed issues:

  • AME-1308 vuln_int_realization_ingest.py consumes a lot of memory during ingest
  • AME-1312 Status 414 during event processing with risk events
  • AME-1314 Rework tracking calculations to keep "stable" trigger times to reduce required updates
  • AME-1318 Realization- / Realization-Exception-Rules / VulnIntReport do not enforce unique names per tenant

Version 3.5.4

Fixed issues:

  • AME-1238 Adding search controls to observables and vulnerability dashboards
  • AME-1262 Fixing event actions alignment
  • AME-1269 Enabling keep alive for long-lived search jobs used in vulnerability dashboards
  • AME-1276 Updating the complete EPSS dataset instead of the newest CVEs
  • AME-1280 Observable chart editor loses focus on input
  • AME-1283 Fixing the width of workflow action dropdowns
  • AME-1284 Implementing resizable tables
  • AME-1286 Fixing CVE downloads not respecting proxy and certificate settings
  • AME-1288 Presenting errors from generating commands in vulnerability dashboards
  • AME-1297 Fixing CVE updates being rejected
  • AME-1298 Implementing action to reset CVE ingest markers
  • AME-1301 Implementing relative observable fields in vulnerability matching context
  • AME-1302 Sorting lists in enriched event context
  • AME-1303 Fix identical data entries in event from vulnerability realization rules
  • AME-1305 Excessive collection size and cache size in vulnerability housekeeping
  • AME-1306 Fixing purging and pruning for large collections

Version 3.5.3

Fixed issues:

  • AME-1275 Fixed an issue where realization details failed to load
  • AME-1272 Resolved limitation where vulnerability realization queries were capped at 10k results when using realization filters
  • AME-1268 Improved CVE handling to add realizations to staged queue when CVE is not found in KV-Store

Version 3.5.1

What's new:

  • AME-1226 Upgrade to React UI 5.0
  • AME-1219 Allow jinja2 templated comparisons for data & trigger conditions in notification flows

Fixed issues:

  • AME-1256 Ticketing integration test does not show that it is ongoing
  • AME-1254 Ticketing integration: Remote-Ticket-ID is not correctly set on existing update entries
  • AME-1253 Direct From Search Notification Trigger: preconditions are not checked
  • AME-1251 SLAEntryService: dont call register_event_attached_data_changed from fulfillment and violation as an event update is made anyway
  • AME-1249 Risk-Event changes does not trigger an event-lifecycle update, preventing SNOW from getting an updated description
  • AME-1248 Ticketing Integration Tab: set max-width for changed-fields col
  • AME-1247 Support-Central: ame_notification_trigger_queue: cannot determine tenant UI for collection
  • AME-1246 Event edit dropdown width is not set
  • AME-1241 Fix create-alert: templates should only be read in AlertQueueService, and order of priority should be valid
  • AME-1235 Vuln int overview exploitable is not shown
  • AME-1232 Templating Error in Realization Rule templates is not notified to users
  • AME-1133 Observable Reporting Groups: Deleting an item does not refresh the reducer state

Version 3.5.0

What's new:

  • Vulnerability Intelligence
  • Implement option to load observable data in ameevents
  • Observability Reporting Groups
  • Ingest Observable Group Alert Action
  • Create AME Notifcation Alert Action

Fixed issues:

  • AME-1113 KPI Report Resolved Events - Average Resolve Duration panels not working
  • AME-1115 Creating an event from an interactive search causes an exception in JobWrapper
  • AME-1129 Bulk-Update of events does not trigger sync for SNOW
  • AME-1134 Rework filtering logic for observables overview to apply implicit OR within the same field