Stellar Cyber 5.0.1 Release Notes

Stellar Cyber 5.0.1 is the first generally available SaaS release of the Stellar Cyber Open XDR platform.

The Stellar Cyber 5.0.1 release brings the following improvements to the Stellar Cyber Open XDR platform. For detailed information, refer to the linked articles below.

Highlights

• Added support for the Photon 100, 150, 250, 300, and 400 physical sensors.

Critical Bug Fixes

• Fixed: A regression issue where custom alerts created by Automated Threat Hunting (ATH) were not seen in the Alert navigation page.

Usability Improvements

• Introduced an Export to CSV button in the Licensing | Asset Usage page to export assets to a CSV file.

Sensor Improvements

• Introduced a Windows server sensor CLI command that allows the sensor to communicate with Stellar Cyber SaaS through an HTTP Proxy. This feature can be used when the Windows servers do not have a direct internet connection.

• Photon sensors are supported in 5.0.1.

Connector Enhancements

• The Tenable.io connector is supported in 5.0.1. Rapid7, Tenable.sc, and Cyrisma connectors will be supported in a future release.

Known Issues

• Windows Server Sensor installation can trigger the installation of Microsoft Visual C++ on the host machine if it is not installed already. If the installation of Visual C++ fails, the Windows Server Sensor may be unable to decode the token used to authorize and configure its installation, leaving it unable to register with stellarcyber cloud. If this happens, use the following steps to proceed:

  1. Update and restart the host Windows machine to repair the Microsoft Visual C++ installation.

  2. Either reinstall the Windows Server Sensor or use the set token command in the Sensor CLI to authorize and configure the existing installation.

• Log Forwarder only collects statistics for up to 100 different log source IPs per Log Forwarder worker. If the total number of log source IPs exceed 100, statistics for the additional log source IPs are aggregated into the catch-all IP address of 0.0.0.0.

• When multiple traffic filters are defined for a tenant with the same combination of IP, port, protocol, and layer 7 rules, the filter may fail to take effect. Administrators should review the defined traffic filters and make sure there are no duplicate definitions.

• If you change the network interface configuration of a sensor’s VM after deployment, the eth0 interface may be remapped to a new interface. If this happens, the management network is disconnected. Contact Customer Success for assistance.

Upgrading Sensors

New features, updated ML algorithms, and enhanced configurations may change ingestion and detection patterns. We recommend the following to ensure a smooth upgrade:

• Upgrade sensors in batches instead of all at once.

• For Server Sensors:

  • Upgrade a small set of sensors that cover non-critical assets.

  • After 24 hours, ensure that your ingestion is as expected, then upgrade a larger set.

  • After 24 hours, ensure that your ingestion is as expected, then upgrade the remaining Server Sensors.

  • If you are upgrading a Windows Server Sensor, complete any pending updates for the host Windows machine before upgrading the Server Sensor.