Back to Blogs

CB Event Forwarder 3.2.3 Released

Posted on August 3, 2016

This release is a minor bugfix release that fixed the following issues:

In addition, two changes were made in this release:

  • A link_sensor is now generated for all raw endpoint events
  • The list of Watchlist, Feed, and Binarystore events is expanded to any EDR event type that starts with watchlist.*, feed.* and binarystore.* respectively.

Additional Documentation

A new Event Forwarder output reference was added to address the issues brought forward in issue 50 (wrong segment ID in deep links). Since the event forwarder receives the events before they’re stored on disk, the segment ID information is not available. Only events that contain a segment_id field (for example, watchlist/feed/alert hits) have the full process GUID and segment link available. For other events (notably raw sensor events) the deep process link will be made to the first segment of the process.

All users, especially users forwarding events to IBM QRadar, are encouraged to upgrade to 3.2.3.