Support Center

Release Notes(RSS feed)

  • Sophos Reporter Beta (2018-12-17)

    • The Overview and User Overview Reports now have three sub-report-types - Internet Usage, IT and Network Security, and All Usage.
    • Improved Browsing Time calculation.
    • Fixed filter StartsWith, EndsWith and Contains operators and their inversions.
    • Usernames are now forced to `DOMAIN\username@domain` casing before being indexed in Elasticsearch.
    • Added three tabs to Settings | Diagnostic: Logs, Resource Usage, Database.
    • Moved database status display to Settings | Diagnostic | Database.
    • Added CPU, RAM, and Disk charts, as well as Database charts for CPU and RAM to Settings | Diagnostic | Resource Usage.
    • Improved database status information provided by API, details about Elasticsearch's nodes and shards are now provided in a structured form and displayed in Settings | Diagnostic | Database.
    • Changed the layout of text on the Settings | Diagnostic page and updated the log location to show the new location of the logs.
    • Added database interface status display in Settings | Data Storage.
    • Errors during record import will now queue the failed record to be imported again with the next import batch.
    • New API:
      - Storage.GetDatabaseStatus - Gets the current database/Elastic status (also available via Storage.GetStatistics().Database).
    • Elasticsearch startup timeout is now configurable via setting `DatabaseElasticSelfManagedTimeout` in Settings.xml (default 120s).
    • Elasticsearch interface now checks the Elasticsearch version on connect.
    • Elasticsearch interface now stores scripts in Elasticsearch rather than passing the script source with each query.
    • Elasticseach interface now waits for Elasticsearch to complete index recovery before loading indexes, pushing scripts, or accepting query/index requests.
    • Fastvue Reporter now uses health status to automatically attempt to reconnect to Elasticsearch on connection failure and reload indexes and push scripts.
    • Fastvue Reporter now reloads indexes and pushes scripts if a health check fails.
    • Fastvue Reporter now disconnects/reconnects to Elasticsearch completely if no health check has succeeded within the last 60s.
    • Index settings are now updated in parallel with error checking and retry.
    • Stored scripts are now stored in parallel with error checking and retry.
    • Restructured stored scripts push logic to precache all of the scripts before storing them in Elasticsearch.
    • Elasticsearch node stats update no longer logs errors if no response is received.
    • Elasticsearch start now scans for the major version of Elasticsearch in use and sets command line arguments to java appropriately.
    • Elasticsearch now logs the full command line used at Verbose level.
    • Elasticsearch wildcard/prefix queries are now added to the 'must' section of the query instead of the 'should' section.
    • Elasticsearch index deletion now also removes the cached date statistics.
    • Elasticsearch interface will now consider the instance started when the HTTP server is reported active.
    • Fixed GetDates in Elasticsearch interface not correctly checking connected status.
    • Elasticsearch interface now ignores 'yellow' cluster health status from Elasticsearch for 30 seconds after attempting to create an index.
    • Errors in index creation or bulk indexing will now force the index list to be reloaded to ensure consistency.
    • Updated Elasticsearch version to 5.6.13.
    • Data retention will no longer attempt to scan an empty list of dates.
    Join the Fastvue Product Testing program to access Fastvue’s latest pre-release products.
  • Sophos Reporter Beta (2018-11-19)

    • Added Filename field.
  • Sophos Reporter Beta (2018-11-16)

    • Added support for Sophos XG's Application Log.
    • Rule field is now populated by looking up the meaning of the message ID in the Sophos log documentation.
    • Added Syslog over TCP support
    • Improved performance of report widget generation.
    • The appropriate sidebar item in Overview Reports now highlights properly when Report Drawer and Report Options are shown at the top of the page.
    • Added error handling to legacy data migration.
    • Improved filtering on aliased values such as Productivity and Departments.
    • Re-added Data Path setting to Settings | Data Storage page.
    • Removed version number from default Program Files paths in installers.
    • Added verbose logging for report widget generation timing.
    • User/Device statistics calculators no longer fail to read a file when duplicate names are present.
    • Diagnostic log archival now zips to a temporary file ({logname}.zip.temp) before moving to the final archive name ({logname}.zip) after the zip operation has completed.
    • Elasticsearch interface now only queries indexes related to the query by date filter (or if no date filter, queries all indexes).
    • Queries will now be retried if they fail due to '429 Too Many Requests' error.
    • Elasticsearch stats API call now has a timeout of 2s instead of 500ms.
    • Per-date statistics (record count and disk size) are now cached separately to database interface to allow for Elastic to lazy-load its index statistics without causing the appearance of missing or slowly loading data in Settings | Data Storage.
    • Elasticsearch interface no longer fails when connecting to an Elastic instance with indexes that do not follow the expected naming convention.
    Join the Fastvue Product Testing program to access Fastvue’s latest pre-release products.
  • Sophos Reporter Beta (2018-10-24)

    • Added Internet Usage, IT and Network Security Reports and All Usage Reports
    • Added support for Sophos XG's Malware, IPS, Sandstorm, and ATP events.
    • Rule is now set to Action if Action contains 'sandbox'.
    • The `pua` field is imported to ThreatName if the `virus` field is not present.
    • The `country` field is now imported.
    • UTM name is populated from the Sophos hostname section in the log.
    • Added new Block Evidence cases.
    • Removed 'Web request warned, ' string from start of the Rule field to better show the reason for the warn.
    • Added 'Uncategorized', blank categories and 'Categorization failed' to the 'Unassigned' Productivity group (Sophos)
    • Added 'Political Extreme / Hate / Discrimination' to the Unacceptable list (Sophos)
    • Added 'Quota' and 'Send to sandbox' Actions to the sample data / autocomplete info (Sophos)
    • Elasticsearch now creates a new index for each date. 
    • Improved data size calculation per date in Settings | Data Storage.
    • Added Data Migration feature to automatically migrate legacy Fastvue Reporter data stores (FVFS format) to Elasticsearch. Data migration process can be viewed in Settings | Data Storage
    • New APIs:
      - Storage.GetMigrationStatus() - Returns the status of the current migration task if any.
      - Storage.StartFvfsMigration() - Manually start the Data.Fvfs migration.
      - Storage.SetMigrationPaused(paused) - If paused is true, pauses the migration, otherwise resumes it.
    • Performance Improvements.
    • Improved Installer (error checking, bug fixes)
    • Fixed issue where the Time Analysis Widget would fail to generate correctly.
    • Fixed issue with Activity Reports not rendering.
    • Improved diagnostic logging.
    • Reporter now monitors Elasticsearch process status and restarts it automatically if Elasticsearch terminates or exits without being instructed to do so by Reporter.
    Join the Fastvue Product Testing program to access Fastvue’s latest pre-release products.
  • Sophos Reporter Beta (2018-09-26)

    • First working build of Reporter 4.0 with Elasticsearch
    Join the Fastvue Product Testing program to access Fastvue’s latest pre-release products.
  • Sophos Reporter (2018-06-11)

    • The time that Scheduled Reports start each day can now be customised using a direct API URL (there is no UI for this yet). The URL is:


      Replace fastvuereportersite with your actual Fastvue Reporter URL and replace 60 with the number of minutes after midnight that you would like the scheduled reports to start. Note, this is a global setting for all Scheduled Reports. It cannot be set for individual Scheduled Reports.
    • The first day of the week used in 'Weekly' scheduled reports can now be customised using a direct API URL (there is no UI for this yet). The URL is:

      http://fastvuereportersite/_/api?f= Settings.Reports.SetScheduledReportsFirstDayOfWeek&day=Sunday 

      Replace fastvuereportersite with your actual Fastvue Reporter URL and replace Sunday with either Monday, Tuesday, Wednesday, Thursday, Friday, Saturday or Sunday. Weekly reports will then contain data from that day and the following 6 days. Note, this is a global setting for all weekly Scheduled Reports. It cannot be set for individual Scheduled Reports.
    • The Scheduled Reports Start Time can be retrieved using this direct API URL:
    • The First Day Of Week can be retrieved using this direct API URL:
  • Sophos Reporter (2018-06-08)

    • Emailed report notifications now indicate if the report is blank rather than provide a button/link to view the report.
    • Fixed LDAP import to correctly merge Security Groups from multiple domains.
    • Sharing non-private reports from the Reports tab now uses the correct URL.
    • Report emails now use a query parameter (?reportID=abc), rather than a # (#reportID=abc) to identify the reportID in the report's URL. This is because some email clients strip out everything after # when clicking links in emails.
    • Accessing Reports.aspx with a report GUID that doesn't exist now displays a "Report does not exist" message.
    • Date pickers on the Reports tab no longer display a drop-down showing most recently selected dates.
    • Internal 'Filesystem' source type now supports compressed files (zip, gz, tgz/tar.gz, tar).
  • Sophos Reporter (2018-03-19)

    • Fixed "Error in Report Processor Process Thread: Invalid Unicode code point found at index 1. Parameter name: unicode" that may occur when running reports.
    • Sources page no longer displays 9999/1969 when no data has been received and instead shows "Waiting for data" for 20 seconds after adding a source. After 20 seconds, a message and link to the troubleshooting KB article is displayed.
    • Adjusted the data storage auto-recovery logic to avoid issues when threads are aborted.
    • Updated all UI error handlers to display the error message given by the backend API.
    • Double-quotes in error messages no longer cause Javascript errors.
    • The number of detected syslog gaps in each source is now limited to 1,440 entries or an age of 7 days (whichever comes first) to avoid performance issues during service start. Both values are customisable with the hidden settings`HistoricalGapsCutoffDays` and `HistoricalGapsMaxCount`. These settings can be changed in the Settings.xml file (in Fastvue Reporter's data location) while the service is not running.
  • Sophos Reporter (2018-02-07)

    • Now supports new log fields introduced in SFOS v17 including referer, status code, user agent, reason, and content type. This greatly improves the effectiveness of the Fastvue Site Clean algorithm on Sophos XG data.
    • Settings | Licensing | User Statistics no longer double-counts users with when they're logged as both 'username' and 'domain\username'.
    • Updated Self Harm Searches Alert keywords (fresh installs only).
    • Improved Fastvue Reporter's DNS resolution for when a Username or Source Host is not logged.
    • LDAP import now imports a user's First/Last Name if their Display Name attribute in Active Directory is blank.
    • Added more diagnostic logging to LDAP security group import to help troubleshoot errors.
  • Sophos Reporter (2017-11-03)

    • Fixed issue where clicking the navigation menu in Overview Reports doesn't scroll to report section in Chrome.
    • Search term alerts no longer trigger on search terms containing "tbn:" (Google thumbnail IDs). Unfortunately, this change will not affect existing installs. Existing users will need to go to Settings | Alerts, and add a 'tbn:' to the Search Terms 'Does not contain' filter in the Search Term alerts.
    • Updated Site Clean Settings (Snapchat CDNs and adnxs junk URLs).

Contact Us

  • Post a Public Question
  • Email Us
  • Chat with us

    Call Us @ 888.885.6711
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
Invalid characters found