AgentXKB comprises knowledge base components including compiled normalizers, dashboards and search templates. It offers compiled normalizers for both Linux and Windows systems, along with dashboards for monitoring and compliance purposes such as Endpoint Compliance, File Integrity Management and Security Configuration Assessment. The search templates for AgentX and Browser Extension Investigation make it a comprehensive solution for security monitoring and analysis.
Enhancement
Minor bug fixes and enhancements.
Past Releases
AgentXKB v1.5.0
Release date: August 15, 2025
Supported On: Logpoint v7.1.0 and later
Download: AgentXKB_1.5.0.pak
SHA256: 6827e22e0bc2952b11e607640c3ad79e07eaeb45c0c6ab116ec2603d1f073c0a
Enhancement
|
Description
|
Issue ID |
Reference ID |
|---|---|---|
|
AgentXWindowsCompiledNormalizer now supports normalization of SMS Passcode logs. |
PLUG-15965 |
82820 |
Bug Fixes
|
Description
|
Issue ID |
Reference ID |
|---|---|---|
|
Raw logs were displayed in search results because AgentXUnixCompiledNormalizer did not normalize Unix logs. |
PLUG-13229 | 86016 |
| The Caller Computer Name field in Windows Event ID 4740 was not normalized as Workstation, preventing alerts from being triggered. | PLUG-15771 | 87693, 90239 |
|
AgentX did not apply the date and time configured in CNDP to Windows logs, resulting in incorrect timestamps. |
PLUG-16411 | 88538, 90532 |
|
AgentXWindowsCompiledNormalizer did not display search results due to an incorrect double quote in the value of the Reason field. |
PLUG-16536 | 90237 |
AgentXKB v1.4.2
Release Date: December 2, 2024
Release Version: 1.4.2
Supported On: Logpoint v7.1.0 and later
Download: AgentX_KB_1.4.2.pak
SHA256:df6d32345afcbe62f640b1c4649bbdc4271997656a74454381691bc6d9709a72
Documentation: AgentX guide
Enhancements
|
Description
|
Issue ID |
Reference ID |
||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
The mapping of the following fields is updated:
|
KB-24371, KB-23336 |
|
||||||||||||||||||||
|
The fields eventdata_access_granted and eventdata_access_removed are now mapped to the privilege field. |
KB-24576 |
|
||||||||||||||||||||
|
The taxonomy of normalized fields is updated for AgentX Windows Security Audit.
|
KB-24615 |
83081 |
||||||||||||||||||||
|
The taxonomy of normalized fields is updated for AgentXWindowsCompiledNormalizer.
|
PLUG-13149 , KB-24600 |
|
Bug Fixes
|
Description
|
Issue ID |
Reference ID |
|---|---|---|
|
In event_id 5007, “//” in paths was not parsed properly. |
KB-23336 |
83096 |
|
The fields user, user_id and caller_user_id were not properly normalized by AgentXUnixCompiledNormalizer. |
KB-23905 |
80329 |
|
For event_id 7000, eventdata fields were not normalized, resulting in the event source name not being collected. |
KB-24539 |
|
|
For event_id 4656, file related events didn’t have labels, resulting in collecting logs without human-readable values. |
KB-24612 |
|
|
In Oracle DB (Windows), specific fields like user, action, RETCODE, and OBJName were not normalized. |
KB-22296 |
77681 |
|
Event logs from MS Exchange were not normalized correctly. |
KB-21548 |
76056 |
|
Logs from Ubuntu were not normalized correctly. |
KB-21548 |
- |
|
When the UNIX template was improperly configured, AgentX UNIX logs were not normalized. |
PLUG-13223 |
86018 |
AgentXKB v1.4.0
Release Date: February 23, 2024
Release Version: 1.4.0
Supported On: Logpoint v7.1.0 and later
Download: AgentX_KB_1.4.0.pak
SHA256: 842c252bbef75e45ecdd68289628d91ac45486281e61ec9ff645549bc826929b
Documentation: AgentX guide
Enhancements
|
Description |
Issue ID |
Reference ID |
|||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Mapped the following fields to maintain consistency:
|
KB-23106, KB-23157 | 78007, 79182 | |||||||||||||||
|
In AgentXUnixCompiledNormalizer:
|
KB-22933, KB-21992 | 78681, 76935, 79188 |
Bug Fixes
The following issues are fixed:
|
Description |
Issue ID |
|---|---|
|
Some Debian logs collected via AgentX were not properly normalized by AgentXUnixCompiledNormalizer. |
KB-23168 |
| When users configured default as source type for DNS logs, the event_source field was missed in the normalized log by AgentXWindowsCompiledNormalizer. | KB-22194, KB-22398, KB-23750, KB-22818 |
| When an invalid source type was configured for OSQuery logs, the event_source field was missing in normalized log by AgentXWindowsCompiledNormalizer. | |
| The subjectUserName field value of a raw WindowsSecurityAuditing log was missing in the normalized user field by AgentXWindowsCompiledNormalizer. | |
| The raw DHCP logs with an empty decoder field were not correctly normalized by AgentXWindowsCompiledNormalizer. | KB-23109, KB-23082 |
| The full_log field of raw DHCP logs was not correctly normalized by AgentXWindowsCompiledNormalizer. | |
| The target_user field was missing in the normalized WindowsSecurityAuditing log with event ID 4767. | KB-22426 |
|
Some DNS logs from a custom log-path were not properly normalized by AgentXWindowsCompiledNormalizer. |
KB-23135 |
| The message field of raw SMB server logs was not properly normalized by AgentXWindowsCompiledNormalizer. | KB-21895 |
| Some Windows and Unix logs were not properly normalized by AgentXWindowsCompiledNormalizer and AgentXUnixCompiledNormalizer. | KB-22899 |
Support
If you have any questions or require assistance, create a support ticket.
Best regards,
Comments
Article is closed for comments.