|
25.0.0.227 |
Fixed several bugs. |
2025-02-13 |
- Previously the AU-2 6.1 Audit Policy Change Report was displaying the Event Category in the Category column rather than the Audit Policy Category. This bug is fixed. To get the fix, delete the previous report then select Tool | Create Default Objects.
- Previously when remote installing the Agent on Windows, the remote execution command was using a UNC path instead of a local path. In some cases the installation failed to execute. This bug has been fixed.
|
|
25.0.0.226 |
Overhauled the File Activity Monitor Template |
2025-02-13 |
- The File Activity Monitor has been overhauled to support a large number of files.
- A recent bug was introduced that caused new Windows Hosts to no longer display the Logon As tab found in the Host Properties view. This bug has been fixed.
- Previously when a license failed to load, typically because the MAC address was incorrect, users had to hunt down the error in the server.log file. The Management Console has been updated to immediately open the License View to expose license errors.
- A new Ubuntu sample Failed Logon Report and a new Failed Logon IPS Template have been added. The IPS Template automatically blocks attacking Ips.
|
|
25.0.0.224 |
Added support to save reports to MySQL. |
2025-02-10 |
- Previously the Database Action only supported SQL Server. The action has been updated to includes support for MySQL.
- Previously the Host Inventory Report did not support Database Actions, the report can now be exported to user defined tables.
- The Dashboard’s Log Database Summary Tabs have been updated to use up to 10 concurrent tasks to retrieve results. Initial tests against a remote installation using Sqlite produced results 8 times faster.
- A new Batch Export function has been added. To export multiple configuration objects, select File | Export -> Export Corner Bowl Objects.
- Several root nodes in the Explorer view have been moved to a new root group called Advanced. The root tree nodes are, Auto-Configurators, Environment Variables and Monitor Hierarchy.
|
|
25.0.0.221 |
Fixed a Template Summary bug. |
2025-02-10 |
- Previously the Syslog Consolidation Summary Reports were not displaying their statistics. This bug has been fixed.
- The TCP Servers have been updated to support packet compression. Initial tests show 42% faster data transmission speeds over the Internet.
- A new Sqlite Backup Template has been added enabling users to backup the Sqlite log database to a NAS device, an Azure File Share and Amazon S3 Buckets.
|
|
25.0.0.201 |
Enhanced the EVTX import and added new System Reset feature. |
2025-02-06 |
- The Windows Update Template has been overhauled. The Template now includes options to filter on any of the returned column values. Once complete, the Monitor Status View includes a detail tab that displays the query, update and history results.
- Previously when impersonation had been configured, then disabled without clearing the username, impersonation was still executed. This bug has been fixed.
- Previously the Host Agent Tab was querying the Server Manager 2023 Agent installation registry key instead of the 2025 registry key. This bug has been fixed.
- The Host Agent Tab has been overhauled to better display the installed version and automatically update the connected and disconnected state.
- The Host Properties View has been updated to only display tabs which are usable for the selected device type.
- The EVTX file import feature has been updated to support selecting a folder that contains zip files. Once selected the files are decompressed to the service’s temporary directory then imported. Once complete the temporary files are automatically deleted.
- A new System Reset feature has been added to the Tools Menu Bar item. Users can now import a batch of Archived Event Log Files, execute audit reports, then once complete reset the system and process the next batch of files.
- Added help content for the following templates: RDP Session Monitor, System Security Monitor, WMI Query. Added help for the Disconnect RDP Session Action.
- Previously when restoring from a backup via the Management Console, the service was restarted by the console. If the user was not a domain or local admin, the restart would fail. The restore from backup function has been updated to internally restart the service removing the requirement to be an administrator.
- The syslog server have been updated to use the DNS resolved local hostname when a packet is received from the loopback interface.
|
|
25.0.0.187 |
Added Isilon Syslog support. |
2025-01-28 |
- Previously when manually reviewing Native EVTX File Properties from within the Management Console for the localhost, if the host was configured to use the agent however the agent was not connected, an error was thrown. These functions have been updated to fallback to use the service rather than the local agent when not connected.
- A new Syslog Template has been added to support Dell Isilon Syslog Messages.
- A new column extension has been added called SID Lookup which is supported in Syslog Consolidation and Syslog Monitor Templates enabling syslog messages that contains SIDs to be looked up. Please note this extension is only supported on the local domain.
- A recent changed caused the Retention policy to incorrectly calculate the total number of days being saved into the archive. The primary days were ignored. If the value for the archive was less than the primary, no data was archived. This bug has been fixed.
|
|
25.0.0.185 |
Added RDP Session Management. |
2025-01-27 |
- The Hosts Properties View has been updated to include an RDP Tab. Sessions can reviewed and users kicked from the server.
- Previously when running the Corner Bowl Management Service TCP Server using TLS, non-encrypted connection attempts leaked a socket handle. This bug has been fixed.
- A new template type has been created to that enables IT administrators to automatically kick idle RDP sessions.
- Previously the Files Tab found with the Host Properties view was not using the Agent to query remote disks causing the view to fail on Windows hosts. This bug has been fixed.
|
|
25.0.0.172 |
Implemented disabled Save button. |
2025-01-23 |
- Per a customer request, all properties views now automatically disable the Save button until changes are made.
- Previously when searching for all items in a table view using the magnifying glass toolbar button, previously selected items were not cleared. This bug has been fixed.
- Previously when browsing or selecting a registry entry, string entries with no value such as default key values, an error was thrown. This bug has been fixed.
- When batch updating a Summary Report, the Execute option was only updated on the first item in the list.
- A recent update of the charting library caused the GEO Json SIEM Chart Reports to no longer display. This bug has been fixed.
- Previously when configuring user and group filters, when switching between directory service connections, the drop-down lists were not refreshed against the new domain. The lists are now refreshed.
- The values associated with the log viewer filters have been moved to a non .Net implementation to straight json, following the Linux Console implementation, resetting the values to default.
- Previously when batch editing, when selecting between various templates or reports, the current tab selection was lost. The current tab selection is now retained.
|
|
25.0.0.165 |
Added more report data/time ranges. |
2025-01-16 |
- Per a customer request, report date/time ranges have been updated to include the last 2,5,10,15,30 and X minutes.
|
|
25.0.0.162 |
Added Amazon S3 support. |
2025-01-15 |
- Users can now monitor S3 buckets as well as archive Event Log Files and Linux Audit Log Files to S3 buckets.
- The Template Inventory now includes a type column.
- Previously when monitoring, but not consolidating, a text log through the agent with a pol-based schedule, the entire file was being re-read. This bug has been fixed.
- Previously when using an agent-less Event Log Monitor, then removing a log from the template, existing monitors did not remove removed logs from the status view. This bug has been fixed.
- A new options tab has been added that enables users to disable different log levels. For example, informational log messages can now be dropped from the server.log file.
- Previously when downloading Microsoft Azure Audit Logs, the calls were not handling the pagination returned by the API. This limitation has been resolved.
|
|
25.0.0.156 |
Updated the SCAP Scanner and fixed several bugs. |
2025-01-08 |
- The beta SCAP Scanner no longer requires additional licensing. All licensed users have access to the SCAP Scanner.
- The SCAP Scanner has been updated to calculate the test results as seen in the DoD SCAP Scanner.
- Previously the off-domain local agent was not able to run the Password Expiry against a configured domain controller. This is no longer a limitation.
- Previously when testing an AD User Table Template within the Properties dialog the test always runs from the management server rather than the assigned DC. If the template was flagged as an agent, the template was erroring out withing the management server’s agent. This bug has been fixed.
- Previously the AD User Table Template required the Limit results to valid AD user accounts to be checked otherwise no users scanned. If the option no longer needs to be set.
- Previously the Password Expiry Template was not handling users whose password never expires. This bug has been fixed.
- Previously when configuring a log monitor rule, clicking the Action Edit Button did nothing. The control now opens the first assigned action’s template properties.
- The Event Log File Backup and File Collection and Retention Templates now support saving files directly to an Azure File Share.
|
|
25.0.0.152 |
Added support to monitor Azure File Shares |
2025-01-04 |
- The Corner Bowl Server Manager TCP/IP application layer Keep-Alive Protocol has been updated to optionally read the heartbeat interval and timeout from the tcpserver.json file.
- The WMI Template now includes a filter option that triggers if specific entries are not found.
- The Host Properties has been modified to support Azure File Shares.
|
|
25.0.0.147 |
Added Recovery Rate to Templates |
2024-12-17 |
- The Template Failure Rate has been updated to include a Recovery Rate.
- A new Template Group has been created called System Management. The Corner Bowl Service Monitor and Configuration File Backup Templates have been moved to this group. A new template to restart the service has also been added to this group.
- Previously the Server Manager TCP/IP Server was not closing a connection in a timely fashion when the remote client opened and closed a socket to the server without sending any data, for example a DoS attack. By default the socket was closed on the server side using the idle timeout found in the tcpserver.json, which is set to 300 seconds by default. The connection is not immediately closed.
- Previously when real-time viewing a text log, the viewer was stealing keyboard focus. The viewer no longer steals focus.
|
|
25.0.0.143 |
Enhanced the Host Import Feature. |
2024-12-10 |
- The Host Import feature has been updated to enable users to import hostnames, aliases, descriptions and automatically generate groups and assign hosts to groups all from a single CSV file.
- Fixed a memory leak associated with error rate monitors, for example ping and cpu monitors.
- A new Monitor Inventory Tab has been added to the Dashboard.
- Previously some installations of the stand-alone Client Applications threw an error stating a DLL was missing. This bug has been fixed.
|
|
25.0.0.132 |
Updated the Security Group Management Report. |
2024-12-03 |
- Previously when running a Security Group Management Report, the target usernames were always resolved using remote WMI. The query has been updated to utilize the Agent when the domain controller is permanently connected to the Corner Bowl Management Server.
- Previously when dragging and dropping a report to a host group and then selecting Move from the popup menu item, the report was linked rather than moved. This bug has been fixed.
- The View Unassigned Templates menu item found under the Edit menu has been moved to a new Template Inventory Tab found withing the Dashboard. The new view includes all templates then flags templates that are not assigned. Each template in the new view now includes the number of assigned.
- Previously when attempting to assign a Host, Template or Report to a Group, the Batch Assign Object to Groups view displayed without checking the target group. The view now auto-checks the group in the list of target objects. The modal dialog has also been replaced with an in-application document view.
- Previously when configuring a Syslog Report, the Load Columns function was not loading the explicitly assigned log’s consolidation template columns. This bug has been fixed.
- A new Sample Syslog Consolidation Template has been added for Barracuda CloudGen Firewall VPN log entries.
- A new Sample Syslog Barracuda CloudGen Firewall Report has been added to track new VPN logins.
|
|
25.0.0.127 |
Added a new AD User Template. |
2024-11-25 |
- A new Template has been added that enables users to display a table of Active Directory user properties, filter values, then optionally email an alert to each triggered user (e.g. send an email alert to each user prior to their password expiring).
- Previously if an email alert was applied to either a template or a report, no email addresses specified, and a backup email server configured the email action would attempt to send an email to both servers resulting in 2 errors. The action no longer attempts to send an email to the backup server if no emails are specified.
- The Email Audit Log messages found in the CBS Audit Event Log now includes the email address or addresses in each audit log entry.
|
|
25.0.0.122 |
Fixed Linux Agent Auto-Update. |
2024-11-19 |
- When creating a single reusable Agent for both Windows and Linux, the Linux auto-update code was not included. Linux Agents will now update the next time a build is released after this build has already been applied.
- A recent update caused the Memory Template Historical Chart Tab to no longer display the history. This bug has been fixed.
- The Text Log Consolidation Monitor has been updated to read the last entry from the database after the state is reset. The monitor advances to the line after the entry. If the entry is not found in the current file, the entire file is read.
- Previously when attempting to view a consolidated text log that was saved with a logical name, the viewer opened the file using the actual filename rather than the logical name. This caused the Set Flag feature to fail. The viewer now opens the file using the logical name resolving the Set Flag bug.
- Previously when configuring a PowerShell Script Template to run on a remote agent, the agent was looking for the script on its local disk rather than using the script that was passed from the server. This bug has been fixed.
|
|
25.0.0.115 |
Added compression option to File Actions. |
2024-11-18 |
- The File Actions have been updated to optionally include the option to compress and encrypt the output file.
- Previously when generating PDF reports, and the backup option was not backing up the old files. This bug has been fixed.
|
|
25.0.0.113 |
Resolved the Sqlite database is locked bug. |
2024-11-17 |
- The Sqlite database is locked bug has finally been resolved. Previously the timeout values assigned to the Sqlite library were in seconds rather than milliseconds causing database locked timeouts to trigger when under load.
- The Syslog Consolidation Template now includes the option to specify an alternate Primary Log Database. This feature has been added because several users that are saving Fortiauth syslog messages have encountered performance limitations using a database. The Corner Bowl File System format is the fastest format for writing real-time log messages. The downside to using the flat-file system format is longer query times.
- Previously when deleting a host, the associated agent connection was not terminated. The connection is now terminated when the host is deleted.
- Previously the uninstaller did not remove the added firewall rules. When re-installed duplicate firewall rules were added. The uninstaller now removes the previously added firewall rules.
- The PowerShell Template has been updated to enable users to filter date time values that are in the future, for example send an email alert when a password is to expire in less than 3 days.
- Environment Variables can now be exported and imported.
|
|
25.0.0.105 |
Fixed a user interface bug. |
2024-11-11 |
- A recent update for the new Linux Management Console broke the Real-Time Agent Server Viewer. This bug has been fixed.
|
|
25.0.0.103 |
Fixed a log viewer bug. |
2024-11-04 |
- A previous update caused the message column to be truncated to 64 characters when real-time viewing various logs.
|
|
25.0.0.102 |
Fixed a critical FIM bug. |
2024-10-30 |
- In v25 the FIM has been duplicating permissions when configured to include permissions and monitoring multiple files causing the memory to balloon and permissions inaccurately listed. This bug has been fixed.
|
|
25.0.0.96 |
Added an Event Log Consolidation enhancement and fixed several minor bugs. |
2024-10-26 |
- A recent update for the new Linux Management Console caused the Filter Properties dialog to show empty filter criteria when changing a Simple Filter from one type to another, such as Event Log to Syslog.
- Previously when using a strict filter for Event Log Consolidation, entries were often re-downloaded then later dropped per the filter. The entries are no longer re-downloade
- Several memory optimizations have been made.
- The Service Monitor Template Properties View now uses local WMI to get services when querying the localhost that is configured to use the agent.
- The Explorer View no longer displays monitored directories when expanding a monitor tree node.
- Fixed a recent host selection bug when configuring various templates.
- A new Real-Time GPO Auditing Template has been added to the Sample Templates.
|
|
25.0.0.89 |
Fixed a Microsoft Graph email bug. |
2024-10-21 |
- A recent update to the Microsoft Graph API NuGet packages caused the .Net 4.7.2 compiled version to throw an exception when attempting to send email through Microsoft’s servers. This bug has been fixed.
- The data grid views have been enhanced providing faster selections.
- Previously when using the new command and control option with Event Log File Backup Templates configured to archive and clear the Event Logs when a maximum size threshold is breached with the Agent, the backups were only executing when the maximum size threshold was breached. This bug has been fixed.
- Major version 25 was not processing templates for agent devices configured to disconnect once template execution was complete. This bug has been fixed.
- Previously when monitoring SNMP Traps, the monitor was not being set to triggered and the Monitor Status View did not include trap detail in the history view. These bugs have been fixed.
|
|
25.0.0.81 |
Fixed several high-profile bugs. |
2024-10-16 |
- Previously the installer did not permit GMSA accounts to remote install the agent. The WIX installer has been forked and updated to now allow this functionality.
- A recent update to the LogonUser API, so single air gapped installations did not have a STIG finding, has caused remote users, that are RDPing into the server to run the Management Console, which have not been granted the logon locally permission, to receive an access denied error. The LogonUser call has been updated to fallback to a network logon when a local logon fails.
- A recent update to the Syslog Servers, for Syslog Aggregation for our Cloud SIEM solution, caused the verbose logging messages to no longer write to the server.log file. This bug has been fixed.
- A previous update caused the Directory Watcher Template to no longer execute. This bug has been fixed.
- The Log Monitor Rules Properties View has been updated to optionally display line items in a detailed tabular format. The modal dialog view has been removed.
- A recent update caused some log reports to truncate the Message column to 64 characters. Reports are not automatically updated to display all of the characters in the message.
|
|
25.0.0.73 |
Fixed a bug in the new Database Action. |
2024-09-29 |
- The Database Action was not processing Event IDs and Event Log, Syslog and Text Log Message columns. This bug has been fixed.
|
|
25.0.0.71 |
Updated sample report groups. |
2024-09-24 |
- Several of the Sample Report Groups and members have been updated to better group like items.
- A bug had been recently introduced that caused text log monitors that were monitoring dated filenames which the files were not found to leak a node in the Explorer View. This bug has been fixed.
|
|
25.0.0.69 |
Added the offline agent installer to the full installer. |
2024-09-19 |
- The full installer has been updated to include the offline agent installer.
- Previously when attempting to hide PowerShell results from the Detail View found in the Monitor Status View, the filtered rows, either informational or triggered, were not being removed. This bug has been fixed. To retain informational values in the Detail View but hide informational values in Actions, use the Hide informational data table rows found on the Actions Tab.
- Previously when logging into the Management Console locally, a network logon was executed. On STIGed machines this is a finding. The code has been updated to logon interactively when connecting locally.
|
|
25.0.0.64 |
Fixed a new text log retention bug. |
2024-09-17 |
- A recent update to the Text Log Consolidation Monitor caused some files to stop deleting entries no longer needed. This bug has been fixed.
- The keep-alive flag is now automatically set when a new host is added to the system. This flag is ignored when not using the Agent.
- Previously the Audit Policy Monitor Template Properties View was erroneously returning the localhost’s audit policy rather than using the Agent to pull remote policies. This bug has been fixed.
- A new real-time audit policy monitor template called, Real-Time Audit Policy Changed, has been added to the Sample Templates.
- The JSIG EVTX File backup template has been updated to save log files for 5 years.
|
|
25.0.0.55 |
Added a new Linux Management Console and added a new text log monitor feature. |
2024-09-11 |
- A new Linux Management Console is now available for download. The new interface is under heavy development and not production ready.
- 3 new Red Hat RPMs have been authored enabling easier installation of the Linux Agent, Server and new Linux Management Console (LMC).
- The Text Log Monitors have been updated to support using the {ALIAS} variable in the logical filename as well as the _ALIAS_ key in the column definitions to include a column in the output database table that specifies each host’s alias.
- A new installer is now available that includes .Net 8 Desktop Runtime embedded in the package.
- Previously when viewing consolidated log entries, then grouping by a user column defined as an Enum Type, the group by header was showing the actual value, an integer, rather than the string representation of the value. This bug has been fixed.
|
|
25.0.0.53 |
Added several new Syslog Reports. |
2024-09-10 |
- Two new sample reports are now included that parse FortiGate and SonicWall syslog messages.
- Syslog Reports have been updated to support Enum Definitions, for example you can now translate numbers to string representations such as category IDs to category strings.
- Previously the Directory Size Monitor Template was logging each file it scanned. The message is now only logged when the -logdebug flag has been set as a startup parameter.
|
|
25.0.0.50 |
Added back the Database Action previously available in Server Manager 2012-1018. |
2024-09-04 |
- The Database Action that was previously available in Server Manager 2012-2018 has been added back in. The addition of this action enables users to write report output to a database table then consume the data in other applications such as Microsoft Power BI.
|
|
25.0.0.47 |
Added Text Log Monitor entry compression to Agent. |
2024-08-28 |
- Previously when monitoring text log files via the Agent, text log entries were always uploaded uncompressed. The upload function now acts exactly like the Event Log monitors. If less than 500 entries are read, the entries are uploaded uncompressed, otherwise the entries are compressed locally the uploaded to the server.
- A recent bug was introduced into the Management Console which broke the Group By feature found in the Running Monitors and Running Reports views. This bug has been fixed.
- A recent bug was introduced that caused the Auto-Clear-Trigger message to no longer display in the History View. This bug has been fixed.
- Previously after clearing a real-time log monitor trigger, the running icon was lost in the Explorer View. This bug has been fixed.
- A waiting spinner has been added to the Batch Assignment View.
- Previously when running the local management service with an account, the c:\windows\systemtemp directory was not scanned. This limitation has been resolved.
- The overridden Corner Bowl temporary files directory is now included in the delete temporary files template for both the agent and the service systems.
|
|
25.0.0.45 |
Added a SCAP Vulnerability Scanner Template and three other scanning Templates. |
2024-08-25 |
- A new SCAP Vulnerability Scanner Template has been added, accessible through a paid add-on which can be purchased online, that implements SCAP vulnerability scanning and DISA STIG Viewer checklist file generation.
- A new System Security Monitor Template has been added that enables users to monitor Security Policy and User Rights Assignments found in the built-in Windows secedit.exe program. This Template was created to implement required functionality in our new SCAP Vulnerability Scanner Template.
- A new File Permissions Monitor Template has been added that enables users trigger alerts when permissions match user defined filter criteria. This Template was created to implement required functionality in our new SCAP Vulnerability Scanner Template.
- A new WMI Query Template has been added that enables users to generate their own WMI queries, then trigger alerts based on results. This Template was created to implement required functionality in our new SCAP Vulnerability Scanner Template.
- The PowerShell Template has been updated to include must have filters.
|
|
25.0.0.44 |
Added temp directory option to agents. |
2024-08-20 |
- Per a customer request, the agents have been updated to include an option to override the temporary file directory.
|
|
25.0.0.43 |
Added auto-re-installer for re-initialized air gapped VMs. |
2024-08-13 |
- The internal Agent Installer Service has been updated to attempt to re-install when a host does not connect within the agent connection schedule or, if longer, the host connection schedule. This feature enables the agent installer service to re-install the agent on VMs that have previously connected but have since been re-initialized and the agent is no longer installed, a common scenario in air gapped environments.
- The Start a Process Action has been updated for Text Log Monitors. When triggered and the arguments includes the {ITEM_MESSAGE} variable, a process is spawned once for each entry.
|
|
25.0.0.41 |
Fixed several legacy agent installer bugs. |
2024-08-10 |
- Previously when using the agent on Server 2008 and Windows 10 machines and internet access available, the v23 .Net 472 version of the agent installer was being downloaded rather than the .25 .Net 472 version. This bug has been fixed.
- Previously the .Net 472 version of the agent installer was incorrectly checking for windows version 602 rather than 601 breaking support for Server 2008 and Windows 7. This bug has been fixed.
- The legacy agent installer has been updated to download the .Net 472 agent when Server 2012 non-R2 is detected.
- The AI Anomaly Detection (Template Triggers) Report now includes the same anomaly detection minimum count filter seen in the log-based anomaly detection reports.
- A recent refactor change caused some of the report titles and descriptions to no longer display when viewed within the console. This bug has been fixed.
|
|
25.0.0.40 |
Fixed an agent-based rolling text log consolidation bug. |
2024-08-08 |
- Previously when using the agent’s new command and control feature to consolidate rolling text log files, such as files named with the current date, data duplicated. This bug has been fixed.
- A recent update caused collection triggers to show OK items as errant. This bug has been fixed.
|
|
25.0.0.33 |
Overhauled the Registry Monitor Template. |
2024-07-31 |
- The Registry Monitor Template has been updated to support monitoring an array of registry key values.
|
|
25.0.0.27 |
Added several user requested features. |
2024-07-29 |
- The Text Log Consolidation Monitor has been updated to enable users utilizing the Logical Filename option to include a {HOST} tag. Once included, the database table name will include the hostname within the table name.
- The Database Log Consolidation Template (SharePoint) has been updated to include an initial number of days to download.
- The Dashboard has been updated to include a History Summary view.
|
|
25.0.0.26 |
First Release Build |
2024-07-26 |
- We are excited to release Corner Bowl Server Manager 2025. Please note LTS support for v23 ends July 1st 2025. Until that time, any critical bugs discovered in v23 will be addressed. Version 25 is complied against .Net 8 which has LTS until November 11th 2026. The most visible update in v25 is a new Tray Icon. The Tray Icon now enables you to select between different Server Manager connections, enabling users to more easily identify desktop triggers when connected to multiple installations of Corner Bowl Server Manager. Another major update is to the internal memory management which now more explicitly removes objects from memory rather than relying on .Net to clean up at its’ leisure, significantly reducing the footprint of all processes. We are currently developing a Linux Management Console so stand-alone air gapped installations can be locally configured. We plan to release the Linux Management Console with minimal functionality by end of Q3. Please let us know if you are interested in early testing of the Linux Management Console and we will add you to our list of beta users. As always, we are continually adding new user driven feature requests so please let us know what you would like to see.
|