We are pleased to announce the release of Arkime 5.0! This open-source network analysis and packet capture tool just got even better. Our latest release offers new features, enhancements and bug fixes to speed up your incident response and empower your security and network teams to investigate and mitigate threats.
This release introduces a highly anticipated feature: Cont3xt Bulk Search! Now, you have the power to simultaneously enrich multiple indicators with just a single query, streamlining data analysis process like never before. We've revamped our user interface to help you navigate through and analyze the wealth of information more intuitively.
The session details section has been redesigned to minimize unused space. On large screens, the layout displays a dual-column structure, enabling you to access a greater amount of information without the need for scrolling.
After coming to our senses, all applications now utilize a unified configuration subsystem. This enhancement enables support for multiple configuration file formats (ini, json, yaml) and facilitates retrieval from both disk and network sources. The Arkime authorization model has been standardized across all applications and finally includes basic and form authorization.
JA4 support has been added and is visible as new session fields for viewing and searching. For those wanting JA4+ support, it can be added through an easy-to-install plugin.
To enhance the user experience, multiviewer dropdowns have been added to the Files, History, and Stats tabs, allowing users to perform searches against multiple viewers on these pages.
In this release, we have also introduced the ability to ingest offline PCAP directly from various network sources, such as S3 and HTTP(S).
In the spirit of continuous improvement, we have addressed numerous bugs and introduced several minor features. For a detailed overview, please refer to the release notes. Thank you for your continued support!
The session detail section has undergone a comprehensive redesign, strategically enhancing the presentation of information within the confines of screen dimensions and minimizing superfluous space :) On large screens, the layout adopts a dual-column structure, facilitating an expanded view of information without the need of scrolling. To optimize space, field labels and values display on the same line, with extensive values wrapped, and lengthy field labels truncated with an ellipsis.
Moreover, the session detail section now boasts heightened customizability. Users possess the flexibility to adjust label widths, thereby allocating more screen real estate to accommodate long values or field labels. Notably, each section and subsection within the session detail is collapsible, with user preferences persistently stored. This ensures customization while traversing through sessions during the analytical processes.
Every application within the Arkime ecosystem now adheres to a unified authorization model, centralized into a new common module that each application imports and utilizes.
A noteworthy change is the removal of anonymous mode as the default authorization, which has been replaced by digest. Furthermore, a range of new authorization modes can be configured, including basic, form, basic+form, basic+oidc, headerOnly, header+digest (equivalent to header), and header+basic. Detailed information on these modes can be found in the Settings Documentation.
It's important to note that Parliament has deprecated the previous JWT authorization model, replacing it with Arkime common authorization. This change was alluded to in Arkime 4.0, encouraging users to configure common authorization within the Parliament Settings page. In Arkime version 5.0, this configuration is now mandatory. Users can implement common authentication through the Parliament Settings Page prior to upgrading to version 5.0 or manually in the configuration file. For details, please refer to the Parliament documentation and the upgrade guide for version 5.0.
Arkime 5.0 includes an extensive array of improvements, comprising numerous bug fixes, minor feature additions, and upgraded dependencies.
Notable minor features encompass integrations for Arkime, Elasticsearch/OpenSearch, CSV, JSON, and Redis within Cont3xt. Simplification and enhanced user experience was introduced by allowing Parliament and Arkime to share the same notifiers. Additional enhancements involve the introduction of configurable links in the Parliament navbar to WISE and Cont3xt. Ownership transfer functionalities have been extended to Arkime and Cont3xt resources, encompassing views, shortcuts, periodic queries, and link groups. Furthermore, edit roles have been incorporated for Arkime resources, specifically targeting views, shortcuts, and periodic queries.
Among the bug fixes, notable resolutions include the enforcement of user time limits on unique endpoints, the flexibility to add Arkime DB fields in any order within the same group, and the replacement of unappealing JSON errors in the Arkime navbar with a more generic "Error loading health" message. These collective improvements contribute to a more refined and robust Arkime experience.