Siren is committed to providing users with an easy-to-use platform with all the capabilities needed to conduct investigations quickly. We have been diligently releasing software enhancements in 2023 and this is an update for end-users.
Siren 13.4.0 has been very much focused on improved visualization, usability, and performance features, and begins to showcase Siren’s new logo and branding throughout the product. It’s an exciting development that enhances the aesthetic and reflects the evolution of our technology.
Feature we would like you to know about:
Critical Security CVEs were addressed to ensure the security and integrity of the software. The New Dashboard Flexi layout, and Templates and Reporting enhance the user experience and provide more customization options.
The introduction of a sidebar lock and unlock feature can be beneficial for users who prefer a less busy interface and those who need to maximize their workspace.
The Graph Browser is a crucial component for visualizing and navigating complex relationships and connections within data. There have been a significant improvements made to the Siren Graph Browser throughout the year. Siren changed the back-end libraries to remove outdated dependencies, to provide more robust graph features, to improve the graph engine’s performance, and to add new features.
Some of the graph performance improvements include:
• Tooltip handling
• Faster timebar
• Enhanced contextual menu
• Graphs can now be exported in high-resolution
• Feature to detect the correct orientation (i.e., portrait or landscape) for an image exported from the graph browser
What else is new?
Set preferred direction of entity table relations: The ability to set a preferred direction for relationships in the data model is a valuable feature for users who want more control over how data connections are displayed. By allowing users to define the preferred direction, it makes it easier for users to understand the relationships within the dataset. For more details, see Setting preferred direction.
Object Definition API – The ability to fully automate the creation of Siren’s data model based on external data is a powerful feature, especially for administrators looking to streamline processes and ensure consistency. This can significantly reduce the manual effort involved in setting up and maintaining the data model, promoting efficiency and accuracy. Additionally, the fact that Siren Investigate now validates the contents of saved objects before they are saved in Elasticsearch is a crucial improvement. This validation step helps ensure data integrity and prevents the storage of erroneous or inconsistent configurations, contributing to the overall reliability of the system. For more details, see Object Definitions API
Script Editor: This feature greatly improves the developer or implementer experience by reducing the need to constantly reference documentation and allowing for the quick and efficient creation of scripts. It’s likely to enhance the usability and accessibility of Siren for developers and implementers, making the process of creating scripts more intuitive and less error-prone.
Siren visual graphs are now listed and easily accessed from the sidebar of the Siren main menu. A link to each can be directly shared with other Siren users. Analysts can now add records to a graph without having to open it thereby facilitating the merging of different graphs together and eliminating an extra step.
Graphs on the sidebar: You can now create and view graphs on a sidebar.
Default Dataspace landing page: The ability to set a default Siren dataspace is a valuable feature for analysts allowing them to further customise their workflow. Configuring a default dataspace through the kibana.defaultDataspace property in the investigate.yml helps to align with the diverse needs of analysts and their working styles.
Intuitive labelling and description for field names in the entity table:
An intuitive label and description for field names has been introduced in the entity table. This will enable the analysts to maintain a data catalog, annotating all fields available in Siren.
Other notable features released in 2023:
Template and reporting: The addition of a Record Tables template in the latest release is a significant enhancement for generating and downloading reports in various formats. Reports can now be generated in formats such as PDF, DOCX, and PPTX. This makes scripts easier to write and faster to load, while also allowing templates to be rendered in Record Tables, in addition to the Record Viewer. This Feature contributes to a more user-friendly and efficient reporting experience within the Siren platform.
New Dashboard Layout: The introduction of a flexible layout that better resizes to different screens and allows visualizations to be stacked in tabs is an improvement to the overall user experience of Siren. It addresses the challenges associated with varying screen sizes and resolutions and aligns with modern web design principles.
Sidebar lock and unlock: The ability to lock and unlock the sidebar has been added. When unlocked, the sidebar items can be reordered. When locked, nodes from dashboards can be dropped on appropriate visualisations. This adds a layer control and offers further preferences to the user experience.
Adding Custom Icons: To customize the appearance of your data models, you can import custom icons into Siren Investigate. Siren now has a new docker image called siren-fontcustom to streamline the process of creating custom icon packs.
Map : A custom name for the aggregation layer in Enhanced coordinate map visualisation can now be used. Analysts currently see the layer text as “Aggregation” in the Enhanced Coordinate Map which is not intuitive. Now the user can choose a more meaningful name for it.
The Docker images now use a Debian 12 base which has compatibility issues with the older versions of docker. It is recommended to use the Docker version 24.x or later to run the images.
Critical CVE’s Addressed:
Addressing Critical CVEs (Common Vulnerabilities and Exposures) is crucial for maintaining the security and integrity of any software product. Siren had also addressed list of Critical CVE’s in recent releases:
• Bumped webpack to 5.76.2 which addresses the CVE-2023-28154
• Bumped vm2 to 3.9.15 to address CVE-2023-29017
• Removed unused style-loader dependency to address CVE-2020-15366
• Upgrade postcss-inline-svg dependency to version 6.0.0 to address CVE-2021-33587
• Upgrade vm2 dependency to address CVE-2023-32314
• Mocha was bumped to version 10.2.0. This addresses CVE-2022-37601, CVE-2020-36632 and CVE-2020-44906.
Depreciation:
• DBC datasources and Siren Search UI have been deprecated in the 13.4.0 release. They will be removed completely in upcoming releases.
• Ingestion of data in JDBC datasources is now supported through logstash.
• Siren Search UI is being replaced by the Siren Search App.
