|Release Type||Release Number||Release Date|
|Original||CloudShark 3.3||May 16th, 2017|
|Maintenance Release #1||CloudShark 3.3.1||June 8th, 2017|
|Maintenance Release #2||CloudShark 3.3.2||July 10th, 2017|
|Maintenance Release #3||CloudShark 3.3.3||July 19th, 2017|
|Maintenance Release #4||CloudShark 3.3.4||July 26th, 2017|
We’ve been putting up with cold temperatures and a lot of rain here in New England and the sun is finally going to come out this week. To celebrate, we’re releasing our latest version of CloudShark and bringing our Threat Assessment add-on to our Enterprise customers.
Whether it’s WannaCry, Dridex, RIG or whatever the next one is going to be called, CloudShark can help you detect and analyze malware traffic and potential threats in your capture files. Use our built-in Suricata rules, or bring your own!
Visit our website to learn more about the Threat Assessment addon.
Contact firstname.lastname@example.org if you’re interested in trying it out!
CloudShark Threat Assessment is now available to Enterprise Customers! The add-on requires you first upgrade to CloudShark 3.3.
We’ve added a button to jump from a zoomed in selection of a bandwidth graph directly to those packets. CloudShark is able to compute a display filter for the visible time range over the active series. Zoom in, and click the “Apply as Display Filter” button to open a new tab with those packets.
CloudShark 3.2 includes the latest protocols and dissectors from the latest Wireshark 2.2 release. You can read the Wireshark release notes here.
For customers deploying CloudShark in an offline environment we have a new and improved offline installer. This new installer creates a local Yum repository to reduce the number of files that need to be downloaded and managed separately. It also saves packages to this repository needed to install the new Threat Assessment add-on to make starting an evaluation as easy as contacting email@example.com for a trial license.
Users upgrading from a version as old as CloudShark 2.8.x can run the following as root to perform the upgrade:
Please read the upgrade instructions if you are upgrading from an older version of CloudShark.
CloudShark 3.3.1 fixes a regression in 3.3.0 where external-group mappings are not preserved for logged-in users. We recommend upgrading to CloudShark 3.3.1 if you are taking advantage of this feature.
CloudShark 3.3.2 improves the Threat Details view within our latest add-on: CloudShark Threat Assessment. By grouping threats together by payload, we are able to reduce alert-clutter and show you the best analysis when multiple alerts trigger on the same payload.
From this view, you can now access the raw rule source describing what it triggered on, as well as all the other matching alerts. Additionally, it provides quick links to jump to other alerts for the same hosts, and streams.
CloudShark 3.3.3 resolves a bug preventing guest upload from working in certain deployments. If you have enabled Guest Upload on your appliance, we recommend upgrading to 3.3.3 to prevent any problems with that functionality.
If Guest Upload is NOT enabled, there are no other changes in this release.
CloudShark 3.3.4 introduces a minor, but incredibly useful new feature for people working with different kinds of capture files.
The “Profile” dialog for every capture file is where users can choose which summary columns they see when looking at a packet capture. Typically this has defaulted to a set of columns that was useful for most general analysis, but wasn’t ideal for specific jobs.
CloudShark 3.3.4 introduces a new preset drop-down containing a few specialized analysis profiles to choose from to do different types of analysis. The initial offering includes improved support for Generic analysis, a view for TCP sequence/ack analysis, Wireless traffic, and HTTP.
These will be user-configurable in future releases.
An additional tab has been added to the DNS Analysis Tool. Now, CloudShark will extract all of the hosts and addresses that were resolved as part of the capture. This does not do any additional external queries to DNS, but relies on the DNS responses inside the capture file to build up this list.
Clicking on a row will bring you to the traffic from that host, as well as the DNS response and query for that name.