I've just released EveBox 0.20.0. Along with bug fixes, this release brings some new features I've wanted to add for some time:

Auto Archive by Age​

You can now set an age in days to auto-archive alerts. By default this feature is disabled, so you will need to enable it in the Admin settings.

Auto Archive by Filter​

From an alert, you can now choose to have future occurrences of that alert auto-archived.

Currently supported filters include:

• SID
• SID + Sensor
• SID + Source IP + Destination IP
• SID + Source IP + Destination IP + Sensor

I hope to provide a more flexible filtering solution along the lines of email filtering in the near future.

Kibana Inspired Filters​

In an alert view, hover over the signature or an IP address and you will see a + or - to filter for, or filter out alerts. This is a work in progress and will be brought to more pages and dashboards over time.

SQLite Responsiveness Enhancements​

SQLite results can be slow when the dataset is large. To address this a timeout has been added to the Inbox so results will be returned in a timely matter. By default this is 5 seconds.

Also, in the Dashboard aggregations, data will be streamed as its available. So you should see data in the tables right away, and results will be added is they are available.

Just a note that I will no longer being provided MacOS or Linux Arm32 binary builds. EveBox should still fine on these systems, however I don't have the equipment to test myself. Sorry for any inconvenience.