EveBox 0.20.0 Released

January 29, 2025 · 2 min read

I've just released EveBox 0.20.0. Along with bug fixes, this release brings some new features I've wanted to add for some time:

Auto Archive by Age

You can now set an age in days to auto-archive alerts. By default this feature is disabled, so you will need to enable it in the Admin settings.

Archive-By-Age

Auto Archive by Filter

From an alert, you can now choose to have future occurrences of that alert auto-archived.

Currently supported filters include:

SID
SID + Sensor
SID + Source IP + Destination IP
SID + Source IP + Destination IP + Sensor

I hope to provide a more flexible filtering solution along the lines of email filtering in the near future.

Auto-Archive-By-Filter

Kibana Inspired Filters

In an alert view, hover over the signature or an IP address and you will see a + or - to filter for, or filter out alerts. This is a work in progress and will be brought to more pages and dashboards over time.

SQLite Responsiveness Enhancements

SQLite results can be slow when the dataset is large. To address this a timeout has been added to the Inbox so results will be returned in a timely matter. By default this is 5 seconds.

Also, in the Dashboard aggregations, data will be streamed as its available. So you should see data in the tables right away, and results will be added is they are available.

Auto Archive by Age​

Auto Archive by Filter​

Kibana Inspired Filters​

SQLite Responsiveness Enhancements​

Auto Archive by Age

Auto Archive by Filter

Kibana Inspired Filters

SQLite Responsiveness Enhancements