Download the release on GitHub.
Features
Section titled “Features”Add a static binary workflow
Section titled “Add a static binary workflow”Starting with this release, installing VAST on any Linux becomes significantly easier: A static binary will be provided with each release on the GitHub releases page.
Add MsgPack-based Table Slice implementation
Section titled “Add MsgPack-based Table Slice implementation”We open-sourced our MessagePack-based table slice
implementation, which provides a compact row-oriented encoding of data. This
encoding works well for binary formats (e.g., PCAP) and access patterns that
involve materializing entire rows. The MessagePack table slice is the new
default when Apache Arrow is unavailable. To enable parsing into MessagePack,
you can pass --table-slice-type=msgpack to the import command, or set the
configuration option import.table-slice-type to 'msgpack'.
By @dominiklohmann in #975.
Changes
Section titled “Changes”Use Flatbuffers for Persistent State of Segment Store and Meta Index
Section titled “Use Flatbuffers for Persistent State of Segment Store and Meta Index”FlatBuffers is now a required dependency for VAST. The archive and the segment store use FlatBuffers to store and version their on-disk persistent state.
Improve handling of the default schema paths
Section titled “Improve handling of the default schema paths”VAST now recognizes /etc/vast/schema as an additional default directory for
schema files.
PRs 954-986
Section titled “PRs 954-986”The suricata schema file contains new type definitions for the stats, krb5, smb, and ssh events.
Bug Fixes
Section titled “Bug Fixes”Fix spawn source subcommand
Section titled “Fix spawn source subcommand”The PCAP reader now correctly shows the amount of generated events.