CloudShark 3.3.0

Release Type  Release Number  Release Date 
Original  CloudShark 3.3  May 16th, 2017 
Maintenance Release #1  CloudShark 3.3.1 June 8th, 2017 
Maintenance Release #2  CloudShark 3.3.2 July 10th, 2017 
Maintenance Release #3 CloudShark 3.3.3 July 19th, 2017 
Maintenance Release #4 CloudShark 3.3.4 July 26th, 2017 
Maintenance Release #5  CloudShark 3.3.5 September 6th, 2017 
Maintenance Release #6  CloudShark 3.3.6 September 13th, 2017 

CloudShark 3.3 May 16th, 2017

Happy Spring!

We’ve been putting up with cold temperatures and a lot of rain here in New England and the sun is finally going to come out this week. To celebrate, we’re releasing our latest version of CloudShark and bringing our Threat Assessment add-on to our Enterprise customers.

Whether it’s WannaCry, Dridex, RIG or whatever the next one is going to be called, CloudShark can help you detect and analyze malware traffic and potential threats in your capture files. Use our built-in Suricata rules, or bring your own!

Visit our website to learn more about the Threat Assessment addon.

Contact if you’re interested in trying it out!

— CloudShark

New Features and Highlights

Threat Assessment add-on

threat wannacry


CloudShark Threat Assessment is now available to Enterprise Customers! The add-on requires you first upgrade to CloudShark 3.3.

Read more about it and contact to start your evaluation.

Display Filter from Graphs

We’ve added a button to jump from a zoomed in selection of a bandwidth graph directly to those packets. CloudShark is able to compute a display filter for the visible time range over the active series. Zoom in, and click the “Apply as Display Filter” button to open a new tab with those packets.

Upgraded to latest TShark

CloudShark 3.2 includes the latest protocols and dissectors from the latest Wireshark 2.2 release. You can read the Wireshark release notes here.

Improved Offline Installation

For customers deploying CloudShark in an offline environment we have a new and improved offline installer. This new installer creates a local Yum repository to reduce the number of files that need to be downloaded and managed separately. It also saves packages to this repository needed to install the new Threat Assessment add-on to make starting an evaluation as easy as contacting for a trial license.

Bug fixes and other changes

  • Using new Markdown parser for comments and annotations
  • Fixes an issue with incorrect timestamps in some bandwidth graphs
  • Mitigated potential XSS with improved user-input filtering

Upgrade Instructions

Users upgrading from a version as old as CloudShark 2.8.x can run the following as root to perform the upgrade:

cloudshark-admin --install-latest

Please read the upgrade instructions if you are upgrading from an older version of CloudShark.

CloudShark 3.3.1 June 8th, 2017

CloudShark 3.3.1 fixes a regression in 3.3.0 where external-group mappings are not preserved for logged-in users. We recommend upgrading to CloudShark 3.3.1 if you are taking advantage of this feature.

CloudShark 3.3.2 July 10th, 2017

CloudShark 3.3.2 improves the Threat Details view within our latest add-on: CloudShark Threat Assessment. By grouping threats together by payload, we are able to reduce alert-clutter and show you the best analysis when multiple alerts trigger on the same payload.

From this view, you can now access the raw rule source describing what it triggered on, as well as all the other matching alerts. Additionally, it provides quick links to jump to other alerts for the same hosts, and streams.

threat details

Bugfixes and other changes

  • Removes support for exporting a graph to PDF. Please rely on the browser’s built-in functionality for that task. Export to SVG, PNG, and JPG is still supported.
  • Resolves problem importing multi-line comments from a PCAPNG formatted file
  • Fixes issue with flashing notifications in Threat Assessment Demo mode

CloudShark 3.3.3 June 19th, 2017

CloudShark 3.3.3 resolves a bug preventing guest upload from working in certain deployments. If you have enabled Guest Upload on your appliance, we recommend upgrading to 3.3.3 to prevent any problems with that functionality.

If Guest Upload is NOT enabled, there are no other changes in this release.

CloudShark 3.3.4 June 26th, 2017

CloudShark 3.3.4 introduces a minor, but incredibly useful new feature for people working with different kinds of capture files.

Column Presets

The “Profile” dialog for every capture file is where users can choose which summary columns they see when looking at a packet capture. Typically this has defaulted to a set of columns that was useful for most general analysis, but wasn’t ideal for specific jobs.

CloudShark 3.3.4 introduces a new preset drop-down containing a few specialized analysis profiles to choose from to do different types of analysis. The initial offering includes improved support for Generic analysis, a view for TCP sequence/ack analysis, Wireless traffic, and HTTP.

These will be user-configurable in future releases.

Resolved Hosts DNS Tool

An additional tab has been added to the DNS Analysis Tool. Now, CloudShark will extract all of the hosts and addresses that were resolved as part of the capture. This does not do any additional external queries to DNS, but relies on the DNS responses inside the capture file to build up this list.

Clicking on a row will bring you to the traffic from that host, as well as the DNS response and query for that name.

Bug fixes and other changes

  • Improvements when upgrading the Threat Assessment addon with custom rules
  • Fixed a behavior when typing annotations that could lead to losing everything you had typed before saving.
  • Resolved bug that could crash CloudShark under heavy load related to Threat Assessment

CloudShark 3.3.5 September 6th, 2017

Bug fixes and other changes

  • Prevent potential XSS vulnerability found on the Ladder view
  • Correctly display certain unprintable characters as escape sequences instead of raw characters
  • Resolve an issue that would prevent certain Threat Assessment summaries from loading
  • Improved support for HSTS configurations across upgrades

CloudShark 3.3.6 November 13th, 2017

This maintenance release is aimed at resolving a few last minor bugs and annoyances. Because there were some potential XSS vulnerabilities exposed, we do recommend that most people upgrade. If you have any questions, or would like additional detailed information on any of the fixes, please ask

Bug fixes and other changes

  • Correctly redirect SAML users to their original request after logging in
  • Resolve potential XSS in the Follow Stream view
  • Resolve potential XSS in certain dialog boxes
  • Escape JSON response from the Merge and Filter tools
  • Fix an error message in the Autoimporter log
  • Upgrade to Tshark 2.2.10
  • Fix incorrect follow-stream link when looking at IPv6 Threat Details
  • Fix exception when trying to view certain Threat Details