Collect. Filter. Create.


Release Notes and News about Cyphon

Cyphon Release 1.4

We've just released Cyphon 1.4, featuring email notifications, numeric rules, cleaner data views, improved scalability, and more options to configure Elasticsearch.

Email Notifications

If you're assigned to an alert or have commented on an alert assigned to another analyst, you can now be notified by email when someone else comments on that alert. This helps your team stay in sync with each other so alerts are handled more efficiently.

Numeric rules

Want to trigger alerts based on numeric values? Cyphon 1.4 now allows you to create rules using numeric comparisons, in addition to regular expressions. For instance, if you're monitoring Twitter, you can use the polarity of tweets to generate high-level alerts for highly negative tweets and medium-level alerts for moderately negative tweets.

Cleaner data views

When working with data, sometimes less is more. Alert objects contain a copy of the entire JSON document with which they are associated, but some of these fields may have little value for analysts and make it harder to focus on more important fields. We've addressed this issue by only showing fields you define for a particular data collection.

Improved scalability

Cyphon 1.4 includes some behind-the-scenes improvements to allow watchdogs to work more efficiently. We've also made configuration more flexible if you choose to deploy in AWS and use Amazon EC2 Systems Manager to store your settings.


More Elasticsearch options

We now support more configuration options for Elasticsearch, including basic authentication. This makes it easier to use Cyphon with an existing Elasticsearch cluster.

How to Upgrade

If you intend to deploy Cyphon on AWS and use Amazon EC2 Simple Systems Manager (SSM) to store sensitive settings, refer to the documentation on Managing Secrets for configuration instructions.

Update Email Settings

To define the "from" email address that will be used to send email notifcations, add the DEFAULT_FROM field to your EMAIL setting in your cyphon/settings/ file:

    'DEFAULT_FROM': '',

Then add the following setting to your cyphon/settings/ file:

DEFAULT_FROM_EMAIL = EMAIL.get('DEFAULT_FROM', 'webmaster@localhost')


Update Elasticsearch Settings

Update the ELASTICSEARCH setting in your cyphon/settings/ file:

    'HOSTS': [
            'host': get_param('elasticsearch_host', 'elasticsearch'),
            'port': int(get_param('elasticsearch_port', '9200')),
            'http_auth': get_param('elasticsearch_http_auth'),
            'use_ssl': bool(int(get_param('elasticsearch_use_ssl', False))),
    'KWARGS': {
        'timeout': 30,


Update Middleware Setting

To ensure compatibility with the latest version of Cyclops, add cyphon.version.VersionMiddleware to the MIDDLEWARE_CLASSES setting in your cyphon/settings/ file:



Update Software

If you've installed Cyphon manually, you can download the new release from GitHub.

If you're running a Cyphondock-deployment (including our Virtual Machine), you can update Cyphon by recreating your Docker containers with the latest images. Run the following commands from your cyphondock working directory:

docker pull dunbar/cyphon:latest
docker-compose up -d --build