Symantec Security Information Manager 4.8 Release Notes

Similar documents
Symantec Enterprise Security Manager Oracle Database Modules Release Notes. Version: 5.4

Symantec Security Information Manager - Best Practices for Selective Backup and Restore

Veritas Operations Manager Package Anomaly Add-on User's Guide 4.1

Symantec Mobile Management for Configuration Manager

Symantec Enterprise Security Manager Modules for Sybase Adaptive Server Enterprise Release Notes 3.1.0

Symantec Mail Security for Microsoft Exchange Management Pack Integration Guide

Symantec Protection Center Enterprise 3.0. Release Notes

Veritas Operations Manager LDom Capacity Management Add-on User's Guide 4.1

Backup Exec Cloud Storage for Nirvanix Installation Guide. Release 2.0

Symantec Security Information Manager Release Notes

Symantec Critical System Protection Configuration Monitoring Edition Release Notes

Symantec NetBackup OpenStorage Solutions Guide for Disk

Veritas Cluster Server Getting Started Guide

Symantec Protection Engine for Cloud Services 7.0 Release Notes

Symantec NetBackup Vault Operator's Guide

Symantec Data Center Security: Server Advanced v6.0. Agent Guide

Symantec NetBackup Desktop and Laptop Option README. Release 6.1 MP7

Symantec NetBackup for Microsoft SharePoint Server Administrator s Guide

Symantec NetBackup Backup, Archive, and Restore Getting Started Guide. Release 7.5

Symantec Client Firewall Policy Migration Guide

Symantec Critical System Protection Agent Event Viewer Guide

Symantec Endpoint Protection Shared Insight Cache User Guide

Configuring Symantec AntiVirus for Hitachi High-performance NAS Platform, powered by BlueArc

Symantec Mobile Management 7.2 MR1Quick-start Guide

Symantec Enterprise Vault Technical Note

Symantec Event Collector for Kiwi Syslog Daemon version 3.7 Quick Reference

Symantec Security Information Manager 4.6 Administrator's Guide

Symantec Backup Exec System Recovery Granular Restore Option User's Guide

Altiris IT Analytics Solution 7.1 SP1 from Symantec User Guide

Symantec Security Information Manager 4.8 User Guide

Altiris Patch Management Solution for Linux 7.1 SP2 from Symantec User Guide

Symantec Security Information Manager Administrator Guide

Veritas Operations Manager Release Notes. 3.0 Rolling Patch 1

Symantec Event Collector 4.3 for Microsoft Windows Quick Reference

Encryption. Administrator Guide

Symantec NetBackup for Microsoft SharePoint Server Administrator s Guide

Symantec Critical System Protection Agent Event Viewer Guide

Symantec NetBackup for Lotus Notes Administrator's Guide

Recovering Encrypted Disks Using Windows Preinstallation Environment. Technical Note

Symantec Backup Exec System Recovery Exchange Retrieve Option User's Guide

Symantec LiveUpdate Administrator. Getting Started Guide

Symantec Secure Proxy Administration Guide

Symantec Critical System Protection Agent Guide

Symantec Virtual Machine Management 7.1 User Guide

Symantec Enterprise Security Manager Patch Policy Release Notes

Symantec Event Collector for Cisco NetFlow version 3.7 Quick Reference

Symantec Integrated Enforcer for Microsoft DHCP Servers Getting Started Guide

Symantec Patch Management Solution for Windows 7.5 SP1 powered by Altiris User Guide

Symantec Security Information Manager 4.5 Installation Guide

PGP Desktop Version 10.2 for Mac OS X Maintenance Pack Release Notes

Symantec Security Information Manager 4.5 Administrator's Guide

Symantec System Recovery 2013 Management Solution Administrator's Guide

Symantec Endpoint Protection Integration Component 7.5 Release Notes

Veritas Operations Manager Advanced 5.0 HSCL Pack 1 Release Notes

Configuring Symantec AntiVirus for NetApp Storage system

Symantec NetBackup for DB2 Administrator's Guide

PGP CAPS Activation Package

Symantec AntiVirus for Network Attached Storage Integration Guide

Altiris Asset Management Suite 7.1 from Symantec User Guide

Symantec Protection for SharePoint Servers Implementation Guide

Altiris Patch Management Solution for Windows 7.1 SP2 from Symantec User Guide

Symantec NetBackup Clustered Master Server Administrator's Guide

Symantec ApplicationHA agent for Microsoft Exchange 2010 Configuration Guide

Symantec ApplicationHA agent for SharePoint Server 2010 Configuration Guide

Altiris Asset Management Suite 7.1 SP2 from Symantec User Guide

Symantec ApplicationHA Agent for Microsoft Internet Information Services (IIS) Configuration Guide

Altiris Monitor Solution for Servers 7.5 from Symantec User Guide

Symantec ApplicationHA agent for Internet Information Services Configuration Guide

Symantec Enterprise Security Manager Modules. Release Notes

Veritas Storage Foundation and High Availability Solutions Getting Started Guide

Symantec NetBackup AdvancedDisk Storage Solutions Guide. Release 7.5

Symantec NetBackup PureDisk Deduplication Option Guide

Symantec NetBackup for Enterprise Vault Agent Administrator's Guide

Symantec Enterprise Vault

Veritas Storage Foundation and High Availability Solutions HA and Disaster Recovery Solutions Guide for Enterprise Vault

Symantec Security Information Manager User Guide

Symantec System Recovery 2011 Management Solution Administrator's Guide

Symantec Storage Foundation and High Availability Solutions Microsoft Clustering Solutions Guide for Microsoft SQL Server

Symantec Event Collectors Integration Guide for Symantec Security Information Manager 4.7

Enabling Windows Management Instrumentation Guide

Symantec NetBackup for NDMP Administrator's Guide

Symantec Enterprise Vault

Altiris Monitor Solution for Servers 7.1 SP1from Symantec User Guide

Configuring Symantec Protection Engine for Network Attached Storage 7.5 for NetApp Data ONTAP

Symantec Enterprise Vault. Upgrading to Enterprise Vault

Symantec Endpoint Protection Small Business Edition Installation and Administration Guide

Symantec NetBackup Deduplication Guide

Symantec Management Platform Installation Guide. Version 7.0

Symantec Response Assessment module Installation Guide. Version 9.0

Installation Guide for Symantec Endpoint Protection and Symantec Network Access Control

Symantec Enterprise Vault

PGP Desktop Version 10.2 for Windows Maintenance Pack Release Notes

Symantec NetBackup for Hyper-V Administrator's Guide. Release 7.5

Symantec Database Security and Audit 3100 Series Appliance. Getting Started Guide

Symantec NetBackup Clustered Master Server Administrator's Guide

Symantec NetBackup for Hyper-V Administrator's Guide. Release 7.6

Symantec NetBackup for Microsoft Exchange Server Administrator s Guide

Symantec NetBackup Plug-in for VMware vcenter Guide. Release 7.6

Transcription:

Symantec Security Information Manager 4.8 Release Notes

Symantec Security Information Manager 4.8 Release Notes The software described in this book is furnished under a license agreement and may be used only in accordance with the terms of the agreement. Documentation version: 4.8 Legal Notice Copyright 2012 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This Symantec product may contain third party software for which Symantec is required to provide attribution to the third party ( Third Party Programs ). Some of the Third Party Programs are available under open source or free software licenses. The License Agreement accompanying the Software does not alter any rights or obligations you may have under those open source or free software licenses. Please see the Third Party Legal Notice Appendix to this Documentation or TPIP ReadMe File accompanying this Symantec product for more information on the Third Party Programs. The product described in this document is distributed under licenses restricting its use, copying, distribution, and decompilation/reverse engineering. No part of this document may be reproduced in any form by any means without prior written authorization of Symantec Corporation and its licensors, if any. THE DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. SYMANTEC CORPORATION SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE. The Licensed Software and Documentation are deemed to be commercial computer software as defined in FAR 12.212 and subject to restricted rights as defined in FAR Section 52.227-19 "Commercial Computer Software - Restricted Rights" and DFARS 227.7202, "Rights in Commercial Computer Software or Commercial Computer Software Documentation", as applicable, and any successor regulations. Any use, modification, reproduction release, performance, display or disclosure of the Licensed Software and Documentation by the U.S. Government shall be solely in accordance with the terms of this Agreement.

Symantec Corporation 350 Ellis Street Mountain View, CA 94043 http://www.symantec.com Printed in the United States of America. 10 9 8 7 6 5 4 3 2 1

Technical Support Contacting Technical Support Symantec Technical Support maintains support centers globally. Technical Support s primary role is to respond to specific queries about product features and functionality. The Technical Support group also creates content for our online Knowledge Base. The Technical Support group works collaboratively with the other functional areas within Symantec to answer your questions in a timely fashion. For example, the Technical Support group works with Product Engineering and Symantec Security Response to provide alerting services and virus definition updates. Symantec s support offerings include the following: A range of support options that give you the flexibility to select the right amount of service for any size organization Telephone and/or Web-based support that provides rapid response and up-to-the-minute information Upgrade assurance that delivers software upgrades Global support purchased on a regional business hours or 24 hours a day, 7 days a week basis Premium service offerings that include Account Management Services For information about Symantec s support offerings, you can visit our Web site at the following URL: www.symantec.com/business/support/ All support services will be delivered in accordance with your support agreement and the then-current enterprise technical support policy. Customers with a current support agreement may access Technical Support information at the following URL: www.symantec.com/business/support/ Before contacting Technical Support, make sure you have satisfied the system requirements that are listed in your product documentation. Also, you should be at the computer on which the problem occurred, in case it is necessary to replicate the problem. When you contact Technical Support, please have the following information available: Product release level

Hardware information Available memory, disk space, and NIC information Operating system Version and patch level Network topology Router, gateway, and IP address information Problem description: Error messages and log files Troubleshooting that was performed before contacting Symantec Recent software configuration changes and network changes Licensing and registration Customer service If your Symantec product requires registration or a license key, access our technical support Web page at the following URL: www.symantec.com/business/support/ Customer service information is available at the following URL: www.symantec.com/business/support/ Customer Service is available to assist with non-technical questions, such as the following types of issues: Questions regarding product licensing or serialization Product registration updates, such as address or name changes General product information (features, language availability, local dealers) Latest information about product updates and upgrades Information about upgrade assurance and support contracts Information about the Symantec Buying Programs Advice about Symantec's technical support options Nontechnical presales questions Issues that are related to CD-ROMs or manuals

Support agreement resources If you want to contact Symantec regarding an existing support agreement, please contact the support agreement administration team for your region as follows: Asia-Pacific and Japan Europe, Middle-East, and Africa North America and Latin America customercare_apac@symantec.com semea@symantec.com supportsolutions@symantec.com

Contents Technical Support... 4 Chapter 1 Overview... 9 Documentation... 9 About Symantec Security Information Manager... 10 Chapter 2 What's new in Symantec Security Information Manager 4.8... 13 64-bit operating system... 13 IPv6 Support... 13 New version of Symantec Event Agent... 14 Collectors... 14 GNU Parted used for disk partitioning... 14 Symantec Managed Security Services (MSS) cloud connectivity... 14 Chapter 3 Issues... 17 Known issues... 17

8 Contents

Chapter 1 Overview This chapter includes the following topics: Documentation About Symantec Security Information Manager Documentation The following documentation is available for Information Manager: Help for the Web configuration interface and the Information Manager console (client) Symantec Security Information Manager User Guide Contains the information on how to use the product. You can access Help by clicking the Help icon in any dialog box, or by pressing the F1 key. Contains the information on how to use the product. The document is in PDF format. Symantec Security Information Manager Administrator Guide Contains the information on how to manage the configuration and administrative tasks after the installation. The document is in PDF format. Symantec Security Information Manager Installation Guide Contains the information on how to install and upgrade the product. The document is in PDF format. Symantec Security Information Manager Reporting Guide Contains the information on how to use the reporting feature in the product. The document is in PDF format.

10 Overview About Symantec Security Information Manager Symantec Security Information Manager Release Notes Contains a list of the known issues in the product. The document is in PDF format. For the updated version of these documents, visit http://www.symantec.com/business/support/overview.jsp?pid=52517. About Symantec Security Information Manager Information Manager provides real-time event correlation and data archiving to protect against security threats and to preserve critical security data. Information Manager collects and archives security events from across the enterprise. These events are correlated with the known asset vulnerabilities and current security information from Symantec DeepSight. The resulting information provides the basis for real-time threat analysis and security incident identification. Information Manager archives the security data for forensic and regulatory compliance purposes. Information Manager collects, analyzes, and archives information from security devices, critical applications, and services, such as the following: Firewalls Routers, switches, and VPNs Enterprise antivirus Intrusion detection systems and Intrusion Prevention Systems Vulnerability scanners Authentication servers Windows and UNIX system logs Information Manager provides the following features to help you recognize and respond to threats in your enterprise: Normalization of events from multiple vendors. Normalization and correlation of events from multiple vendors. Event archives to retain events in both their original (raw) and normalized formats. Distributed event filtering and aggregation to ensure that only relevant security events are correlated.

Overview About Symantec Security Information Manager 11 Real-time security intelligence updates from Symantec DeepSight. These updates keep you apprised of global threats and let you correlate internal security activity with external threats. Customizable event correlation rules to let you fine-tune threat recognition and incident creation for your environment. Security incident creation, ticketing, tracking, and remediation for quick response to security threats. Information Manager prioritizes incidents based upon the security policies that are associated with the affected assets. An Event Viewer that lets you easily mine large amounts of event data and identify the computers and users that are associated with each event. A client-based console from which you can view all security incidents and drill down to the related event details. These details include affected targets, associated vulnerabilities, and recommended corrective actions. Predefined and customizable queries to help you demonstrate compliance with the security and the data retention policies in your enterprise. A Web-based interface that lets you view and customize the dashboard, configure settings, and manage events, incidents, and tickets remotely. You can download various utilities and perform routine maintenance tasks such as backup and restore. You can use the custom logs feature with the universal collectors to collect and map information from devices for which standard collectors are not available.

12 Overview About Symantec Security Information Manager

Chapter 2 What's new in Symantec Security Information Manager 4.8 This chapter includes the following topics: 64-bit operating system IPv6 Support New version of Symantec Event Agent Collectors GNU Parted used for disk partitioning Symantec Managed Security Services (MSS) cloud connectivity 64-bit operating system IPv6 Support The Information Manager base operating system (OS) is now 64-bit. It uses Red Hat Enterprise Linux 6.0 Due to the upgrade in the OS, the limitations on memory usage is addressed. There is improvement in performance and speed. IBM DB2 and IBM Directory Server have been upgraded to 9.7 and 6.3. IPv6 (Internet Protocol version 6) is now supported within the Information Manager infrastructure such as Information Manager appliances with IPv6

14 What's new in Symantec Security Information Manager 4.8 New version of Symantec Event Agent addresses or agent-server communication over IPv6. Further, IPv6 support is extended to the data within the Information Manager such as events containing IPv6 addresses or assets with IPv6 addresses. New version of Symantec Event Agent A new version of the agent, Symantec Event Agent 4.8, is released with Symantec Security Information Manager 4.8. This new version of the Agent contains fixes to issues in the older version along with the following features: Option to install 32-bit Agent on a 64-bit server. IPv6 support extended to Agent-server communications. Ubuntu 8.04 LTS 64-bit is a supported platform for the Information Manager Linux agent. You can install both 32-bit and 64-bit versions of agent on a 64-bit Ubuntu server. Collectors Collector and agent configuration support is provided in the Information Manager Web interface. Nine 5.0 collectors are pre-shipped with the Information Manager 4.8 appliance. GNU Parted used for disk partitioning In Information Manager 4.8, Parted is used for disk partitioning. GNU Parted is a program for creating, destroying, resizing, checking, and copying partitions and the file systems within the partitions. Block devices are now used instead of Raw devices, which are now deprecated. Symantec Managed Security Services (MSS) cloud connectivity Symantec Security Information Manager provides cloud connectivity to Symantec Managed Security Services (MSS). MSS gives you the visibility into your company's security posture. MSS combines global threat intelligence, enterprise-wide monitoring, advanced analytics, and expert staff to provide 24x7 security monitoring and protect enterprises around the world from known and emerging threats. Symantec MSS is a truly global service with multiple Security Operation

What's new in Symantec Security Information Manager 4.8 Symantec Managed Security Services (MSS) cloud connectivity 15 Centers (SOC) around the world. Symantec SOCs analyze more than 12 billion logs worldwide each day to provide comprehensive protection from threats and help customers bolster defenses and respond to new threats as they emerge. You can enable log forwarding to MSS from the Information Manager console or from the Information Manager Web interface.

16 What's new in Symantec Security Information Manager 4.8 Symantec Managed Security Services (MSS) cloud connectivity

Chapter 3 Issues This chapter includes the following topics: Known issues Known issues The following are known issues categorized by areas in the product. Table 3-1 Category Issue Known issues by areas Description/Workaround Information Manager console The Information Manager client version is listed as 4.7.4.xx instead of 4.8.xx in the Add or Remove programs. If the Information Manager client 4.8 is installed over an existing installation of Information Manager client 4.7.4, the Information Manager client version is listed as 4.7.4.xx instead of 4.8.xx in the ControlPanel>AddorRemoveprograms. Information Manager console An error message is displayed when you access the Information Manager console with a NAT IP address. Create a host entry for the NAT IP address in the \etc\hosts file.

18 Issues Known issues Table 3-1 Known issues by areas (continued) Category Issue Description/Workaround Host file for Information Manager 4.8 The host file may show the IP address of the primary network interface only. Although the Information Manager server can be accessed by using a different network interface, the hosts file may show the IP address of the primary network interface. This issue occurs because the Information Manager can be accessed only with the settings that are provided for the first ethernet card that is configured during installation. Symantec Event Agent 4.8 In some scenarios you cannot install a 32 bit Agent on RHEL 6, 64-bit computer. On a 64-bit computer, you are provided an option to either install a 32-bit or a 64-bit version of Symantec Event Agent. In case you install a 32-bit version Agent on a 64-bit computer, you must also install the following dependent 32-bit packages along with the Agent: glibc zlib libstdc++ Note: These packages should be 32-bit versions even if their 64-bit versions are already installed. Symantec Event Agent 4.8 Windows XP/2003 Agents with IPv6 configured, send the events on HTTPS (port 443). This issue is due to a known limitation of Windows XP/2003 Agent. These Agents with IPv6 configured on them, send events on HTTPS (port 443) even when the UseDirectPort option is enabled for the Agent configurations. Installation During the installation of RHEL 6.0, a few warnings are displayed. Non-compliance to such warnings does not interrupt the installation process.

Issues Known issues 19 Table 3-1 Known issues by areas (continued) Category Issue Description/Workaround Collectors When you uninstall a collector of version 4.3 or 4.4 on Windows 4.8 agent and that collector is the last to be uninstalled, the following error message gets displayed: You must have a collector of version 5.0 installed, when you uninstall a collector of version 4.3 or 4.4 on a Windows 4.8 agent. Collectors Information Manager Web Interface Could not find or load main class providerinst.jar In some circumstances, the collector uninstallation programs may not fully uninstall all the files. Firefox combatability issues while using self-signed certificates. To completely uninstall all the files, go to collectors directory C:\Program Files\Symantec, and remove the contents manually. Due to a known limitation of Firefox 4.0, you cannot access Information Manager server with a self-signed certificate using it's IPv6 address. In such a case, if you must access the Information Manager server, you can use the host name of the Information Manager server. SSIM Web Start Client Backup and Restore Incidents When SSIM Web Start Client is launched for the first time, the DownloadingStatus window of the SSIM Web Start Client does not close automatically even after the Information Manager Console is launched. An error about invalid backup files is displayed on the Information Manager server when the partition disk that stores the backup data gets full. For some incidents an IPv6 loopback address is displayed in the IP address column when you view the details of an incident in the Sources tab. The issue occurs due to a limitation with the Java Network Launching Protocol (JNLP) API. In such cases, the backup data and the configurations files do not get listed for selective restoration. Since there is no space available on the disk to unpack the backup file. Such an incident is generated for on-box collectors with the statistics event type which do not have a Source IP Address field. This issue occurs because the source IP is not resolved during normalization in Information Manager 4.8.

20 Issues Known issues

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information