Juniper Secure Analytics Release Notes



Similar documents
IBM Security QRadar SIEM Version MR1. Administration Guide

Extreme Networks Security Upgrade Guide

After you have created your text file, see Adding a Log Source.

STRM LOG MANAGER RELEASE NOTES

WatchGuard Dimension v1.1 Update 1 Release Notes

STRM Log Manager Administration Guide

Juniper Secure Analytics

TECHNICAL NOTE SETTING UP A STRM UPDATE SERVER. Configuring your Update Server

Juniper Secure Analytics

Extreme Networks Security Log Manager Administration Guide

Introduction to Junos Space Network Director

Juniper Secure Analytics

IBM Security QRadar Version Troubleshooting System Notifications Guide

Network Security Platform 7.5

NSM Plug-In Users Guide

IBM Security QRadar Vulnerability Manager Version User Guide

WinCollect User Guide

Junos Pulse Mobile Security Dashboard. User Guide. Release 4.2. February 2013 Revision , Juniper Networks, Inc.

Sage CRM 7.3 SP2. Release Notes. Revision: SYS-REA-ENG-7.3SP2-1.0 Updated: April 2016

Juniper Secure Analytics

Junos Space. Virtual Appliance Deployment and Configuration Guide. Release 14.1R2. Modified: Revision 2

MALWAREBYTES PLUGIN DOCUMENTATION

Juniper Networks Management Pack Documentation

Dell Recovery Manager for Active Directory 8.6.3

IBM Security QRadar Vulnerability Manager Version User Guide IBM

Junos Pulse for Google Android

VEEAM ONE 8 RELEASE NOTES

WatchGuard Training. Introduction to WatchGuard Dimension

Juniper Secure Analytics

Managing Qualys Scanners

Juniper Secure Analytics

COMMANDS 1 Overview... 1 Default Commands... 2 Creating a Script from a Command Document Revision History... 10

WhatsUp Gold v16.3 Installation and Configuration Guide

Juniper Secure Analytics

F-Secure Internet Gatekeeper Virtual Appliance

WatchGuard SSL v3.2 Update 1 Release Notes. Introduction. Windows 8 and 64-bit Internet Explorer Support. Supported Devices SSL 100 and 560

Extreme Networks Security WinCollect User Guide

SSL VPN. Virtual Appliance Installation Guide. Virtual Private Networks


STRM Log Manager Users Guide

Migrating Log Manager to JSA

Extreme Networks Security Troubleshooting System Notifications Guide

Integrating with IBM Tivoli TSOM

About Recovery Manager for Active

Installing, Uninstalling, and Upgrading Service Monitor

Release Notes: Junos Space Service Automation 13.3R4

Module 1: Overview. Module 2: AlienVault USM Solution Deployment. Module 3: AlienVault USM Basic Configuration

WhatsUp Gold v16.1 Installation and Configuration Guide

AlienVault. Unified Security Management (USM) 5.1 Running the Getting Started Wizard

Symantec Database Security and Audit 3100 Series Appliance. Getting Started Guide

Junos Space. Service Now User Guide. Release Published: Copyright 2013, Juniper Networks, Inc.

VMware vcenter Support Assistant 5.1.1

Extreme Networks Security Vulnerability Manager User Guide

OnCommand Performance Manager 1.1

Upgrade Guide. McAfee Vulnerability Manager Microsoft Windows Server 2008 R2

Deploying a Virtual Machine (Instance) using a Template via CloudStack UI in v4.5.x (procedure valid until Oct 2015)

Juniper Secure Analytics

Juniper Networks Secure Access Release Notes

Release Notes for Websense Security v7.2

Installing and Configuring vcloud Connector

Pre-Installation Guide

McAfee Security Information Event Management (SIEM) Administration Course 101

McAfee Web Gateway 7.4.1

BaseManager & BACnet Manager VM Server Configuration Guide

OnCommand Performance Manager 2.0

Installing and Configuring vcloud Connector

How To Fix A Snare Server On A Linux Server On An Ubuntu (Amd64) (Amd86) (For Ubuntu) (Orchestra) (Uniden) (Powerpoint) (Networking

Administering Cisco ISE

4.0 SP1 ( ) November P Xerox FreeFlow Core Installation Guide: Windows Server 2008 R2

Unified Security Management (USM) 5.2 Vulnerability Assessment Guide

By default, STRM provides an untrusted SSL certificate. You can replace the untrusted SSL certificate with a self-signed or trusted certificate.

Junos WebApp Secure (formerly Mykonos)

IBM Security QRadar Version WinCollect User Guide V7.2.2

Application Discovery Manager User s Guide vcenter Application Discovery Manager 6.2.1

IBM Emptoris Contract Management. Release Notes. Version GI

VMware vcenter Log Insight Getting Started Guide

The SSL device also supports the 64-bit Internet Explorer with new ActiveX loaders for Assessment, Abolishment, and the Access Client.

GX-V. Quick Start Guide. VMware vsphere / vsphere Hypervisor. Before You Begin SUMMARY OF TASKS WORKSHEET

NETWRIX ACCOUNT LOCKOUT EXAMINER

GX-V. Quick Start Guide. Microsoft Hyper-V Hypervisor. Before You Begin SUMMARY OF TASKS. Before You Begin WORKSHEET VIRTUAL GMS SERVER

IBM Security QRadar SIEM Version MR1. Log Sources User Guide

Extreme Networks Security Risk Manager Installation Guide

Error and Event Log Messages

SonicWALL SRA Virtual Appliance Getting Started Guide

IBM Security QRadar SIEM Version High Availability Guide IBM

Contents. Version 1.1.6, revised

Quick Setup Guide. 2 System requirements and licensing Kerio Technologies s.r.o. All rights reserved.

VMware vcenter Log Insight Getting Started Guide

McAfee Vulnerability Manager 7.5.1

Symantec Security Information Manager 4.6 Administrator's Guide

Adaptive Log Exporter Users Guide

Backup & Disaster Recovery Appliance User Guide

Novell Sentinel Log Manager 1.2 Release Notes. 1 What s New. 1.1 Enhancements to Licenses. Novell. February 2011

SyncThru TM Web Admin Service Administrator Manual

WhatsUp Gold v16.2 Installation and Configuration Guide

English ETERNUS CS800 S3. Backup Exec OST Guide

User Guide to the Snare Agent Management Console in Snare Server v7.0

Legal Notes. Regarding Trademarks KYOCERA Document Solutions Inc.

Transcription:

Juniper Secure Analytics Release Notes 2014.5 February 2016 Juniper Networks is pleased to introduce JSA 2014.5. Juniper Secure Analytics (JSA) 2014.5 Release Notes provides new features, known issues and limitations, and fixes to known issues. Contents New and Updated Functionality........................................ 2 Installing 2014.5..................................................... 2 Known Issues and Limitations.......................................... 3 Resolved Issues..................................................... 3 Feedback............................................. 7 Revision History..................................................... 7 1

Juniper Security Analytics Release Notes New and Updated Functionality NOTE: Please contact your Juniper Networks representative about the availability of Vulnerability Manager, Risk Manager, Data Nodes, and X-Force. Table 1 on page 2 shows the new features of and enhancements to Juniper Secure Analytics (JSA) for the 2014.5 release. Table 1: New Feature/Enhancement Descriptions New Feature/Enhancement Description Risk Manager JSA Risk Manager is an appliance that is used to monitor device configurations, simulate network changes, and prioritize the risks and vulnerabilities in your network. Vulnerability Manager When you install and license Juniper Secure Analytics (JSA) Vulnerability Manager, a vulnerability processor is automatically deployed on your JSA console. The vulnerability processor provides a scanning component by default. If required, you can deploy more scanners, either on dedicated JSA Vulnerability Manager managed host scanner appliances or JSA managed hosts. Data Nodes Data Nodes are plug-n-play and can be added to a deployment at any time. Data Nodes seamlessly integrate with the existing deployment. Data Nodes enable new and existing JSA deployments to add storage and processing capacity on demand as required. X-Force JSA X-Force Threat Intelligence feed provides a real-time list of potentially malicious IP addresses. Use these IP addresses with JSA Platform to identify suspicious activity in your environment. Installing 2014.5 on page 2 Known Issues and Limitations on page 3 Resolved Issues on page 3 Installing 2014.5 To install JSA 2014.5: System Requirements For information about hardware and software compatibility, see the detailed system requirements in the JSA Installation Guide. Installing JSA For installation instructions, see the JSA Installation Guide. Known Issues and Limitations on page 3 Resolved Issues on page 3 2

Known Issues and Limitations Known Issues and Limitations Interfaces swapped for JSA5800 appliance - During setup, the interfaces get swapped; eth0 swaps with eth2 and eth1 swaps with eth3. Workaround: Run the script network_interface_reassignment.pl available at /opt/qradar/bin on each host to re-assign the network interface back to the original configuration and reboot. JSA7500 event processor performance optimization - When log source sends around 30,000 events per second to the JSA7500 event processor, the event starts dropping with warning or error messages. NOTE: The Custom Rule Engine back up and store events without correlation is 30,000 events per second (0% coalescing). When uploading a new or existing dsm extention, you may encounter a 'file not found' error. List of events does not display properly due to html parsing error when you use the Microsoft Internet Explorer 8 web browser. Extra user roles created during patch process. An application error occurs when you save a wincollect log source with a non-existent target destination. Transactions entry or out of memory errors on systems running many shared reports. Security profile management may not display correct log activity results. Certain linux messages for failed login attempts may not parse properly. When receiving events from forescout counteract, certain events may be stored. The JSA ims dsm incorrectly reports the terminal name instead of the user name in type x'56' records. When collecting logs via snare, you may receive a windows security event id 1117 that displays as unknown. When receiving barracuda events, the username field may not be parsed correctly from web login and web logout events. Installing 2014.5 on page 2 Resolved Issues on page 3 Resolved Issues This section describes the issues resolved in JSA 2014.5: 3

Juniper Security Analytics Release Notes JSA Changing the global configuration password may take a long time to complete. Unable to filter on closed offenses. Rule text counters might reset when the rule test loads. The high availability (HA) wizard fails to add a host because the IP address is already defined in the server host table. An error message might display when you apply a fix pack update to your JSA system. Email notifications fail if the configured email address contains a hyphen "-". Changing from the All User role to the Admin user role does not update the event or flow lists displayed on the dashboard table. List of events does not display properly due to HTML parsing error when you use the Microsoft Internet Explorer 8 web browser. Pending automatic updates might install unexpectedly when you update a schedule on the updates window. Unable to create a log source only or network only security profile without both log sources and networks specified. Source and destination asset name columns do not query the hostname component of the asset profile. Modifying a report template might not allow users to change the end date of the report beyond September 16, 2010. Network I/O issues on a managed host might generate an out-of-memory issue on the console. ArielClient contains additional line feed at the end of file. Default quick searches do not show in manage search results, but custom quick searches do. Performing a sort of search results for an in-progress search gives an error. Bulk add of log sources may generate an F5 error in the user interface. Data accumulation and unique count may not be displayed for the Admin user on searches created by non-admin users. Filtering on a custom property that contains the substring "ID:" does not return any results. Incorrect host.token causes external authentication to fire for "SEC" user. Adding custom event properties with certain special characters can cause an exception when filtering. Log activity search shows wrong date when the dashboard graphs haven't fully loaded and View is pressed in Log Activity. DHCPv6 flow traffic being parsed with incorrect event name and low level category. 4

Resolved Issues After an upgrade to JSA 2014.2 Patch 1, new log sources do not automatically get discovered on managed hosts. Ariel right-click API does not work on Ariel properties. Application error in many pages for user with $ in username. Searches that combine high and low category search value filters return incorrect results. X-Force rules trigger even when targeting trusted (non-malicious) domains. Unable to change the language settings as a non-administrator user. 1705 appliances show up as 1701 appliances in the System and License Management screen of the UI. Adding a secondary to a managed host may fail due to /store being busy on the secondary. Assetprofiler errors in qradar.log that refer to messagemarshallerv2. The event processor search filter does not work when setup in rules. Searches and/or reports that contain the column 'source asset name' and are grouped by source IP will return 'none'. IPFIX and NetFlow V9 only reads 16-bit and not 32-bit ASN numbers. JSA software-only installation on customer supplied hardware with xx28 specifications may fail during setup. Reports return different data when run against raw data versus a scheduled/accumulated data report. When logging into the JSA user interface, certain dashboard items show an error message. Rules that use 'include detected event from this attacker from this point forward' are not adding new events to the offense. When applying a log source extension to a log source type, the user interface appears to not apply the change successfully. Offense search 'save criteria' option that contains a 'source network' functions correctly but does not display properly. Newly created JSA dashboards are accessible to all users with the same assigned user role. Unable to load the Log Sources page in the JSA UI after patching from 2013.2 to 2014.x. Rules are no longer associated to offenses after a soft clean SIM is performed. Hostcontext service does not automatically restart after daylight savings time change. Empty plug-ins option on Admin tab in the JSA user interface. SNMP daemon is not enabled on high availability secondary. 5

Juniper Security Analytics Release Notes The remove item option from within a time series graph does not always work as expected in Google Chrome web browser. JSA data backups might fail to run successfully on managed hosts. The Ariel rightclick.properties API drops the '\' or '$' characters in event properties. Filtered network activity searches may return unexpected results. Silent installs do not work in JSA 2014.4. An 'application error' pop up window occurs when creating a flow rule that tests against reference table data. Applying JSA patch.sfs fails on high availability secondary. An error message appears when attempting to disable or delete a rule in JSA. Time zone data displayed within JSA is not accurate for some time zones. Saved searches with special characters causes dashboards to disappear. When dashboards are added to user roles, those users will no longer see the default dashboards. Identity hostname is being populated by username in offense. QFlow crashes if packet source adaptor is disabled. Unable to restore config backup for non-english UI. Event processor filter in advanced query and RestAPI queries all event processors when specifying a specific event processor. 'Error: null value in column' when adding a new admin user account with external authentication and no password is entered. Response time when configuring a log source is very slow when using with Google Chrome. Ariel error when filtering on a sorted, aggregated column. Deleting reference sets used in rules fails, but doesn't warn why. Re-editing report description shows HTML </br>. Dashboard legends bleeding HTML code in tooltip. DSM jar files are not being properly restored from a config backup. Domain does not work as a search filter when using the JSA advanced search functions. An error message occurs when a log or network activity search is performed. RestAPI events are displaying as 'unknown' events. System notification error 'Out of memory discovered for hostcontext' during backup process. 6

Feedback NullPointerException in JSA log files caused by an invalid regular expression (regex) in a rule search filter test. The /store/transient partition does not get re-mounted after performing a factory re-install using the 2014.4 ISO image. Installing 2014.5 on page 2 Known Issues and Limitations on page 3 Feedback We encourage you to provide feedback, comments, and suggestions so that we can improve the documentation. You can provide feedback by using either of the following methods: Online feedback rating system On any page at the Juniper Networks Technical site at http://www.juniper.net/techpubs/index.html, simply click the stars to rate the content, and use the pop-up form to provide us with information about your experience. Alternately, you can use the online feedback form at http://www.juniper.net/techpubs/feedback/. E-mail Send your comments to techpubs-comments@juniper.net. Include the document or topic name, URL or page number, and software version (if applicable). Revision History February 2016 Revision 1, for JSA Release 2014.5 All rights reserved. Juniper Networks, Junos, Steel-Belted Radius, NetScreen, and ScreenOS are registered trademarks of Juniper Networks, Inc. in the United States and other countries. The Juniper Networks Logo, the Junos logo, and JunosE are trademarks of Juniper Networks, Inc. All other trademarks, service marks, registered trademarks, or registered service marks are the property of their respective owners. Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice. 7

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information