LogLogic Release Notes for Security Event Viewer and Security Event Manager, v3.5.0



Similar documents
Symantec Security Information Manager Version 4.7

Plugin Name. X N/A sudo X Antivirus Avast avast X GFI Security gfi X McAfee mcafee X mcafee-epo

RSA envision. Supported Event Sources. Vendor Device Collection Method. Vendor Device Collection Method. Vendor Device Collection Method

ArcSight Supports a Wide Range of Security Relevant Products

Tripwire Log Center PRODUCT BRIEF HIGH PERFORMANCE LOG AND EVENT MANAGEMENT FOR SECURITY AND COMPLIANCE

Vendor/Product Log Format Analyzer Standard. Analyzer Premium & Analyzer Giga

Supported Log File Formats

TIBCO LogLogic. SOX and COBIT Compliance Suite Quick Start Guide. Software Release: December Two-Second Advantage

HawkEye AP Log Adapter List Updated January 2014

CiscoWorks SIMS(Netforensics)

og 4 NET A SureL 201

HawkEye AP Log Adapter List Updated January 2016

TIBCO LogLogic. HIPAA Compliance Suite Quick Start Guide. Software Release: December Two-Second Advantage

List of Supported Systems & Devices

TRIPWIRE LOG CENTER HIGH PERFORMANCE LOG AND SECURITY EVENT MANAGEMENT FOR SECURITY AND COMPLIANCE

REQUEST FOR PROPOSAL ACQUISITION & IMPLEMENTATION OF CENTRALIZED LOG MANAGEMENT SYSTEM

Secure Your Operations through NOC/SOC Integration

Supported Devices (Event Log Sources)

Detecting a Hacking Attempt

JUNIPER NETWORKS STRM TECHNICAL NOTE

Total Protection for Enterprise-Advanced

Reference Guide. Skybox View Revision: 11

Log Correlation Engine 4.2 Architecture Guide. October 3, 2013 (Revision 2)

Log Correlation Engine 4.6 Quick Start Guide. January 25, 2016 (Revision 2)

TIBCO LogLogic Unity Quick Reference Guide Concepts

Release Notes ArcSight SmartConnector

IBM Security QRadar SIEM Version MR1. Log Sources User Guide

Security Correlation Server Quick Installation Guide

Measurably reducing risk through collaboration, consensus & practical security management CIS Security Benchmarks 1

Deployment Guide. Websense Web Security Websense Web Filter. v7.1

Security Correlation Server Quick Installation Guide

Product Guide Revision A. McAfee Web Reporter 5.2.1

A CrossTec Corporation. Instructional Setup Guide. Activeworx Security Center Quick Install Guide

McAfee Total Protection Service Installation Guide

Measurably reducing risk through collaboration, consensus & practical security management CIS Security Benchmarks 1

Juniper Security Threat Response Manager (STRM) Mikko Kuljukka COMPUTERLINKS Oy

TECHNOLOGY INTEGRATION GUIDE

Heroix Longitude Quick Start Guide V7.1

TECHNOLOGY INTEGRATION GUIDE

CimTrak Technical Summary. DETECT All changes across your IT environment. NOTIFY Receive instant notification that a change has occurred

Table Of Contents INTRODUCTION About Firewall Analyzer... 5 Release Notes... 6 Supported Firewalls... 9 INSTALLATION AND SETUP...

DEPLOYMENT GUIDE. Websense Enterprise Websense Web Security Suite TM. v6.3.1

Audit and Control of Enterprise Vulnerability Management. Grant Johnson, Technical Account Manager

Professional Integrated SSL-VPN Appliance for Small and Medium-sized businesses

INTEGRATION GUIDE TECHNOLOGY INTRODUCTION NETWORK DEVICES AND INFRASTRUCTURE

LOG CENTER SECURITY INTELLIGENCE MADE SIMPLE

Getting Started in Red Hat Linux An Overview of Red Hat Linux p. 3 Introducing Red Hat Linux p. 4 What Is Linux? p. 5 Linux's Roots in UNIX p.

Where can I install GFI EventsManager on my network?

Kaspersky Endpoint Security 10 for Windows. Deployment guide

Advanced Linux System Administration Knowledge GNU/LINUX Requirements

WatchGuard Training. Introduction to WatchGuard Dimension

National Information Assurance Partnership

OWASP Logging Project - Roadmap

Where can I install GFI EventsManager on my network?

Full version is >>> HERE <<<

Quick Setup Guide. 2 System requirements and licensing Kerio Technologies s.r.o. All rights reserved.

Novell Sentinel Log Manager

Configuration Audit & Control

McAfee Network Security Platform 8.2

MANAGED SERVICES. Remote Monitoring. Contact US: millenniuminc.com

Detailed Features. Detailed Features. EISOO AnyBackup Family 1 / 19

Tivoli Endpoint Manager for Remote Control Version 8 Release 2. User s Guide

v7.8.1 Release Notes for Websense Web Security

IBM Security QRadar SIEM Version MR1. Vulnerability Assessment Configuration Guide

Release Notes for Websense Security v7.2

Installation Guide. Sentinel Log Manager July 2014

Supported Data & Log Sources

ACE Management Server Deployment Guide VMware ACE 2.0

Table Of Contents INTRODUCTION About Firewall Analyzer... 3 Release Notes... 4 Supported Firewalls... 6 INSTALLATION AND SETUP...

OnCommand Performance Manager 1.1

Secospace elog. Secospace elog

Pre-Installation Notes & Checklist for LISTSERV Maestro

YOUR NETWORK SECURITY WITH PROACTIVE SECURITY INTELLIGENCE

Upgrade to Webtrends Analytics 8.7: Best Practices

Pulse Connect Secure. Supported Platforms Guide. Product Release 8.1. Document Revision 3.0 Published:

Contents. Platform Compatibility. GMS SonicWALL Global Management System 5.0

Peter Dulay, CISSP Senior Architect, Security BU

Pulse Connect Secure. Supported Platforms Guide. Product Release 8.0. Document Revision 2.0 Published:

VMware Identity Manager Connector Installation and Configuration

Adaptive Log Exporter Users Guide

Symantec Security Information Manager User Guide

DocuShare Installation Guide

IBM Security SiteProtector System Configuration Guide

Select the right security information and event management solution to automate security and compliance operations.

StruxureWare TM Center Expert. Data

How To Set Up A Firewall Enterprise, Multi Firewall Edition And Virtual Firewall

Netwrix Auditor for Windows Server

Utility Modernization Cyber Security City of Glendale, California

PCI DSS Best Practices with Snare Enterprise Agents PCI DSS Best Practices with Snare Enterprise Agents

Agency Pre Migration Tasks

mbits Network Operations Centrec

Sage Grant Management System Requirements

GFI Product Manual. Deployment Guide

Verax Service Desk Installation Guide for UNIX and Windows

To read more Linux Journal or start your subscription, please visit

Deployment Guide. Websense Web Security Websense Web Filter

Installation and Configuration Guide for Windows and Linux

Information Security Measures and Monitoring System at BARC. - R.S.Mundada Computer Division B.A.R.C., Mumbai-85

Joshua Beeman University Information Security Officer October 17, 2011

Transcription:

LogLogic Release Notes for Security Event Viewer and Security Event Manager, v3.5.0 LogLogic Security Event Viewer and Security Event Manager offer scalable and comprehensive data security assistance monitoring for organizations challenged by the complexity of modern IT infrastructures. Security Event Viewer and Security Event Manager are designed to continuously protect the most valuable business assets: core systems and the intellectual property they hold. This document lists functionality changes and bug fixes in Security Event Viewer version 3.5.0 and Security Event Manager version 3.5.0. Note: For changes to the Release Notes after the initial release, see http://www.loglogic.com/services/support/ New Features... 2 Bug Fixes and Enhancements... 3 Standard Content... 5 Bug Fixes and Enhancements... 5 Supported Products by SEV/SEM... 6 New Supported Products... 6 Bug Fixes and Enhancements... 6 Supported Product List... 8 SEV/SEM Appliances...10 Appliances Description...10 Software Requirements...11 Log Collector Requirements...11 Web Console Requirements...11 Upgrading to SEV/SEM v3.5.0...11 Known Limitations...11 Documentation...12 SEV/SEM Documentation...12 Devices Specific Documentations...13 Technical Support...14 LL1001600E03500000 January 2011 1

New Features New Web Console style In order to provide users with uniformity and visual continuity for both LMI and SEM GUIs, the SEM Web Console style has been improved: new Color palette, improved Web Console layout, new log in and loading pages, improved forms layout, new Online Help design. LL1001600E03500000 January 2011 2

Bug Fixes and Enhancements Log Collection ID # Summary Support # #8629 The option "add log source host as target" now works as expected with a Solaris Log Source file #8685 Collection policy on WELF log source works now as expected #9061 All log collectors configured with the communication mode "Server Log Collector" now work as expected after a restoration Engines ID # Summary Support # #8430 Correlation rules on distinct field values are correctly saved in database #8626 Correlation rules using else/or conditions now works as expected #8649 The correlation alert triggered threshold now works as expected #8974 The Incident Send communication process has been corrected according to the specified WSDL file #9134 The SOAP communication environment has been updated (use of uniform resource name and not static URL) #9304 Grouping on undefined values in scenarios now works as expected Web Console ID # Summary Support # #6446 The creation and deletion of configuration profiles now works as expected #8054 In the event list, modifying the column type does not reset filters any longer #8344 #8409 The Alerts / Events / Incidents tab refresh now works as expected #8645 The edition of a rule in the scenario creation does not change the general order of the rules anymore #8648 The filter on "creation date: last 24h" is not reset any more to "creation date: last hour" when sorted by "last updated" #8682 The online documentation for the "External Server" section is now available #8693 During the host creation/edition, the host name can begin by a numeric character #8758 The copy of a live reporting table does not generate a blank table, whose name is not supported by the database #8774 Upload license on Internet Explorer 8 now works as expected LL1001600E03500000 January 2011 3

#8800 Auto refresh (server time) is now correctly effective for Internet Explorer 7 and 8 #9157 A confirmation message is displayed before deleting archives file in the Web Console #9176 Incidents now include aggregated events attributes 25599 #9321 Incidents tab now refreshes as expected Security Dashboards ID # Summary Support # #9109 Reports can now be correctly ordered by detect time LL1001600E03500000 January 2011 4

Standard Content Bug Fixes and Enhancements Correlation Rules ID # Summary Support # #8575 Corrected ontology in the "Threshold Control User" rule #9327 The "Segregation of duties violation" scenario now works as expected Reporting Policy ID # Summary Support # #8576 Corrected taxonomy for the live reporting rule "Asset Availability" Other ID # Summary Support # #8846 GeoIP database has been updated #9147 For new installed SEM 3.5 version, default password has been changed: root shell account: pwd="logapp" Admin shell account: pwd="logapp" Web Console superadmin account: pwd="admin" In case of a SEM 3.5 upgrade, no password will be changed. LL1001600E03500000 January 2011 5

Supported Products by SEV/SEM New Supported Products ID # Vendor Product Support # #9100 CheckPoint All Products through LMI #9017 ASA 8.2 & 8.3 #9181 #9120 IPS (SDEE) #8999 Fortinet Fortigate v3 & v4 #8880 Juniper IDP through LMI #9112 LogLogic Database Security Manager 9111 McAfee epo through LMI #9153 Exchange 2007 #8878 Nortel Nortel Contivity through LMI #9151 Oracle Oracle DB through LMI (9, 10, 11) #8696 Palo Alto Networks Firewall #8681 Solaris BSM #9015 Trend Micro TMCM through LMI Bug Fixes and Enhancements ID # Vendor Product Support # #6367 BlueCoat BlueCoat SG #7013 CheckPoint CheckPoint OPSec #6917 #8973 CheckPoint FW1 SFDC 22969 #7963 ACS #9202 ASA #8830 #9220 FWSM #9247 IronPort #8832 VPN #8627 ClamAV ClamAV LL1001600E03500000 January 2011 6

#9222 #8686 #8675 #9232 Intersect alliance Windows Snare #8534 Juniper Juniper Secure Access #8580 #8643 Juniper NetScreen OS v6 #9171 LogLogic LMI #8584 LogLogic SEM (SMP Monitoring) #6209 #6582 #6607 #7009 #7054 #8659 #8695 Windows (All workstation versions) Windows 2003 Server #8504 #6734 #8638 #7236 #9262 Windows 2008 Server #8691 Oracle DB Oracle convertor #8642 Oracle Oracle audit trail 9, 10, 11 #8687 Solaris Solaris 8910 LL1001600E03500000 January 2011 7

Supported Product List Vendor Product Vendor Product Anti virus/spyware/spam Apache Spamassassin Blue Coat Blue Coat ProxyAV Ironport Mail Security ClamAV ClamAV Clearswift Mimesweeper For SMTP DB Clearswift Mimesweeper For SMTP Log Clearswift Mimesweeper For WEB FSecure Policy Manager Sophos Puremessage Norton Antivirus Antivirus TrendMicro Interscan Viruswall TrendMicro Trend Micro SPS sytem Authentication server ActivIdentity Activpack v4 ActivIdentity Activpack v6.3 ActivIdentity Activpack v6.5 ACS Csv ACS Syslog Cistron Radius EMC Rsa Ace server EMC Rsa Ace WMI EMC Rsa Securid linux Internet Authentication Service Novell Novell edirectory Utimaco Safeguard Business application Centralized management Ntsyslog Arkoon Arkoon DB Arkoon Arkoon DB v3 Arkoon Arkoon DB v4 Arkoon Arkoon Syslog Intrusion.com Securenet Provider ISS SiteProtector SP4 ISS SiteProtector SP5 ISS SiteProtector SP6 ISS SiteProtector SP7 Juniper Netscreen Security Manager v2004 LogLogic Security Change Manager McAfee Epolicy Orchestrator Operation Management Nagios Nagios TrendMicro Trend Micro Control Manager Webmin Webmin Database services Ms sql Ms sql Operational Loglogic Database Security Manager (DSM) Oracle Oracle DB Sourcefire Sourcefire3D isc.org Domain Name System (DNS) File server Bind Vsftpd NetApp Netapp ProFTPD ProFTPD Wuftpd Wuftpd honeyd.org 3Com Enterasys Enterasys Enterasys ForeScout Intrusion.com ISS Juniper McAfee McAfee Niksun Samhain Sentry Tools Snort Snort Snort Tripwire Tripwire LogLogic LogLogic LogLogic Honeypot Honeyd Intrusion Detection System (IDS) / Intrusion Prevention System (IPS) Log management TippingPoint CSA v45 CSA v52 CSA v60 IPS (SDEE) Dragon IDS v7_0 Dragon IDS v7_1 Dragon IDS v7_2 Activescout Securenet Sensor Realsecure wgm Netscreen IDP Entercept Intrushield Netdetector Samhain Portsentry Snort Snort DB Winsnort Client Security Endpoint Protection Network Security Tripwire Tripwire Entreprise LMI SMP SMP Relay Messaging services Imapd Ciphertrust IronMail couriermta.org Courier MTA Eudora Qpopper GNU Exim Inter7 Vpopmail Lotus Lotus Domino Exchange Postfix Postfix sendmail.org Sendmail TrendMicro Interscan Messaging Security Suite Directory services LL1001600E03500000 January 2011 8

Vendor Product Vendor Product Network device Aruba Aruba Wireless Access Point Check Point Check Point Internal Log CSS FWSM Router Switch VPN VPN IOS compat Cyberguard Cyberguard Draytek Vigor F5 Bigip Juniper Juniper Secure Access Juniper Netscreen Juniper Netscreen v6 Linksys Wap11 Lucent Brick Nortel Alteon Web Switch Nortel Contivity Nortel Nortel Alteon Nortel Nortel switch Nortel Nortel VPN gateway StoneSoft Stonegate Zyxel Zywall Zyxel Zyxel Operating System Ipchains Breach Security Modsecurity FreeBSD FreeBSD Grsecurity Grsecurity HP HP UX HP Tru64 IBM Aix IBM Tivoli Directory Server Intersect alliance Windows 2000 server snare Intersect alliance Windows 2000 workstation snare Intersect alliance Windows 2003 server snare Intersect alliance Windows 2008 server snare Intersect alliance Windows all snare Intersect alliance Windows Vista workstation snare Intersect alliance Windows XP workstation snare Linux Linux Internet Connection Firewall Windows 2000 server Windows 2000 workstation Windows 2003 server English Windows 2003 server French Windows 2008 server English Windows 2008 server French Windows Vista English Windows Vista French Windows XP English Windows XP French Netfilter Netfilter Nokia IPSO Sun Solaris Sun Solaris BSM Squid Squid Sun TrendMicro TrendMicro WebSense WebSense Astaro Astaro Barracuda Check Point Check Point Fortinet PaloAlto Networks NetASQ NetASQ NetASQ NetASQ Sonicwall Remote desktop Internet Security Acceleration v2004 Squid Squidguard Iplanet Interscan Web Security Suite Linux v2 Interscan Web Security Suite Windows v2 Websense v5 Websense v6 PCanywhere Unified Threat Management (UTM) Virtualization Criston ISS ISS McAfee Qualys Tenable Security Apache APC APC Astaro v4 Astaro v5 Barracuda Check Point Pointsec Protector ASA PIX Fortigate Firewall Netasq Alarm v6 Netasq Connection v6 Netasq Filter v6 Netasq v5 Sonicwall Gateway Security v2 Gateway Security v3 Vulnerability scanner Web server Other Criston VM Internet Security Scanner v6 Internet Security Scanner v7 Foundstone QualysGuard Nessus Apache Internet Information Services NCSA Internet Information Services W3C Internet Information Services W3C v3 APC EMU APC UPS Products also supported through LogLogic LMI are underlined in green Proxy / Reverse proxy Beeware Blue Coat Deny ALL F5 Ingrian McAfee I Sentry Blue Coat ProxySG Rweb Appshield Ingrian WebShield Internet Security Acceleration v2000 FW LL1001600E03500000 January 2011 9

SEV/SEM Appliances Appliances Description 3 rd Gen Appliances SEM 1060 SEM 3060 SEM 4060 Rack Format 1U 2U 2U Processor(s) Type E5520 E5520 X5570 Total Core # 4 8 8 RAM (GB) 6 12 24 Max. EPS (remote Log Collector) 1 500 3 000 5 000 Max. Instances 1 1 2 Archive Storage (GB) 33 66 100 Online Storage (GB) 300 600 850 LL1001600E03500000 January 2011 10

Software Requirements Log Collector Requirements The Log Collector can be installed on the following platforms, with at least 100 MB of disk space available: Windows 2000 (SP4, Windows installer 3.1 or later) x86 (32bit). Windows 2003/2008/XP/Vista x86 (32bit) or x86_64 (64bit). Linux with kernel 2.4 or later (e.g. Red Hat EL 3 or later) x86 (32bit) or x86_64 (64bit). Solaris 8 or later. Aix 5.2 or later. Web Console Requirements The Web Console can be used with the following web browsers: Internet Explorer 7.0 or higher. Mozilla Firefox 3.0.0 or higher. Hosts running the Web Console must have at least: 1 GB of RAM. 1024x768 resolutions. 1 GHz 32bit (x86) or 64bit (x64) processor. Upgrading to SEV/SEM v3.5.0 To upgrade to LogLogic Security Event Viewer and Security Event Manager 3.5.0, please refer to the User Guide section 9, Updating the SMP Server. SEV/SEM User Guide and all other 3.5.0 documentations are available on our Support Center web site: http://www.loglogic.com/services/support Known Limitations After an upgrade to SEV/SEM v3.5.0, please clear your web browser cache to avoid a display issue. LL1001600E03500000 January 2011 11

Documentation You can find the complete set of user documentation gathering all product guides on: LogLogic SEM installation DVD http://www.loglogic.com/services/support SEV/SEM Documentation File Name Status AdministrationGuide SEMen.pdf Updated ConceptsGuide SEMen.pdf Updated LogCollectorInstallationGuideSEMen.pdf ReferenceGuide SEMen.pdf SMPInstallationGuideSEMen.pdf Updated UserGuide SEMen.pdf Updated Online Help Updated LL1001600E03500000 January 2011 12

Devices Specific Documentations File Name Status workingwithactivpack.pdf workingwithbluecoatsg.pdf workingwithcheckpoint.pdf workingwithciscoids.pdf Updated workingwithciscoioscatos.pdf workingwithciscopixasa.pdf workingwithenterasysdragon.pdf workingwithexchange.pdf New workingwithfortinetfortigate.pdf workingwithinternetinfoservices.pdf workingwithironport.pdf New workingwithissrealsecure.pdf workingwithisssecurityscanner.pdf workingwithisssiteprotector.pdf workingwithlotusnotes.pdf workingwithmcafeeentercept.pdf workingwithmcafeeepo.pdf workingwithmcafeeintrushield.pdf workingwithmicrosoftisa.pdf workingwithmicrosoftom.pdf workingwithmimesweeper.pdf workingwithnokia.pdf workingwithoracle.pdf New workingwithrsa.pdf workingwithsnarewindows.pdf workingwithsnort.pdf workingwithtrendiwsswindows.pdf workingwithtrendmcm.pdf workingwithwebsense.pdf workingwithwindows.pdf LL1001600E03500000 January 2011 13

Technical Support Customers may reach the LogLogic support team by: Telephone: Toll Free: 1800957LOGS US Local: 14088347480 EMEA or APAC: + 44 (0) 207 1170075 or +44 (0) 8000 669970 Email: support@loglogic.com Support Website: http://www.loglogic.com/services/support LL1001600E03500000 January 2011 14

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information