Live Updates released for Symantec Security Information Manager (SSIM) Collectors - March 2012

book

Article ID: 156167

calendar_today

Updated On:

Products

Security Information Manager

Issue/Introduction

You would like to review which SSIM Collectors LiveUpdate packages were released March 2012. 

Note: You must update your Java LiveUpdate to Jave LiveUpdate v3.7.7 or better before downloading Live Updates for Collectors

 

 

Resolution

 March 2012, Symantec has released collector LiveUpdate packages for the following collectors:

 

Overview

                            

These LiveUpdates are recommended for organizations running the aforementioned collectors or sensors within their environment.

 

Apply these LiveUpdates only to the Information Manager appliances or collector installations running the versions of the software as shipped by Symantec.

 

Please refer to collector manuals on application of LiveUpdates to these products

 

a.      Symantec Event Collector for Arcsight CEF 4.4 – updated to:

1.      Address an issue when collector doesn’t process the last field of the event

2.      Fix incorrect  IP Destination Address populating for some events

3.      More accurately translate messages from Palo Alto Network Firewall

b.      Symantec Event Collector for AirDefense 4.3 – updated to:

1.      More accurately translate New Device Added messages as configuration event

2.      More accurately translate Unsanctioned BSS, BSS and Wireless Client Using the Same Address, Possible Virtual WIFI, New Wired Device Detected Unknown Vendor messages

3.      Address an issue where Logging Device Name incorrectly populated

4.      Fix incorrect Event Type ID for some types of events

5.      Fix translation for License Pool Fully Utilized messages

6.      Change Event Type ID for Air Termination messages

c.      Symantec Event Collector for Blue Coat ProxySG 4.4 - updated to:

1.      Fix an issue with mapping option17 fields instead of IP Destination Host field

d.      Symantec Event Collector for Cisco ASA 4.4 - updated to:

1.      Improve performance

2.      Address an issue when Username field incorrectly mapped for %ASA-4-722051 messages

3.      Fix an issue with getting error for populating Bytes field with too big value

4.      Fix translation for some types of events with IPv6

e.      Symantec Event Collector for ForeScout CounterACT 4.3 - updated to:

1.      Add supporting some types events which were not supported

f.       Symantec Event Collector for Fortinet 4.4 - updated to:

1.      Fixing an issue with dropping Fortimail Statistics events

2.      Address an issue with incorrect translation for one type of IPS events

3.      Address an issue with incorrect translation for one type of Virus events

4.      Fix an issue with getting error for populating Server Inbound Bytes field with too big value

5.      Fix an issue with getting unrecoverable error caused by incomplete event

6.      Fix incorrect  IP Source Address populating for some events

g.      Symantec Event Collector for ISS SiteProtector 4.3 - updated to:

1.      Fix incorrect Event Type ID populating with Generic Base Event for events which have VulnStatus=0

2.      Add parsing for Intrusion Data field

h.      Symantec Event Collector for Juniper VPN 4.3 - updated to:

1.      Address an issue when User Name field was not populated

i.        Symantec Event Collector for McAfee EPO v4 4.3 - updated to:

1.      Add supporting HIP8

2.      Add supporting Audit Events

3.      Fix an issue when CVE ID field was missed from populating

j.        Symantec Event Collector for Juniper NetScreen(R) Firewall 4.4 - updated to:

1.      Address and issue when Intrusion Data was not populated

2.      Add correct translation of IPv6

3.      Fix Vendor Signature mapping

k.      Symantec Event Collector for Palo Alto Networks Firewall 4.4 - updated to:

1.      Fix an issue with incorrect Vendor Device ID populating which caused EMR values not be populated

l.        Symantec LogFile Sensor - updated to:

1.      Introduces new properties to allow the sensor retrying access to the file which is being locked by another process.

m.     Symantec Syslog Sensor - updated to:

1.      Fix an issue when Syslog Sensor crashes with too many files open on Linux

2.      Introduces the new property allowing to configure socket buffet size to improve collector’s performance

3.      Fix an issue when Syslog Sensor didn’t use timed sockets in TCP mode

n.      Symantec Event Collector for Snare for Windows 4.3 - updated to:

1.      Add supporting for Snare 4.0 for Windows Vista/2008/2008 R2/Windows 7

o.      Symantec Event Collector for Symantec Endpoint Protection 4.3 - updated to:

1.      Add changes to avoid SEP database tables locking

2.      Fix an issue when Destination Host Name and Source Host Name were truncated if they contained digits

p.      Symantec Event Collector for Symantec Control Compliance Suite 10 Database 4.4- updated to:

1.      Improve performance

2.      Add populating Event Description field for STDSUM events

q.      Symantec Event Collector for Symantec Critical System Protection 4.3 - updated to:

1.      Fix an issue with incorrect User Name field mapping

2.      Add Audit Events supporting

r.       Symantec Event Collector for Symantec Mail Security 4.3 - updated to:  

1.      Add mapping for FileName field

s.      Symantec Event Collector for Websense Web Security 4.3 - updated to:

1.      Add changes to avoid database tables locking