Live Updates released for Symantec Security Information Manager (SSIM) Collectors - June 2012

book

Article ID: 156778

calendar_today

Updated On:

Products

Security Information Manager

Issue/Introduction

You would like to review which SSIM Collectors LiveUpdate packages were released June 2012. 

Note: You must update your Java LiveUpdate to Jave LiveUpdate v3.7.7 or better before downloading Live Updates for Collectors

 

 

Resolution

June 2012, Symantec has released collector LiveUpdate packages for the following collectors: 

Overview

                            

These LiveUpdates are recommended for organizations running the aforementioned collectors or sensors within their environment.

 

Apply these LiveUpdates only to the Information Manager appliances or collector installations running the versions of the software as shipped by Symantec.

 

Please refer to collector manuals on application of LiveUpdates to these products

 

 
Overview
Symantec has released collector LiveUpdate packages for the following collectors and sensors:
 
a.      Backup Exec Collector 4.3 – updated to:
1.      validation rule for media_size field

b.      Cisco Ironport Collector 4.3 - updated to:
1.      added validation rule for data_size field
2.      Fixed symc_device_action=300077x

c.      Forescout Counteract Collector 4.3 – updated to:
1.      Populate source_ip with value of "Source:.." from event.
2.      Discrepancy found in field values generated by LCP and SSIM or CounterACT collector.
3.      Fixed Symc_device_action=300077x

d.      ISS Siteprotector 4.3 - updated to:
1.      Show path and filename that has been changed in a File_Modified event.
2.      The "source_ip" and "destination_ip" will be filled with values containing address in the IP V6 format.

e.      Juniper NSM 4.3 – updated to: 
1.      collector plugin will generate exception error when receiving an invalid message.

f.       Juniper VPN 4.3  – updated to:
1.      Compatibility with Juniper SA SA IVE OS Version 7.0R5 (build 17757)

g.     McAfee EPO V4 4.3 – updated to:        
1.      Cookies now assigned virus_type_id 1237005 (Spyware) instead of 1237013 (Cookie)

h.      Microsoft IIS 4.3 – updated to: 
1.      Now populates event_desc for several events.

i.       Oracle Audit Log 4.3 – updated to:
1.      Oracle audit translator plugin: will now use the translator class' classloader to load the required resource.

j.       Oracle Audit Log 4.4 – updated to:      
1.      Convert the IP address to numeric value: Invalid IP address parameter passed to from IPString"

k.      Oracle DB 4.4 – updated to:
1.      Event_dt field will now have correct value on LOGOFF events.
2.      Query DBA_AUDIT_TRAIL_LOGOFF has corrected the initial beginning query

l.       VMware  vSphere 4.4 – updated to:
1.      Now compatible with for ESX 5.0

m.    Snare 4.4 – updated to:
1.      Client IP Addresses are mapped to IP Address fields
2.      Security:680 has incorrect symc_device_action

n.      Symantec Control Compliance Suite 10 4.4 – updated to:
1.      Check the field value
2.      Some fields are handled from the original event that previously were not

o.      Symantec Control Compliance Vulnerability Manager 4.4      – updated to:
1.      Option to replay CCSVM reports in Offline mode like Qualys
2.      No longer will error reading report from CCSVM with Russian locale
3.      Symantec CCS Vulnerability Manager Event Collector” is now compatible with the new version of the "Symantec CCS Vulnerability Manager".

p.      Websence Web Security 4.4 – updated to:
1.      Collector populates point_product_version with 7.6 for Websense 7.6