Live Updates released for Symantec Security Information Manager (SSIM) Collectors - February 2013

book

Article ID: 157704

calendar_today

Updated On:

Products

Security Information Manager

Issue/Introduction

You would like to review which SSIM Collectors LiveUpdate packages were released February 2013. 

Note: You must update your Java LiveUpdate to Jave LiveUpdate v3.7.7 or better before downloading Live Updates for Collectors

Note if using LiveUpdate Administrator you must update to LUA 2.3.2 or newer to download SSIM v5.0 and newer collector Live Updates

 

 

Resolution

February 2013, Symantec has released collector LiveUpdate packages for the following collectors:  

 Overview

Symantec has released collector LiveUpdate packages for the following collectors and sensors:  

a.     Symantec Event Collector for Cisco ASA 5.0

1.     Fixed some %ASA-6-302014 but not all are missing IP Source or address or ports

b.    Symantec Event Collector for Juniper VPN  4.3

1.     Fixed: Juniper VPN Event Collector v4.3.7 collector mapping localhost/127.0.0.1 in Collection device IP/hostname

c.     Symantec Event Collector for Microsoft DHCP Server 4.3

1.     Fixed:  MS DHCP collector generating "No event_id in the hash map." in the header lines of the log file.

d.    Symantec Event Collector for Tipping Point IPS 4.4

1.     Fixed:  IPv6 address are not getting translated properly

2.     Fixed:  logging_device_name is populated incorrectly

3.     Fixed:  Network protocol id and network protocol missing for some events

4.     Fixed:  source_ip and source_host_name is incorrectly populated as 0.0.0.0

5.     Fixed:  Event date field is not getting populated for the particular event

6.     Fixed:  Change in SES - Processor -"Extract vendor_code from last four digits" for Five digit vendor code

7.     Fixed:  Mandatory field "Rule" missing in symc_network_intrusion and symc_host_intrusion event classes

8.     Fixed:  symc_device_action populated with value “203-Intrusion_Blocked” even though packet is “Allowed/Permitted”.

9.     Fixed:  vendor_code incorrectly populated in Non-SMS-managed IPS events(ALTv5) and Non-SMS-managed IPS events(BLKv5)

10.  Fixed:  Mandatory field logging_device_ip is missing.

e.     Symantec Event Collector for Trend Micro Control Manager 4.3

1.     Fixed:  Not mapping Source Host Name

f.      Symantec Event Collector for VMware ESX 4.4

1.     Fixed:  symc_device_action=1027203,1027204 is not in the requirement list for network intrusion 

2.     Fixed:  network protocol is missing in network intrusion event

g.    Collector Framework 2.5

1.     Fixed:  Sensor version is in the collector log but seqnum is not

h.    Collector Framework 5.0

1.     Fixed:  Useless event spamming the sesa-agent.log

2.     Fixed:  Translated_src_num_ip and translated_dest_num_ip fields are not populated