Live Updates released for Symantec Security Information Manager (SSIM) Collectors - May 2013

book

Article ID: 158026

calendar_today

Updated On:

Products

Security Information Manager

Issue/Introduction

You would like to review which SSIM Collectors LiveUpdate packages were released May 2013. 

Note: You must update your Java LiveUpdate to Jave LiveUpdate v3.7.7 or better before downloading Live Updates for Collectors

Note if using LiveUpdate Administrator you must update to LUA 2.3.2 or newer to download SSIM v5.0 and newer collector Live Updates

 

 

Resolution

May  2013 Symantec Security Information Manager Technical News Bulletin 

1. LiveUpdates have been released for collectors 
Overview
Symantec has released collector LiveUpdate packages for the following collectors and sensors:
 
a.       Symantec Event Collector for Cisco ACS 5.0
1.       Fixed: performance issues in the Sensor to increase EPS
2.       Fixed: proxy IP is replaced by agent IP
3.       Fixed issue of collector logging to sesa-agent.log and ucf.log about nonfatal events
b.       Symantec Event Collector for Cisco IPS 4.4
1.       Fixed: Cisco IPS not populating logging device correctly
c.        Symantec Event Collector for Microsoft ACS 4.4
1.       Fixed: Microsoft ACS collector loosing pointer when database rotates
d.       Symantec Event Collector for MS Vista Collector 4.4
1.       Fixed: Event ID 65 has incorrect Severity
2.       Fixed:  Some Options fields are not mapped correctly
e.       Symantec Event Collector for MS Vista 5.0
1.       Fixed: Option 10 has IPV6 address, added mapping for IPV4 address to Option 25
2.       Fixed: MS Vista Collector 5.0 : Event ID 65 has incorrect Severity
f.        Symantec Event Collector for Oracle DB 4.4
1.       Fixed: Correctly maps IP addresses and instances names for events
g.       Symantec Event Collector for Snare 4.3
1.       Fixed: Mapping of Windows Event 624 and 720
2.       Fixed: Windows Events 529 through 537, 539, and 4625 do not map Source IP correctly
3.       Fixed: Windows Event 4770 does not map the Source IP Address
h.       Symantec Event Collector for CCS VM 4.4
1.       Fixed: CCS VM collector not resolving IP to Hostname for Source Hostname causing some rules to generate false positive
i.         Symantec Event Collector for Critical System Protection 4.3
1.       Fixed: Vendor Signature not correct when event is from custom policy
j.         Symantec Event Collector for Symantec Mail Security for SMTP 5.0
1.       Fixed: SMG Collector incorrectly populated proxy and logging device fields
k.       Symantec Event Collector for System IAudit
1.       Fixed: White spaces in proxy machine name caused issues with mapping of event