May 2013 Symantec Security Information Manager Technical News Bulletin
1. LiveUpdates have been released for collectors
Overview
Symantec has released collector LiveUpdate packages for the following collectors and sensors:
a. Symantec Event Collector for Cisco ACS 5.0
1. Fixed: performance issues in the Sensor to increase EPS
2. Fixed: proxy IP is replaced by agent IP
3. Fixed issue of collector logging to sesa-agent.log and ucf.log about nonfatal events
b. Symantec Event Collector for Cisco IPS 4.4
1. Fixed: Cisco IPS not populating logging device correctly
c. Symantec Event Collector for Microsoft ACS 4.4
1. Fixed: Microsoft ACS collector loosing pointer when database rotates
d. Symantec Event Collector for MS Vista Collector 4.4
1. Fixed: Event ID 65 has incorrect Severity
2. Fixed: Some Options fields are not mapped correctly
e. Symantec Event Collector for MS Vista 5.0
1. Fixed: Option 10 has IPV6 address, added mapping for IPV4 address to Option 25
2. Fixed: MS Vista Collector 5.0 : Event ID 65 has incorrect Severity
f. Symantec Event Collector for Oracle DB 4.4
1. Fixed: Correctly maps IP addresses and instances names for events
g. Symantec Event Collector for Snare 4.3
1. Fixed: Mapping of Windows Event 624 and 720
2. Fixed: Windows Events 529 through 537, 539, and 4625 do not map Source IP correctly
3. Fixed: Windows Event 4770 does not map the Source IP Address
h. Symantec Event Collector for CCS VM 4.4
1. Fixed: CCS VM collector not resolving IP to Hostname for Source Hostname causing some rules to generate false positive
i. Symantec Event Collector for Critical System Protection 4.3
1. Fixed: Vendor Signature not correct when event is from custom policy
j. Symantec Event Collector for Symantec Mail Security for SMTP 5.0
1. Fixed: SMG Collector incorrectly populated proxy and logging device fields
k. Symantec Event Collector for System IAudit
1. Fixed: White spaces in proxy machine name caused issues with mapping of event