Live Updates released for Symantec Security Information Manager (SSIM) Collectors - August 2013

book

Article ID: 158490

calendar_today

Updated On:

Products

Security Information Manager

Issue/Introduction

You would like to review which SSIM Collectors LiveUpdate packages were released August 2013. 

Note: You must update your Java LiveUpdate to Jave LiveUpdate v3.7.7 or better before downloading Live Updates for Collectors

Note:If using LiveUpdate Administrator you must update to LUA 2.3.2 or newer to download SSIM v5.0 and newer collector Live Updates

 

 

Resolution

Symantec Security Information Manager Technical News Bulletin
 
August LiveUpdates 2013
 
Overview
Symantec has released collector LiveUpdate packages for the following collectors and sensors:
 
This release contains update to the following Collectors divided in two categories:
LU released for Customer reported defect fixes only:
 
·         Symantec Event Collector 4.4 for Cisco ASA
°          Fixed: Cisco ASA 4.4: Incorrect Event date when log is received via syslog forwarder
°          Fixed: when logging timestamp is present it should be used as event_dt
·         Symantec Event Collector 5.0 for Cisco IOS / IDS and Firewall
°          Fixed: Cisco IOS plugin for host may have issues
·         Symantec Event Collector 5.0 for F5 Big IP
°          Fixed: Error loading plugin when installing F5 Big-IP Security Collector 5.0 on SSIM 4.7.1 agent
·         Symantec Event Collector 5.0 for McAfee Secure Web Gateway
°          Fixed: McAfee Secure Web Gateway: collector does not validate IP fields contain IP addresses
°          Fixed: Logs with no textual vendor_severity result in severity (mandatory field) missing
°          Fixed: Collector logs error messages into UCF file
·         Symantec Event Collector 4.4 for Microsoft DNS
°          Fixed: Microsoft DNS shows some events with an Original Event date 12 hours prior to logged at date
·         Symantec Event Collector 4.4 for Microsoft Exchange
°          Fixed: Microsoft Exchange MT Event Collector 449 AllWin RHEL345 SPARC8910 EN incorrectly displays the date
·         Symantec Event Collector 4.4 for Oracle DB Collector
°          Fixed:  Intrusion Action ID is not mapped correctly
°          Fixed: option12_type is mis-spelt as Priveleges instead of Privileges
°          Fixed: Option 9 is not parsed after June 2013 LU
·         Symantec Event Collector 5.0 for Palo Alto Firewall
°          Fixed: Palo Alto NGFW: many virus event IDs are incorrectly mapped to symc_network_intrusion
·         Symantec Event Collector 5.0 for Symantec Endpoint State
°          Fixed: SEP State has problems with last position
·         Symantec Event Collector 5.0 for Symantec Mail Security for SMTP
°          Fixed: The Part Name field is not populated with some events
·         Symantec Event Collector 4.4 for Unix Syslog
°          Fixed: Unix Syslog needs translation for SSH "User authorized by public key"
°          Fixed: Unix Syslog needs translation for "sshd2" events