Live Updates released for Symantec Security Information Manager (SSIM) Collectors - August 2013

Article Id: 158490
Status: Published
Updated On: 07-10-2013 08:53
Legacy Id: TECH211313
Products:
Security Information Manager
Issue/Introduction:

You would like to review which SSIM Collectors LiveUpdate packages were released August 2013. 

Note: You must update your Java LiveUpdate to Jave LiveUpdate v3.7.7 or better before downloading Live Updates for Collectors

Note:If using LiveUpdate Administrator you must update to LUA 2.3.2 or newer to download SSIM v5.0 and newer collector Live Updates

 

 

Resolution:

Symantec Security Information Manager Technical News Bulletin
 
August LiveUpdates 2013
 
Overview
Symantec has released collector LiveUpdate packages for the following collectors and sensors:
 
This release contains update to the following Collectors divided in two categories:
LU released for Customer reported defect fixes only:
 
·         Symantec Event Collector 4.4 for Cisco ASA
°          Fixed: Cisco ASA 4.4: Incorrect Event date when log is received via syslog forwarder
°          Fixed: when logging timestamp is present it should be used as event_dt
·         Symantec Event Collector 5.0 for Cisco IOS / IDS and Firewall
°          Fixed: Cisco IOS plugin for host may have issues
·         Symantec Event Collector 5.0 for F5 Big IP
°          Fixed: Error loading plugin when installing F5 Big-IP Security Collector 5.0 on SSIM 4.7.1 agent
·         Symantec Event Collector 5.0 for McAfee Secure Web Gateway
°          Fixed: McAfee Secure Web Gateway: collector does not validate IP fields contain IP addresses
°          Fixed: Logs with no textual vendor_severity result in severity (mandatory field) missing
°          Fixed: Collector logs error messages into UCF file
·         Symantec Event Collector 4.4 for Microsoft DNS
°          Fixed: Microsoft DNS shows some events with an Original Event date 12 hours prior to logged at date
·         Symantec Event Collector 4.4 for Microsoft Exchange
°          Fixed: Microsoft Exchange MT Event Collector 449 AllWin RHEL345 SPARC8910 EN incorrectly displays the date
·         Symantec Event Collector 4.4 for Oracle DB Collector
°          Fixed:  Intrusion Action ID is not mapped correctly
°          Fixed: option12_type is mis-spelt as Priveleges instead of Privileges
°          Fixed: Option 9 is not parsed after June 2013 LU
·         Symantec Event Collector 5.0 for Palo Alto Firewall
°          Fixed: Palo Alto NGFW: many virus event IDs are incorrectly mapped to symc_network_intrusion
·         Symantec Event Collector 5.0 for Symantec Endpoint State
°          Fixed: SEP State has problems with last position
·         Symantec Event Collector 5.0 for Symantec Mail Security for SMTP
°          Fixed: The Part Name field is not populated with some events
·         Symantec Event Collector 4.4 for Unix Syslog
°          Fixed: Unix Syslog needs translation for SSH "User authorized by public key"
°          Fixed: Unix Syslog needs translation for "sshd2" events