Symantec Security Information Manager Technical News Bulletin
August LiveUpdates 2013
Overview
Symantec has released collector LiveUpdate packages for the following collectors and sensors:
This release contains update to the following Collectors divided in two categories:
LU released for Customer reported defect fixes only:
· Symantec Event Collector 4.4 for Cisco ASA
° Fixed: Cisco ASA 4.4: Incorrect Event date when log is received via syslog forwarder
° Fixed: when logging timestamp is present it should be used as event_dt
· Symantec Event Collector 5.0 for Cisco IOS / IDS and Firewall
° Fixed: Cisco IOS plugin for host may have issues
· Symantec Event Collector 5.0 for F5 Big IP
° Fixed: Error loading plugin when installing F5 Big-IP Security Collector 5.0 on SSIM 4.7.1 agent
· Symantec Event Collector 5.0 for McAfee Secure Web Gateway
° Fixed: McAfee Secure Web Gateway: collector does not validate IP fields contain IP addresses
° Fixed: Logs with no textual vendor_severity result in severity (mandatory field) missing
° Fixed: Collector logs error messages into UCF file
· Symantec Event Collector 4.4 for Microsoft DNS
° Fixed: Microsoft DNS shows some events with an Original Event date 12 hours prior to logged at date
· Symantec Event Collector 4.4 for Microsoft Exchange
° Fixed: Microsoft Exchange MT Event Collector 449 AllWin RHEL345 SPARC8910 EN incorrectly displays the date
· Symantec Event Collector 4.4 for Oracle DB Collector
° Fixed: Intrusion Action ID is not mapped correctly
° Fixed: option12_type is mis-spelt as Priveleges instead of Privileges
° Fixed: Option 9 is not parsed after June 2013 LU
· Symantec Event Collector 5.0 for Palo Alto Firewall
° Fixed: Palo Alto NGFW: many virus event IDs are incorrectly mapped to symc_network_intrusion
· Symantec Event Collector 5.0 for Symantec Endpoint State
° Fixed: SEP State has problems with last position
· Symantec Event Collector 5.0 for Symantec Mail Security for SMTP
° Fixed: The Part Name field is not populated with some events
· Symantec Event Collector 4.4 for Unix Syslog
° Fixed: Unix Syslog needs translation for SSH "User authorized by public key"
° Fixed: Unix Syslog needs translation for "sshd2" events