EventTracker 9.1 - Release Notes

The EventTracker engineering team continues to monitor changes in operation management, enterprise applications, and regulation compliance standards. Version upgrades are made based on customer feedback and experience in the field, providing you the best solution possible.

EventTracker 9.1 (Build 19)

  • EventTracker Web application vulnerability fixes.
  • Fix for the issue where alert email is not working.
  • Fix for issue where event alert description getting empty for event description size more than 8KB.
  • Fix for issue where Elasticsearch indexer is not considering newly imported Knowledge object.
  • Fix for issue where incorrect Elasticsearch and log search results were displayed when username contained underscore (_) character.
  • Fix for obtaining geo-location details from IPVoid.
  • Fix for the issue where Diagnostics is showing wrong information on Elastic search data.
  • In behavior correlation, dashlets are not displaying, if any of the token is having '\'.
  • Fix for Real-time Log volume data not being displayed in Home page.
  • While modifying the behavior rules it was creating duplicate rules.
  • User activity was not able to process newly found system and where extracted activity name contain hyphen (-) between activity name.
  • Fix for the issue where Event Source was blank in Incidents tabular.
  • Fix for the issue where audit events for Acknowledge and un-acknowledge of incidents were not getting generated.
  • Changed reputation score threshold of reputation authority (Border ware) to greater than 80 and for IPVOID IP address should be blacklisted in 5 or more sources.
  • Updated Privilege Profile menu item and added new Master MSP Admin profile.
  • syslog-relay status in non-reporting events (2063/2008/2007/2006).
  • Enhancements in EventTracker logon session audit events.
  • EventTracker Event id 3523 is updated with signer details.
  • Enabled for ASLR (Address Space Location Randomization) in EventTracker Agent module.
  • Support for installation of SQL Server 2016/2017 through pre-installer.
  • Upgraded Elasticsearch to version 6.3.2.
  • Automatic Configuration of IIS through EventTracker pre-installer.
  • Handling Collection Point system group permissions on Collection Master.
  • 30% improvement in Elasticsearch indexer performance.
  • Index DLA cabs in Elasticsearch based on the configurable flag.
  • Enhancement in Monitor Process for identification of new hash.
  • Enhancements in User management.
  • Agent Enhancement in Log File Monitoring for VMware 6.7 & syslog relay configuration.
  • Enhancement in Tile dashboard.
  • Three tabs - Elastic, Cache and Archives in log search result window.
  • Support for SHA-256 authentication for Checkpoint OPSEC LEA configuration.
  • Added option to specify "event_computer" and "event_source" fields from LFM logs.
  • Added option to specify "event_computer" and group name with DLA extension option "move to reports".
  • Support for 3DES and AES128 algorithms in privacy parameters of SNMP v3 trap receiver.
  • Support for EventTracker where TLS (Transport Layer Security) 1.2 is enabled.
  • Group based Behavior Correlation processing.
  • Support for group level consideration during event correlation.
  • Receiver and Agent changes to extract “event_computer” field from syslog messages.
  • Support to enable/disable syslog relay on sensor from web GUI.
  • New event filter configuration is added in Receiver to send events to offline queue.
  • Allow the user to configure the Risk calculation based on threat level.
  • Export Import of saved searches and user permission in home dashboard.
  • Automatic geolocation lookup of IP address fields in Log Search.
  • Support for subscription-based connection mechanism in TAXII client.
  • Show permalink in Report Dashboard.
  • IBM AS400
  • NTOPNG
  • Sentinel One
  • Saint Security Suite
  • Sophos Central
  • Synology
  • Unifi AP AC pro
  • CB Defense