Released on : 13 Sep 2018
Applies to Version : 9.0 Build 18
Download

Summary
EventTracker Service Pack 1 for v9.0 Build 18.

Enhancements

  • Export Import of saved searches and user permission in home dashboard.
  • Logsearch engine: change the standard columns to CIM fields name for standard properties.
  • Menu items rearranged.
  • Local port & Remote port Label changes in Attacks & Targets export.
  • Support for Extracting device id from relay devices.
  • Show permalink in Report Dashboard.
  • Three tabs – Elastic, Cache and Archives in log search result window.
  • Purge frequency in “ETESDelete_indices.yml” file is getting update with additional 1 day value to the existing configuration.
  • Agent change to extract device ID from syslog devices while relaying.
  • Specifying the machine name, event source from LFM logs.
  • JAVA_HOME path update is automated to avoid manual intervention.
  • In behavior correlation, dashlets are not displaying, if any of the token is having ''.
  • Under Behavior correlation IP Activity, carrying out log search from out of ordinary activity will consider event id 2037 or 2038.
  • Enhancement in Monitor Process for identification of new hash.
  • DNS IP lookup – IP to hostname conversion in Elasticsearch during Indexing.
  • Enhancements in User management.
  • Index DLA cabs in Elasticsearch based on the configurable flag.
  • Improve the Elasticsearch query performance in Logsearch by removing aggregation of event_datetime and event_datetime_utc fields.
  • CP-CM Group permission.
  • EventTracker Agent Enhancement in Log File Monitoring for syslog relay configuration.
  • Receiver changes to extract device ID from syslog devices.
  • New Event filter configuration is added to Receiver DLA to send events as offline.
  • Fix for Real-time Log volume data not being displayed in Home page.
  • Support for Transport Layer Security 1.2.
  • Index External DLA cabs in Elasticsearch based on configurable flag.
  • EventTracker Agent configuration change to support allowing all the signed processes.
  • EventTracker Agent service will load new delta of file structures (Hash, signer, product etc.) without restarting agent service.
  • In suspicious activity monitoring added new structures parent process safe file and parent process unsafe file.
  • Performance improvement in agent LFM for syslog relay configuration.
  • Support for SHA-256 authentication in EventTracker Checkpoint with OPSEC_SDK_6.1.
  • Support subscription-based connection mechanism in TAXII client using Anomali.
  • Support for script file execution mechanism from EventTracker Monitoring Daemon.
  • Support for storing the install time for syslog machine.
  • Home Page enhancement: Refactor for loading dashlets with SQL instance as data source. (impacted to compliance and my dashboard).
  • Enhancement in Tile dashboard.
  • Privilege Profile menu item update and new profile Master MSP Admin.
  • User Management Password expire messages are updated.
  • Processing icon is not coming in incident and user management.
  • EventTracker Elasticsearch service on start, launching the purging process for older Indices.

Who should read this document
Customers who use 9.0 Build 18

Severity
High

Affected software
EventTracker Web, EventTracker Agent, EventTracker Daemon.

Non-affected software
EventTracker Reports, EventTracker Alerter, EventTracker EventVault, EventTracker Scheduler, EventTracker Remote Installer, EventTracker Receiver.

Process to apply Update

  1. Download Update
  2. Place the Update ET90U18-025.exe in the destination computer.
  3. Execute the exe.