We've updated USM Anywhere with the improvements and defect fixes listed below. The USM Anywhere service and Sensors are updated automatically so you do not need to take any additional actions for the update to take effect.
Improvement to Network IDS configuration: You can now specify network ranges for your internal networks (home_net) as part of the Network IDS configuration on a sensor.
New AWS dashboard chart: The AWS dashboard now includes a “Account Vendors” chart that identifies known vendor services generating CloudTrail events.
Notable Defects Fixed
ATLAS-11469/ATLAS-15858/ATLAS-16960 Various improvements to CSV exports for 50k records ATLAS-15200 Supplemental Vulnerabilities Report - Error while creating report ATLAS-16471 "Receive Alarm Notifications" not available if user is exists in USM Central ATLAS-17247 Azure jobs stop running after job timeout
New Plugins AR-1812 SoftEther VPN
Improvements AR-1759 Correlation rule for "entered promiscuous mode" should ignore veth interfaces AR-1761 Nxlog does not parse some logs AR-1787 Add account_vendor to the CloudTrail plugin AR-1790 Create a Custom Function to format MAC addresses AR-1805 Alienvault-Agent: add protocol dict to plugin AR-1811 NXLog Exchange add parsed field
Defects AR-1733 Kerio Plugin for USM Anywhere event name blank AR-1809 CheckPoint FW1 R77.3O ~ 'Drop' events show as 'Allowed_Event' AR-1816 HP Storage Area Network Switch: Replace MAC addreses with IPv6 addreses AR-1820 PacketFence: Avoid capturing "unknown" for MAC Addresses tags AR-1823 Cisco ISE Plugin is not parsing username AR-1827 Potential FP:Remote WMIC Activity AR-1837 NXlog event with no name AR-1844 Update DHCP plugin to fix MAC Addresses