• Support
  • Forums
  • Blogs
A New Community Experience is Coming! For more information, please see our announcement.

Plugins Feed Update - September 09,2018


AlienVault Employee
edited September 2018 in AlienVault USM Appliance > Plugins
Plugins Feed Update - 2018-09-04

USM Appliance Plugins Feed Release Notes

New plugins available
  • Added new plugin for DELL iDRAC (dell-idrac).
  • Added new plugin for Microsoft Azure ATP (azure-atp).
  • Added new plugin for Duo Two-Factor Authentication (duo-2fa).
  • Added new plugin for VMware nsx (vmware-nsx).
  • Added new plugin for Softerra Adaxes (softerra-adaxes).
  • Added new plugin for Riverbed Technology SteelHead (riverbed-steelhead).

HIDS rules and decoders
How to enable new HIDS rules
  • Added new IPsec rules and more Windows Firewall and Policy OSSEC rules.

Issues fixed
  • Updated FireEye CM (fireeye-cm) plugin to parse correct timestamp in rule 20.
  • Updated Aruba Networks ClearPass (aruba-clearpass) plugin to parse event name correctly and to parse new audit and system logs.
  • Updated Juniper Networks SRX Series (juniper-srx) plugin to parse IDS events without action.
  • Updated IBM Aix Audit (aix-audit) plugin to parse new multi-lines logs.
  • Updated Darktrace DCIP (darktrace) plugin to parse dvc as source_ip.
  • Updated Cylance CylancePROTECT (cylance) plugin to parse new threat and audit logs.
  • Updated AlienVault-HIDS (ossec-single-line) plugin to support new events with RID 40111 and to parse some new windows audit failure events.
  • Updated DELL SonicWall VPN (sonicwall-vpn) plugin to parse all device names rather than just "vpn".
  • Updated WatchGuard XTM Series (watchguard) plugin to change date field in a rule.
  • Updated Cisco router (cisco-router) plugin to parse new logs.
  • Updated Microsoft Windows Nxlog (nxlog) plugin to parse Windows event id 5141.

Share post:

Sign In or Register to comment.