As of Tuesday, January 24 2017, AlienVault USM and OSSIM v5.3.5 are now generally available for all existing and new customers. Users can update their system(s) through the console or web UI (see upgrade instructions for more information). For customers using the Managed Appliance Service, please not that AlienVault Support will be contacting you to schedule your update.
Please take a few minutes to carefully read these release notes before upgrading.
New NxLog plugin - In this release, we made some major modifications to our data source plugin for NxLog. To continue collecting Windows events from NxLog, you will need to reconfigure the settings. Please follow the steps in this document
Deprecation Notice
Log watch The log watch functionality in the Smart Event Collector has been deprecated in AlienVault USM and OSSIM. Deprecation means that we will no longer be doing development on that feature. This functionality may also be removed from the product at a later release date.
Compliance mapping The compliance mapping functionality has been deprecated in AlienVault USM. Deprecation means that we will no longer be doing development on that feature. This functionality may also be removed from the product at a later release date.
This will not remove the ability to report on compliance regulations (PCI DSS 3.2 and ISO 27001:2012). AlienVault will continue to deliver new and updated compliance reports. For questions or additional information regarding this deprecation notice, contact AlienVault Support.
Change Log
ENG-100893 - Users can now bulk delete tickets
ENG-101666 - Fixed issue with adblocker disabling alarm views
ENG-102523 - In SIEM view, added new grouping options for userdataX and username fields
ENG-102727 - Added new permission option to control which users can close alarms
ENG-102930 - Fixed issue in alarm forwarding caused by mysql error
ENG-103144 - Tickets automatically created from alarms will send emails to assigned user
ENG-103168 - Increased number of assets and alarms that can be displayed per page
ENG-103184 - Manually created tickets will send emails to the assigned user
ENG-103257 - Added "sticky" settings in Alarms and Assets so that filters will stay enacted when navigating from page to page
ENG-103798 - Fixed issue with disabling forwarding on child servers in a federated environment
ENG-103833 - Added 'Delete All' option to bulk delete in the message center
Some good stuff in this upgrade. Would be great if our Federated server could see or report the eps of child USM's. How to see EPS trend graph doesn't work from the Fed:/
@ol.batard - can you send me a private mail with your email address? Want to see what you're experiencing on your installation.
@zparker - great feedback! I've added a ticket to our backlog for that request. Would love to get more feedback from you if you're interested. If you're interested, please send me a private message with your email address and I'll set something up.
If you click on the New NXLOG Plugin link, it initially states the Device Vendor is NXLOG (in a green table) for this plugin. However if you scroll down further, it says we need to select Device Vendor as "Microsoft"
There is an error with the new feature of grouping by username in the Security Events window.
It groups the events by the username correctly (aparently at least) but when you try to get the events for some specific user, the filter is using the 'IDM Username' field instead the 'Username' field.
We are reporting this issue to Alienvault support.
Comments
Just for your knowledge:
There is an error with the new feature of grouping by username in the Security Events window.
It groups the events by the username correctly (aparently at least) but when you try to get the events for some specific user, the filter is using the 'IDM Username' field instead the 'Username' field.
We are reporting this issue to Alienvault support.
Jose Luis
Fatal error: Call to undefined method PHPMailer::ThrowExceptions() in /srv/www/htdocs/forums/library/core/class.email.php on line 255
How to fix it while posting a problem in community??