ESM - ELISA SECURITY MANAGER Version: 4.4.0 Date: 25.11.2019 Author: Datasys s.r.o. This package contains new update for ESM appliances. Support information ------------------- In case you need any help, please contact our support team at monitoring@datasys.cz Compatibility ------------- ESM appliance must be updated to version 4.3.x before you can apply this update. Installation ---------------- 1. Download the attached installation package 2. Log in as an administrator to ESM 3. Choose perspective Monitoring 4. Select menu System 5. In section SW update upload the downloaded package Changes in version 4.4.0 ------------------------ BUG FIXES: - unlimited licenses view for the number of devices - total number of events in the Histogram panel - display "Advanced" option to open the dashboard definition in the JSON file - Histogram view for time range less than 5s - license installation in CZ localization GUI - Fixed EPS detection and monitoring for individual event sources - Fixed zabbix menu display for "Admin" type users - displaying the TEST button in the LDAP authentication configuration NEW / ENHANCED FEATURES: - nxlog update to version 4.5 on ELISA server - zabbix update to version 4.0.12 on ELISA Server - automatic update of ELISA agents for OS Windows (4.5) - HTML contextual documentation - Support for 10 different repositories - allows storing various events in separate indexes with their own data retention configuration - ad-hoc notification by e-mail for selected events with the possibility of defining the message recipient, subject and body - forwarding events by syslog protocol - new possibilities of ELISA server configuration within the web interface - servers for time synchronization (NTP client) - DNS serevry - network configuration - Improved CSV export generation - A modified export summary page - Allows refreshing the page while keeping the directory structure open - displaying the number of events for "closed" indexes - automatic creation of missing indexes - if there is an event reception failure and no index is created, it is not possible to search over this period. The automatic index creation feature creates this missing index to allow trouble-free searches - modified archiving / data recovery - new function of forensic logs (raw data) export to JSON file including specification of required period filter - data export to JSON file improved by the possibility of entering the required period filter including closed indexes (automatic opening and closing indexes) - possibility to open analytic interface with a specific filter (eg link to a specific event) - index creation at midnight according to Central European time - Code lists for failed login events for OS Windows - improved internal monitoring - buffer status - state elasticsearch - new features of the analytical interface - new panel HITS (displaying the number of events according to individual QUESTIONS) - CPU, memory and disk utilization indicator - Adjust the display of attributes in Brief / Rich / Metadata views - Support for URL links in attributes - new action - open fulltext according to attribute value - query filtering in Histogram, Trends, HITS panels - Parsing: - new parser for Checkpoint firewall - modified parser for detection of stopping services from running in Windows / Linux - time manipulation detection in OS Windows / Linux - Account manipulation (group membership) - login of privileged accounts - parser for netflow collection - detection of impersonal accounts (admin) - classification of events when accounts are created / deleted - correlation rule for suspicious account manipulation (create / delete) - new dashboards: - Checkpoint firewall - Risk Score - Netflow