ESM - ELISA SECURITY MANAGER Verion: 5.3.0 Date: 1.3.2024 Author: Datasys s.r.o. This package contains new update for ESM appliances. Support information ------------------- In case you need any help, please contact our support team at monitoring@datasys.cz Compatibility ------------- ESM appliance must be updated to version 5.2.x before you can apply this update. Installation ---------------- 1. Download the attached installation package 2. Log in as an administrator to ESM 3. Choose perspective Monitoring 4. Select menu System 5. In section SW update upload the downloaded package 6. If the file was not uploaded and installed, first apply the package elisa_patch_5_php.max.upload.size.tgz.gpg 7. Check agent configuration renewal on ELISA Server and ELISA Proxy (if used) using the "ELISA agent" dashboard. Contact monitoring@datasys.cz if errors occur. 8. Check storing and correct parsing of events. Contact monitoring@datasys.cz if errors occur. Changes in version 5.3.0 -------------------- GUI Updates: - Analytics: - More intuitive full-text search - Colors for queries editable by user - Quick pagination in event tables - Filtering events by processing time vs. reception time - Monitoring: - Enhanced logsources overview with improved filtering - Full-text search in tickets Other Updates/Changes: - It's possible now to define the Zabbix server and host, when passing events to Zabbix (External zabbix server support) - More detailed attribute format checks when saving to Elasticsearch - Option to not save empty attributes when storing in Elasticsearch - New UEBA functionality in the correlation module - Modified Risk Score calculation allowing custom settings for AERS.Reliability and AERS.Severity - Added new source - Azure: - Logging from Analytics Table using PowerShell connector - Logging from Office 365 - Logging from Azure AD SignIn, Audit logs - Ticket notifications now link to the Zabbix URL defined in GUI Administration->General->Other->Frontend URL Additional Fixes: - Configuration of sound alerts for new events - Report generation in CSV, JSON formats - Event notifications sent via Office365 - Automatic resizing of FS for ELISA virtual appliance - Truncation of overly long event names when inserting into tickets - Memory management adjustments in php-fpm - Fixes in event forwarding configuration - Fixes in raw data storage configuration - Setting HTTP proxy in GUI