| Reference Number |
Component |
Related Article |
Found in Version |
Resolved in Version |
Issue Description |
| SIEM-12686 |
Snowflex |
|
11.2.0 HF4 |
|
Issue: After upgrading to SIEM 11, 3xxx errors occur indicating issues retrieving query results from the new database architecture. |
| SIEM-11330 |
ESM |
|
11.1.3 |
11.2.0 HF5 |
Issue: The Event Forwarding functionality experiences performance issues in SIEM 11.
Solution: Upgrade to ESM 11.2.0 HF 5 or later. |
| 1273430 |
ESM |
|
11.1.3 |
|
Issue: Invalid data sources might be created when including leading zero's in the octets of the IP address. |
| 1266321 |
ESM |
|
11.1.3 |
|
Issue: Manual interaction with the appliance is needed when reboots occur during the upgrade process to ESM 10.3.4 or 11.1.3.
Workaround: If Technical Support has previously directed you to change to an earlier kernel version, follow the steps below before you upgrade to ESM 10.3.4 or 11.1.3. These steps allow you to avoid the need to manually interact with the appliance during reboots in the upgrade process.
Revert any previously modified grub screen/kernel selection to allow for an unattended upgrade:
- Create a grub config backup by running the command cp /boot/grub/grub.cfg ~/grub.cfg.bak.
- Set the grub config kernel default back to use the first kernel in the list by running the following commands:
NOTE: The newest kernel should always be first in the list.
vi /etc/default/grub
Edit the GRUB_DEFAULT value and change it to GRUB_DEFAULT=0
- Regenerate grub config using the newly modified default. Run the command grub-mkconfig -o /boot/grub/grub.cfg.
- Continue with upgrading devices
|
| 1266312 |
ESM |
|
11.1.3 |
|
Issue: Under certain network conditions, keying a device from either the Add Device wizard or the Key Management properties of ESM 11.1.3 (hosted in AWS or Azure) can result in an error message. This result can happen even though the operation completed successfully.
Workaround: To acknowledge the error, click OK and then click the X in the top-right corner of the window to dismiss the screen instead of clicking the Cancel button. Click refresh on the system tree and the device will be ready. |
| 1264218 |
ESM |
|
11.1.3 |
|
Issue: Upgrading a DSB using a file uploaded through the “ESM File Maintenance” option prevents the upgrade from starting.
Workaround: Upload the file for the DSB during the upgrade process.
|
| 1257792 |
User Interface: Flash (traditional UI) |
|
10.3.0 |
|
Issue: Unable to clearly see more than two SAN devices in the UI. |
| 1257763 |
User Interface: HTML5 (new UI) |
|
10.3.2 |
11.1.2 |
Issue: Can't search by File_hash in HTML5 (but works in Flash). Error "Invalid GUID value. Must be hexadecimal digits (0–9 A-F). Dashes are also allowed. Must contain 32 digits.". |
| 1256391 |
ESM: System Properties |
|
10.3.2 |
|
Issue: [ER254] VM data addition is successful, but the UI reports an error when trying to view it. |
| 1255805 |
ESM: Redundant ESM (RESM) |
|
10.3.2 |
11.1.2 |
Issue: Several ESM Redundancy fixes. |
| 1255653 |
ESM: Reports |
|
11.0.1 |
|
Issue: Exporting to CSV from Dashboard incorrectly shows usersource. |
1255652
1259176 |
ESM: Views |
|
11.0.3 |
11.1.2 |
Issue: Snowflex issues in 11.0.3 Update 3 and 11.1.1 – can't run views during background rebuild + 238. |
| 1255633 |
Receiver |
|
10.3.1 |
|
Issue: cURL data source is changed to syslog by “Write.” |
| 1255571 |
ELM |
|
10.3.2 |
|
Issue: Unable to retrieve packets from ELM archive for some events. |
| 1255151 |
ESM |
|
11.0.3 |
11.1.0 |
Issue: EC238 errors seen after you upgrade to 11.0.3 Update 3. |
| 1254879 |
ESM |
|
11.0.3 |
|
Issue: snowflex.conf is being written with incorrect GUID. |
| 1254749 |
ESM: Alarms |
|
10.3.2 |
11.1.2 |
Issue: Wrong device_ip was added to the watchlist. |
| 1254592 |
Other |
|
10.3.2 |
11.1.3 |
Issue: RESM/PESM using wrong key to talk to ELM. |
| 1254585 |
ESM: Redundant ESM (RESM) |
|
10.3.2 |
11.1.1 |
Issue: RESM fails to get notified of RELM failover. |
| 1254583 |
ELM: Redundant ELM (RELM) |
|
10.3.2 |
|
Issue: ELM search results that are saved as links are not copied to RELM. |
| 1254543 |
ELM: Redundant ELM (RELM) |
|
10.2.0 |
11.1.3 |
Issue: UI shows wrong data storage device for the MGTDB. |
| 1254508 |
ELM |
|
10.3.1 |
|
Issue: Synchronization issue between primary and redundant ELMs. |
| 1254216 |
Receiver |
|
10.3.2 |
|
Issue: HA Receiver deletes community for SNMP Request in /etc/snmp/snmpd.conf after return to service. |
| 1254204 |
ELM |
|
10.3.2 |
|
Issue: ELM with SAN does not boot after upgrade to 10.3. |
| 1253955 |
ESM |
|
11.0.3 |
|
Issue: ELM with SAN does not boot after upgrade to 10.3. |
| 1253684 |
Databus |
|
11.0.3 |
11.1.2 |
Issue: No events in UI on ENMELM with 0 Alerts loaded, but the Alerts table is growing. |
| 1253623 |
Database |
|
11.0.3 |
11.1.0 |
Issue: [ER-1][ER238] Errors in Flash and HTML5 with errorcode=238. |
| 1253595 |
ESM: Alarms |
|
10.2.0 |
11.1.3 |
Issue: Specified Event Rate alarms do not work as expected. |
| 1253508 |
ACE |
|
10.3.2 |
11.1.1 |
Issue: Some correlated files get marked as bad. |
| 1253439 |
Receiver |
|
9.6.1 MR1 |
11.1.2 |
Issue: Refresh device button throws an error after you upgrade to ePO 5.10. |
| 1253425 |
ESM |
|
10.3.2 |
|
Issue: Temporary network failure observed several times after you upgrade to 10.3.2. |
| 1253247 |
User Interface: HTML5 |
|
10.2.0 |
11.1.2 |
Issue: No data when filtering Palo Alto on some rule_name on HTML5. |
| 1253115 |
ELM |
|
10.3.1 |
|
Issue: ELM with SAN does not boot after upgrade to 10.3. |
| 1252818 |
ESM |
|
10.2.0 |
11.1.1 |
Issue: ELM Integrity Check Function Broken. |
| 1252673 |
ESM: Case Management |
|
10.2.0 |
11.1.1 |
Issue: JSON API to close case causes it to be deleted in SIEM UI. |
| 1252531 |
ELS |
|
10.3.0 |
|
Issue: ELS fills up disk with elastic search logs. |
| 1252368 |
ESM |
|
10.3.1 |
|
Issue: Unable to add SSD to VM data after you add data_hd. |
| 1252041 |
ELM |
|
11.0.3 |
|
Issue: Unable to migrate the ELM mgtdb a second time. |
| 1251834 |
Receiver |
|
11.0.3 |
|
Issue: Issues with SetClusterConfig and start of active collectors in HA after upgrade to v11. |
| 1251203 |
Receiver |
|
10.3.2 |
|
Issue: SIEM Receiver data source does not allow CIDR range. |
| 1250991 |
ESM: Redundant ESM (RESM) |
|
10.2.0 |
11.1.1 |
Issue: Primary is unable to complete Sync to redundant (log table). |
| 1250483 |
Receiver |
|
10.3.1 |
11.1.1 |
Issue: Directory /usr/local/ace/incoming/bad is growing to a large size on the Receiver without correlation engine. |
| 1250794 |
ELM |
|
11.0.3 |
|
Issue: ELM Kernel panic RIP: kmem_cache_alloc+0X00/0x140 RSP: fffc900004439f0 boots into new kernel. |
| 1249825 |
Receiver |
|
10.3.1 |
|
Issue: Error is ‘Error retrieving events. Could not get file from device’ after SIEM upgrade (kernel issue). |
| 1249628 |
ELM |
|
10.2.0 |
|
Issue: Rule integrity check complete, some number rules failed by rule update. |
| 1249322 |
ESM |
|
11.0.3 |
11.1.1 |
Issue: [EC-1][ER238][ER1387] Server errors seen after you upgrade to 11.0.3. |
| 1248631 |
ESM: Data Enrichment |
|
10.3.1 |
|
Issue: In SIEM-MAR Integration, Active Response appears only for five seconds in the drop-down list of the 'Type' option in the Source tab for the Data Enrichment Wizard. |
| 1248451 |
ESM |
|
10.2.0 |
11.1.1 |
Issue: Over-used allocation reporting available space in exabytes. |
| 1248382 |
ESM |
|
11.0.2 |
11.1.2 |
Issue: Last Event times in Device Summary Reports are not accurate. |
| 1247952 |
Receiver |
|
10.3.1 |
11.1.1 |
Issue: /usr/local/ace/incoming/bad folder fills after upgrade to 10.3.1. |
| 1247149 |
ACE |
|
10.2.0 |
|
Issue: Correlation Rule with Flows Nested Variable not working correctly. |
| 1247141 |
ESM |
|
10.2.1 |
11.1.2 |
Issue: Table component shows No Results at Physical Display Level. |
| 1246623 |
Receiver |
|
10.3.1 |
|
Issue: Error is ‘Error retrieving events. Could not get file from device’ after SIEM upgrade (kernel issue). |
| 1245611 |
Receiver |
|
11.0.3 |
|
Issue: Kafka topics are not created on a recently installed ENMELM combo (data is not sent). |
| 1243534 |
ACE |
|
10.2.0 |
|
Issue: Sometimes a correlated event could not be triggered. |
| 1243507 |
ESM: Clustering |
|
11.0.2 |
|
Issue: "Promote Node" for new node fails and then none of ESMs in the cluster can perform any change to the system.
Workaround: Perform another restart or service restart on the promoted node so ESM gains the management role. |
| 1243149 |
ESM |
|
11.0.2 |
|
Issue: Management node UI fails to load after an upgrade: error "Application unavailable" because the Local EDB starts with errors.
Workaround: Restart the dbserver. Execute the following commands on the ESM:
#NitroStop
#service dbserver stop
#service dbserver start |
| 1242870 |
ELM |
|
10.3.0 |
10.3.3 |
Issue: ELM with SAN will not boot after upgrade to 10.3. |
| 1240176 |
ESM: Views |
|
11.0.0 |
11.0.2 |
Issue: The Static String Column now displays properly in the Table component. |
| 1240046 |
ESM |
|
11.0.0 |
11.0.2 |
Issue: Corrected an issue that prevented Static String Event details from displaying for some events. |
1238806
1238927
1240801 |
ACE |
|
11.0.0 |
11.0.2 |
Issue: ACE stops processing events when customer has flow correlation rules. |
| 1237902 |
ELS |
|
10.2.0 |
11.0.2 |
Issue: ELS log (/var/log/kafkactl.log) is now maintained to avoid excessive file size. |
1236292
1236451 |
ESM |
|
10.2.1 |
11.0.2 |
Issue: Does not accept a plus sign (+) in the email address ER71 Invalid Parameters. |
| 1236287 |
Upgrade |
|
11.0.0 |
|
Issue: Data source write-out fails with ER 122 after you upgrade from 10.2 to 11.0 GA with an ELS configured. |
| 1235498 |
ELM: Redundant ELM (RELM) |
|
10.2.0 |
|
Issue: Data written to the mount point without a mounted mirror is not copied correctly to the mirror. |
| 1235335 |
Database |
|
11.0.0 |
11.0.1 |
Issue: EDB FDB - results of 'IF' are blank. |
| 1235280 |
Other |
|
11.0.0 |
11.0.1 |
Issue: Compliance Views do not show correct data in Table components. |
| 1234565 |
UI: HTML5 |
|
11.0.0 |
|
Issue: In CyberScorecard, Severity values on the Executive view are not changed properly. |
| 1234993 |
Upgrade |
|
11.0.0 |
|
Issue: After you upgrade from 10.2.0, ELS tries to connect to the local kafka. |
| 1234870 |
UI: HTML5 |
|
10.2.0 |
11.0.2 |
Issue: Save packet in HTML corrupted the data. |
| 1234806 |
ESM: Views |
|
10.2.0 |
11.0.2 |
Issue: Scorecard: Extra results display after delete and repull of Assets. |
| 1234797 |
ELM |
|
10.2.0 |
|
Issue: Unable to remove DAS from mirror. |
| 1234404 |
ESM: Policy |
|
11.0.0 |
|
Issue: If your session is timed out during a policy roll-out, the roll-out does not complete. |
| 1234388 |
Other |
|
11.0.0 |
11.0.1 |
Issue: Incorrect values appear in Reports and in the legacy (Flash) console. |
| 1234319 |
ESM |
|
11.0.0 |
11.0.0 |
Issue: The "Average Severity" field on the "Events" table shows incorrect value. |
| 1234307 |
ESM |
|
10.2.0 |
11.0.2 |
Issue: All-in-one: Unable to execute command on the device (ER234) when you execute Active Response search on SIEM. |
| 1234302 |
ESM: Reports |
|
11.0.0 |
|
Issue: Bar charts are not included in the exported reports. |
1234238
1240803 |
ESM: Views |
|
10.2.0 |
11.0.2 |
Issue: The error "Something went wrong" displays when you select a Query; can't complete creation of widget. |
| 1234017 |
ESM: Reports |
|
11.0.0 |
|
Issue: Reports that contain Stacked Distribution with "Others" are not created. |
| 1233936 |
ESM: Alarms |
|
11.0.0 |
|
Issue: When viewing the Event Time Mismatch report, no devices are selected by default. |
| 1233730 |
L10N |
|
11.0.0 |
|
Issue: Unlocalized strings appear in System Properties, Clustering. |
| 1233583 |
ESM: Views |
|
11.0.0 |
|
Issue: When you install updates to Views in Content Packs, ESM appends "_Import" to the file instead of replacing existing files. |
| 1233556 |
UI: HTML5 |
|
11.0.0 |
|
Issue: When you hover the cursor over an event, the tooltip flashes on and off. |
| 1233305 |
Other |
|
11.0.0 |
11.0.1 |
Issue: "Export to CSV" option does not work on bar chart widgets. |
| 1233171 |
Other |
|
11.0.0 |
|
Issue: ADM Flow Analysis view is setting Flow values (Direction and State) to false by default. |
| 1233167 |
UI: Flash |
|
11.0.0 |
|
Issue: The State column does not populate in Flow views. |
| 1233141 |
ESM |
|
11.0.0 |
|
Issue: On dashboard widgets, Category names and Area names might show a value of "Unavailable." |
| 1233133 |
ESM |
|
11.0.0 |
|
Issue: An error is shown in Task Manager when a view with some distribution components, and baseline enabled, is refreshed. |
| 1233128 |
ELM |
|
11.0.0 |
11.0.1 |
Issue: Redundant ELM (RELM) is unable to retrieve strhse_stats. |
| 1233127 |
UI: HTML5 |
|
11.0.0 |
|
Issue: If you view the Configuration screen and experience a session time-out, the Configuration screen is blank after you log back in. |
| 1233089 |
ESM |
|
11.0.0 |
|
Issue: In FIPS mode, users who have Key and Certificate permission can't download or view certificates. |
| 1233086 |
Receiver |
|
10.2.0 |
11.0.2 |
Issue: Collectorsctl does not monitor inode depletion. |
| 1233082 |
Receiver |
|
10.2.0 |
11.0.2 |
Issue: ELM runs out of inodes. |
| 1233043 |
UI: HTML5 |
|
11.0.0 |
|
Issue: After you add or delete a data source in the HTML5 dashboard, the device tree on the Physical Device tab does not refresh. |
| 1232875 |
ESM: Clustering |
|
11.0.0 |
|
Issue: After first being keyed, some ESM cluster nodes take more than 30 minutes to get up and running, and might require restart. |
| 1232725 |
UI: HTML5 |
|
10.2.0 |
11.0.0 |
Issue: Export to CSV with option "A max number of records" stalls out after v10.2.0 Update 6 is installed. |
| 1232302 |
L10N |
|
11.0.0 |
|
Issue: The Correlation page contains unlocalized strings. |
| 1232286 |
L10N |
|
11.0.0 |
|
Issue: Some localized content is truncated on the Normalized Dashboard. |
| 1232284 |
L10N |
|
11.0.0 |
|
Issue: Some localized UI elements are truncated in the ELS Search history. |
| 1232282 |
L10N |
|
11.0.0 |
|
Issue: In some languages, when creating Benchmark group names, a corrupted character is introduced at the end of the name. |
| 1232280 |
L10N |
|
11.0.0 |
|
Issue: The text in Scorecard benchmark test groups is truncated in some languages. |
| 1232253 |
L10N |
|
11.0.0 |
|
Issue: Events and Events Summary windows contained unlocalized strings. |
| 1232247 |
L10N |
|
11.0.0 |
|
Issue: When selecting devices, some display strings are not localized. |
| 1231874 |
UI: HTML5 |
|
11.0.0 |
|
Issue: When exporting Scorecard data, some information is not shown in the export file. |
1231867
1235191 |
Receiver |
|
10.2.0 |
11.0.2 |
Issue: Send2ELM settings cause some receivers to become backlogged waiting for ELM disk space to drop. |
| 1231834 |
ELS |
|
10.2.0 |
|
Issue: Non-admin users can't search ELS. |
| 1231425 |
ESM: Reports |
|
11.0.0 |
|
Issue: The Query wizard does not show options for all query types when a user is logged on as SECANA or SECENG. |
| 1231178 |
UI: HTML5 |
|
11.0.0 |
11.0.0 |
Issue: Scorecard results from benchmark groups are not consistent with asset totals. |
| 1231157 |
ESM |
|
10.2.0 |
|
Issue: "Possible Event Time Mismatch" alarm triggers when a device is not selected. |
| 1230851 |
UI: Flash |
|
11.0.0 |
|
Issue: Flash views configured with the "Dashboard" category do not render some widgets. An error is shown: "Invalid Parameters (ER71)". |
| 1229799 |
Receiver |
|
11.0.0 |
|
Issue: ESM does not produce or consume messages while data sources are being written, and does not result in data loss. |
| 1229417 |
Receiver |
|
11.0.0 |
|
Issue: Turning data source parsing off while ELS logging is on disables the data source. |
| 1229123 |
ESM: Reports |
|
10.0.3 |
11.0.0 |
Issue: Query CSV option does not retrieve output with the filter set to Open cases. |
| 1227697 |
Receiver |
|
10.1.4 |
11.0.0 |
Issue: Cloudtrail connection errors out with our implementation of the AWS API. |
| 1227617 |
Receiver |
|
10.2.0 |
|
Issue: NTP servers are still queried by Devices when "Use NTP servers for time synchronization and save settings" is not selected. |
| 1227076 |
ESM |
|
11.0.0 |
|
Issue: ELS can't be upgraded from a Multi-Device Manager. This support is targeted for a future release. |
1226176
1227492 |
ESM |
|
10.2.0 |
11.0.2 |
Issue: Scorecard & Asset, Threat, and Risk dashboards are empty. |
| 1226087 |
ESM |
|
11.0.0 |
|
Issue: Retention policy is written to ELS without the Correlation Manager IPSID. |
| 1226077 |
ESM: Data Enrichment |
|
10.1.1 |
11.0.2 |
Issue: Data Enrichment field is not being replaced. |
| 1225706 |
ESM: Alarms |
|
10,1,1 |
11.0.0 |
Issue: Field match alarm is triggered incorrectly with Source GeoLocation filter. |
| 1225395 |
ACE |
|
10.2.0 |
11.0.2 |
Issue: Historical Correlation does not work in newly created correlation manager when all default correlation managers are disabled. |
| 1225160 |
ESM: Redundant ESM (RESM) |
|
10.2.0 |
|
Issue: Communication Troubleshooting Help does not mention proper devices. |
| 1225078 |
ESM |
|
11.0.0 |
|
Issue: When you create a table widget, the context menu "Mark as Review" and "Delete events" functions do not work. |
| 1224831 |
ESM |
|
11.0.0 |
|
Issue: cpservice takes a long time to stop if UpdateMTISThreats is running. An error message shows that "thread failed to close." |
| 1223547 |
ESM: Views |
|
10.1.4 |
11.0.0 |
Issue: Red Banner EC 255 Error Invalid Filter Item, Possible SQL Injection tried marking items reviewed. |
| 1223187 |
UI: HTML5 |
|
10.1.1 |
11.0.0 |
Issue: New widgets that are created have the bound icon in the upper right of the widget box, but it does not reflect the selected category from the first widget. |
| 1222638 |
UI |
|
10.2.0 |
11.0.0 |
Issue: Data source from Asset Manager is not created properly. Name displays as unassigned and IP address does not populate. |
| 1222238 |
Receiver |
|
10.2.0 |
11.0.2 |
Issue: ePO database instance settings do not apply when changes are written. |
| 1222737 |
ESM: Backup/Restore |
|
10.1.4 |
11.0.2 |
Issue: Unable to restore a backup file correctly if RCV has HA settings. |
| 1222461 |
ESM |
|
10.2.0 |
11.1.3 |
Issue: HTML5, Custom type name is not displayed correctly on the dashboard unless the database is restarted. |
| 1222182 |
Receiver |
|
10.2.0 |
11.1.3 |
Issue: Sourcefire estreamer stopped collecting because of an error. |
| 1221397 |
Other |
|
10.1.0 |
|
Issue: You can't add datasources with a FIPS-enabled ENMELM VM.
Workaround: Log on to the ESM database backend, update the IPSversion field of the Local-Receiver in the IPS table, and restart the system. |
| 1219107 |
ESM |
|
11.0.0 |
|
Issue: CreateAndExecuteCommands run one database query for each record returned, which slows performance. |
| 1218722 |
ACE |
|
10.1.1 |
11.0.0 |
Issue: User_Agent custom type cannot contain more than one value. |
| 1216324 |
ELM |
|
10.1.2 |
11.0.0 |
Issue: Access denied (ER70) when a non-admin user tries an ELM search. |
1216189
1218828 |
ELM |
|
10.1.3 |
|
Issue: Mirroring the ELM DB fails with error "NotOk Not enough space available..." |
| 1197308 |
Doc: Help (online) |
|
10.1.0 |
11.0.0 |
Issue: Cannot change the logon logo in HTML5. |
| 1196846 |
ACE |
|
9.6.0 MR6 |
|
Issue: No event is triggered with settings to ‘Group By’ and ‘Override Group By’ in the Correlation Rule because 'Group by' and 'Override Group By' are different types. |
| 1188771 |
Doc: Help (online) |
|
9.6.0 MR8 |
11.0.0 |
Issue: HA Key/Root password with special characters causes IPMI failure. Special characters are:
` ~ ! @ # $ % ^ & * ( ) [ ] \ { } | ; ' : " < > ? |
| 1185713 |
Doc: Help (online) |
|
9.6 MR9 |
11.0.0 |
Issue: EDSFTP copy fails at 30,000+ files. |
| 1179180 |
Alarms |
|
9.6 MR7 |
|
Issue: RAID Disk failure is not reported. |
| 1143023 |
Doc: Help (online) |
|
9.6.0 |
11.0.0 |
Issue: Long, large data Enterprise Log Manager (ELM) searches fail. |
