SIEM Advanced Correlation Engine (ACE) |
Reference Number |
Related Article |
Found in Version |
Resolved in Version |
Issue Description |
SIEM-26645 |
- |
|
11.5 |
Issue: Prevents the exporting of table reports to CSV or HTML formats. |
SIEM-21131 |
- |
11.3.0 |
11.4.2 |
Issue: After you create a custom correlation rule, the rule is enabled at all policy levels and in all correlation managers.
Resolution: Newly added correlation rules are disabled by default. |
SIEMSFX-1775 |
- |
11.3.0 |
11.4.2 |
Issue: The IPSDBServer on an ACE doesn't load events to the databus. |
SIEM Enterprise Security Manager (ESM) |
Reference
Number |
Related Article |
Found in Version |
Resolved in Version |
Issue Description |
SIEM-32620 |
- |
11.5.5 |
11.5.6 |
Issue: NitroValidate reports critical warning for linux-smp, which results in a red flag.
Workaround: Remove the linux-smp by running the following commands:
rpm -qa | grep 'linux-smp' | xargs rpm -ev --nodeps
/opt/install_kernel/sbin/rebuild_initrd
|
SIEM-24648 |
- |
11.4.2 |
11.5.1 |
Issue: After a new deployment or an upgrade, you're unable to collect events from devices.
Also, this error in /var/log/messages might be encountered:
Could not set broker list for ESM Node Local ESM AddlInfo: Server '<GUID>' is unavailable.
Workaround: If you experience this issue, contact Technical Support and provide this reference. |
SIEM-22703 |
- |
11.4.1 |
11.4.2 |
Issue: The Administrator is unable to log on to ESM after a system timeout occurs and leads to a session lock. |
SIEM-22515 |
- |
11.4.0 |
11.4.2 |
Issue: You see a flash error when you add or edit a client data source with no port value or associated time zone. |
SIEM-22404 |
- |
11.4.0 |
11.4.2 |
Issue: (Backup/Restore) Assigning an alarm to a group causes the alarm to trigger.
|
SIEM-22260 |
- |
11.4.0 |
11.4.2 |
Issue: When the Index_hd becomes full, it can cause the database to crash.
Resolution: Reduce the amount of space that the database uses for the index_hd (SS1) hard drive. |
SIEM-22033 |
- |
11.4.0 |
11.4.1
Hotfix 1
(RTS) |
Issue: The Incident Management and Case Management Views return no results. This issue is seen when filtering by Signature ID and String fields, such as Source User or Application.
NOTE: To obtain a Released To Support (RTS) release, see the "Related Information" section below for details. |
SIEM-22032 |
- |
11.4.0 |
11.4.1
Hotfix 1
(RTS)1 |
Issue: In Vulnerability Assessment Views, the Vulnerability Name filter doesn't return results.
NOTE: To obtain an RTS release, see the "Related Information" section below for details. |
SIEM-21839 |
- |
11.4.0 |
11.4.2 |
Issue: When you try to set the Audit log level, you see the error below:
EC252 Error: Unable to abort the Network Discovery process
Workaround: Close and reopen the manager. You can then see in System Information that the changes have been made.
|
SIEM-20104 |
- |
11.3.2 |
11.4.2 |
Issue: The HTML User Interface doesn't correctly sort custom fields. |
SIEM-19125 |
- |
11.3.0 |
11.4.2 |
Issue: The source port, destination port, and protocol name map settings aren't honored. |
1266312
SIEM-11269 |
- |
11.3.0 |
11.4.0 |
Issue: Under certain network conditions, keying a device from either the Add Device wizard or the Key Management properties of ESM (hosted in Amazon Web Services or Azure) can result in an error message. This result can occur even though the operation completes successfully.
Workaround: To acknowledge the error, click OK and then click the X at the top-right corner of the window to dismiss the screen instead of clicking the Cancel button. Click refresh on the system tree and the device is ready. |
SIEM Event Receiver (Receiver) |
Reference Number |
Related Article |
Found in Version |
Resolved in Version |
Issue Description |
SIEM-22356 |
- |
11.3.2 |
11.4.2 |
Issue: (Collectors) MVISION ePO collector isn't receiving events.
Resolution: The MVISION ePO collector now uses minimum permissions. |
SIEM-21683 |
- |
11.3.2 |
11.4.2 |
Issue: Unable to 'write out' the data source to one of the receivers (high availability receiver pair).
Resolution: Update the SNMP control scripts to better handle shutting down and restarting. |
SIEM-21554 |
- |
11.3.2 |
11.4.2 |
Issue: (Collectors) The Mimecast collector sleeps for days and not seconds when the rate limit is hit. |
SIEM-22391 |
|
11.3.0 |
11.4.2 |
Issue: Install scripts generate the error below:
Access keys would seem to be incorrect.
The new AMI tools don't have the old commands that the script tries to execute.
|
SIEM-22057 |
- |
11.3.0 |
11.4.2 |
Issue: Backlog of events accumulates and impacts server performance.
Resolution. Event Reduced disk contention occurs when parsers fall behind the current time. |
SIEM Enterprise Log Manager (ELM) |
Reference Number |
Related Article |
Found in Version |
Resolved in Version |
Issue Description |
SIEM-22312 |
|
11.3.0 |
11.4.2 |
Issue: Upgrade fails, and you're unable to handle the AWS NVME drives.
The error below is recorded in the log:
Failed: ss1 not 0 - could be a complicated setup at /usr/local/ess/update/updates/check_resizevm line 93. The drive configuration is incorrect |
SIEM-18551 |
- |
11.3.0 |
11.4.2 |
Issue: (Collectors) The backup feature isn't disabled for a redundant ELM. After the backup completes, it tries to start the ELM services. If the redundant ELM is syncing data from a mirrored device, it fails to unmount the existing storage (because it's in use). |
SIEM-19489 |
- |
11.3.0 |
11.4.2 |
Issue: API calls that have a space in the name generates a large pool size.
Resolution: The API calls change to reduce a pool size when the pool has spaces in its name. |
ELS |
SIEM-22203 |
- |
11.4.0 |
11.4.2 |
Issue: After you perform an upgrade, Elasticsearch nodes start with the default cluster configuration.
NOTE: The cluster configuration is correctly updated. |
1234993 |
- |
11.3.0 |
Expected
Behavior |
Issue: After you upgrade, ELS tries to connect to the local kafka.
Solution: Follow the proper upgrade procedure documented in current release notes. |
SIEM Data Streaming Bus (DSB) |
1264218
SIEM-11238 |
- |
11.3.0 |
11.4.0 |
Issue: Upgrading a DSB using a file uploaded through the "ESM File Maintenance" option prevents the upgrade from starting.
Workaround: Upload the file for the DSB during the upgrade process.
|
Other |
SIEMSFX-1822 |
- |
11.4.1 |
11.4.4 |
Issue: A missing socket causes Snowflex to shut down.
The log records the errors below:
- An invalid handle is encountered.
- Can't read from the socket.
- CML Client API Socket error occurs in recv, fails to obtain the message size.
|
SIEM-22188 |
- |
11.4.0 |
11.4.2 |
Issue: Using an external API returns totalRows when it's not expected to do so.
Resolution: Remove the totalRows return value from the executeQuery API. |