EventTracker has been in continuous development since 2001. New features are prioritized based on customer feedback.
EventTracker 8.2 (Build 14)
- Incident Tile Dashboard: Displaying latest incident occurrences as tiles.
- Reports generated on Collection Point can be transferred and viewed on Collection Master.
- Support for filtering events before archiving. This enables filtering of events generated by Direct Log Archiver.
- Agent status report containing file details and update level can be generated from manager without the remote system credentials.
- Initiating Log Search (from various modules like Behavior, Incidents etc.) in background and display status notification at page bottom.
- Change Audit: Option to monitor only a set of registry paths specified by the user.
- Grouping of Knowledge Object(s).
- A different archive path can be provided for each Virtual Collection Point.
- Unknown Processes: User can configure rules to consider the matching processes as safe. Example: User can configure a rule to consider all binaries signed by a specific publisher as safe.
- Agent filters: Ability to provide complex criteria for “User” and “Source” fields using binary operators.
- Enhancements in unknown process detection to consider DLL loads (ET81U16-012)
- Behavior Rules: Selection of system groups while creating a rule.
- Support for reporting events with FQDN.
- Inclusion of Borderware as a reputation provider in attacker’s/targets dashboard.
- Configurable option to search around computer name in Log Search.
- Log Volume Report: Showing separate counts for Real time and File transfer events.
- Performance enhancement in Log Search filter pivot to display results.
- Option in Log Search to refine the results using ‘||’ and ‘&&’ operators.
- Knowledge Object: Option to move a rule from one Knowledge Object to another.
- TrapTracker: Added MIBs for McAfee EPO.
- Enhancement in extracting IP in behavior. (Update ET80U16-045)
- Support for import/export of behavior rules.
- Option to resend behavior data from collection point to collection master.
- Changed the default IP Reputation provider from IPVoid to Borderware.
- During installation, added an option in the trial version to register for free technical support.
- Reports: Deprecated generation of reports in HTML and word formats. (Reports configured in older version will continue to get generated in these formats)
- No longer using anonymous authentication for IBM XFE API (User needs to obtain API key and password from IBM XFE).
- On changing the reputation provider, existing IP addresses are not checked with the newly configured provider.
- Fix for EventTracker Receiver handle leak issue.
- Fix for issue where event description is not being formatted. (Update ET81U16-023)
- The duplicate alerts are getting added on applying update ET80U16-047.
- Unable to import MIB files in TrapTracker.
- EventTracker diagnostics: Backup and restore is throwing error when maximum number of backup files exceeds.
- Direct Log Archiver fails to detect field boundaries for some W3C format files (Update ET81U16-009).
- System type of windows 2012 R2 server is reported incorrectly.
- Sending a file with name containing “-” via “send other files” option of agent DLA does not create the system name folder appropriately on manager agent.
- Fix for the issue where “\r\n” is not recognized as a terminator for custom behavior rules.
- Fix for issue where threshold level of alerts was not getting exported.
- Fix for issues with USB Device Report.
- Report Dashboard: Fix for Html Excel Viewer to handle reports containing header as description.
- Fix for issue where Flex Reports were failing when configured with Template having lengthy regular expression.
- Fix for the issue where Collection Point (backward compatible) site data is not displayed in Attackers dashboard.
Knowledge Items Added/Updated
- Centrify Server Suite
- Cisco ASA
- Cisco IOS
- Cisco SourceFire
- Kaspersky Security Centre
- Meraki Firewall
- Microsoft Windows DFS
- SonicWALL Firewall
- Sophos Enterprise Console
- Suricata IDS
- Trend Micro Deep Security
- Trend Micro InterScan
- VMware ESX
- Windows AD Insider Threat
- Windows PowerShell
New Knowledge Objects
- Windows 10
- Windows 10
EventTracker 8.2 – Release Notes was last modified: July 14th, 2016 by Pavan Agrawal