EventTracker 7.4 – Release Notes

The EventTracker engineering team continues to monitor changes in operation management, enterprise applications, and regulation compliance standards. Version upgrades are made based on customer feedback and experience in the field, providing you the best solution possible.

EventTracker 7.4 (Build 36)

  • Log Search: Allow user to enter systems or groups for search.
  • If multiple IPs is found for a same location, earlier only one pin was visible with last IP information. Now the single pin will show multiple IPs mapped to that location.
  • Notes & Flagging provided for DLA reports.
  • Significant performance improvement in agent module for Network Connection Monitoring.
  • Optimizations in agent less monitoring of remote system. (ET64P13-056)
  • Enhanced information in USB monitoring events. (Update ET73U13-097)
  • Fix for search and sorting issues when DLA reports shown in report dashboard.
  • Fix in Log search to refresh the ‘No. of pages’ value while search is in progress.
  • In exported excel, if * exists in a cell, the entry was being removed by excel.
  • Log Search refine window comes blank after clicking on back button.
  • Distinct Event property pane on Advanced log search turns blank on refining the existing data.
  • Fix for Flex history persists data is not stored in database server provided for EventVault Explorer.
  • In Logsearch, Unable to do system search for selected CP on CM.
  • Registry handle leak in agent while querying user information.
  • Runaway process related events are not getting generated when a 64-bit process crosses the given memory threshold.
  • Sometimes the EventVault service fails to process cache files.
  • Fix for issue where CollectionPoint stops sending cabs unexpectedly. (Update ET74U13-008)
  • Part of the event description before XML translation is truncated to 1023 characters if SID/GUID translation is successful. (ET74U13-SP1, ET73U13-088)
  • Fix for handle leak in agent service if connection to syslog manager fails.
  • Fix for the issue where Direct Log Archiver fails to handle multiple files of a single SQL trace session.
  • EventTracker agent service stops with exception code “c0000409” while performing SID translation. (ET64P13-056)
  • Text contained in curly braces in event description is removed in the translated event description if it is not in the SID/GUID format. (ET64P13-056)

EventTracker 7.4 (Build 30)

The incident number is appended to the subject of an e-mail generated as an alert action.
  • Delete the extracted *.mdb files in\EventTracker\AdvancedReports\Cache.Indexer folder while processing archives.
  • EventTracker Alerter stops working. (Bug #4008)
  • Collection master process stops while receiving some cab index files. (ET72U13-140)
  • Configuration is not retained and upgrade fails if user does not have required permissions in SQL server.
  • OS type of 2012 is recognized as NT Server on ET system manger. (Bug #4001)
  • Windows Agent LFM fails to bookmark IIS W3C log files correctly.
  • Windows Agent is consuming high memory when monitoring large number of log files.

EventTracker 7.4 (Build 28)

  • Added support for parsing OpenVAS Vulnerability Scanner.
  • Provided Report Groups under reports tree in configuration screen.
  • Search around and exclude/filter features provided in log search.
  • Provided option to send email in Reports Dashboard.
  • Color scheme of “risk” in the incidents dashboard is now in accordance with Dept of Homeland Security Color Coded Threat Warning System.
  • Optimizations in Change Audit to reduce the usage of database transaction log.
  • When custom cache path is configured, EventVault service fails to move corrupt ec2 file to failed folder. This leads to the same ec2 file getting processed continuously.
  • Logbook not working on installations with named SQL instance.
  • Reports wizard: check license for persist reports data (bug #3979)
  • Flex persisted data: if report is huge then data from the second split onward is not retained in database.
  • Event description gets truncated in Direct Log Archiver.

EventTracker 7.4 (Build 25)

  • One Minute Manager feature for Incidents prioritized by risk
  • Electronic Logbook for Incident Handling; based on SANS Incident Handlers Guidebook
  • Flag items for review; flags can be applied to Incidents, Reports, Change Policy comparisons or Configuration Assessment results
  • Flex Reports: Option to persist flex report  data in a database  for a specified duration
  • Major redesign of Report screen
  • New search results screen with timeline graphics and filter options
  • Event-O-Meter Dashboard improvements to show both log count and log volume including both realtime and file transfers
  • Significant performance improvements in: Receiver, Archiver, Reporter, Indexer, Behavior, Direct Log Archiver and Windows Agent Log File Monitor modules
  • XLS reports now use Office 2007 native format
  • IP Behavior screen provides display by Public, Private and All addresses
  • New feature to change Status to Maintenance as a group in StatusTracker module
  • Command line log searches can now retain the temporary database created as an option
  • Systems are identified by their Fully Qualified Domain Name (FQDN) rather than their NETBIOS name to distinguish between sites that reuse machine names and IP addresses
  • Enhanced diagnostics utility to fetch additional information like disk space used by each database table.
  • Time of last log received is updated for syslog sources also.
  • Option in EventVault to view and operate upon archives of CP on a CM system.
  • A new option in Agent to specify the disk space threshold for individual disks.
  • New utility for moving CP archives on CM
  • New option to transfer CP archives to CM on scheduled basis
  • New Secure EventTracker web page
  • OWASP Compliant EventTracker guide
  • EventTracker: Integrating ArrayOS SPX
  • EventTracker: Integrating Cisco NAC Appliance
  • EventTracker: MySQL Integration Guide
  • EventTracker: Teradata Database Server
  • Reports for “Consensus Audit Guidelines V2.1” and “Consensus Audit Guidelines V4.1”
  • ArrayOS SPX (Categories and Alerts)
  • Cisco NAC(Categories, Alerts)
  • MySQL Server(Categories, Alerts, Flex Reports)
  • Teradata Database Server (Categories, Alerts , Flex Reports)
  • Windows-Successful User Logon Report
  • Windows-Failed User Logon Report
  • EventTracker-USB or Other removable media Insert-Remove
  • EventTracker-Critical Service stopped or restarted
  • Windows-Object permission changes
  • Windows-File System object created-modified
  • Windows-System Shutdown-Restart
  • Windows-Security Pre Authentication Failure Report
  • Windows-Administrative Activities
  • USGCB IE 7
  • USGCB Windows Vista
  • USGCB Windows Vista Energy
  • USGCB Windows Vista Firewall
  • USGCB Windows XP
  • USGCB Windows XP Firewall
  • DISA STIG IE9 (MAC-1_Public)
  • DISA STIG IE10 (MAC-1_Classified)
  • MS-SCM Win 2012 (AD-Certificate-Services-Server)
  • MS-SCM Win 2012 (Domain-Controller)
  • MS-SCM Win 2012 (Domain)
  • MS-SCM Win 2012 (DHCP-Server)
  • MS-SCM Win 2012 (DNS-Server)
  • MS-SCM Win 2012 (File-Server)
  • MS-SCM Win 2012 (Network-Policy-and-Access-Services)
  • MS-SCM Win 2012 (Print-Server)
  • MS-SCM Win 2012 (Remote-Access-Services)
  • MS-SCM Win 2012 (Remote-Desktop-Services)
  • MS-SCM Win 2012 (Web-Server)
  • MS-SCM Win 2012 (Hyper-V)
  • MS-SCM Win 2012 (Member-Server)
  • MS-SCM Windows 8 (Domain)
  • MS-SCM Windows 8 (Computer)
  • MS-SCM Windows 8 (BitLocker)
  • The event log details remains empty for agent less system for 2008 server and above. (Bug #3933)
  • In “Basic Configurations” UI, displaying Log backup option for Vista agent also. (Bug #3918)
  • The event property user remains empty for event id 3217 and 3218. (Bug #3878)
  • Log type is blank for some events generated by Direct Log Archiver when EVTX file is processed.
  • When we do a log search for parsed evtx file system (DLA external sources) the event description comes up with N/A. (Bug #3792)
  • Agent filter that does not have event id specification does not work for events generated by Vista and above systems.
  • DLA-Extension action type “Execute script” does not pass the complete file path as single parameter to the script if the configured path contains space character.
  • The event count in receiver event counter file (.etw) does not contain number of events processed between last file update time and the time at which the receiver service stops.
  • During LFM of IISW3C format some field value are not assign with the proper value.
  • Agent configuration does not display syslog prefix value correctly.
  • Direct Log Archiver is not processing the log files when a wildcard is specified in Logfile Extension field.
  • In Collection Master, modified site based flex reports are getting cancelled.
  • Fix for wrong event count display in admin Dashlets and fix for specifying Date Time fields while configuring custom logs in manager DLA.
  • Behavior engine fails to insert behavior analysis statistics into database when number of out of ordinary activities is huge.
  • Wrong system data during export of alert configuration.
  • Agent service modified to generate Event Id 3202 only for services with Automatic start type during the daily service check.
  • Fix for performance and accuracy of log search graph and added feature to override the indexer.
  • Change Audit – Results Summary Console closes with exception code c0000409.
  • SQL login failure when user is made as administrator in EventTracker application.
  • “Event Computer” and “Event Time” properties added to syslog message alert action.