EventTracker 7.5 – Release Notes

The EventTracker engineering team continues to monitor changes in operation management, enterprise applications, and regulation compliance standards. Version upgrades are made based on customer feedback and experience in the field, providing you the best solution possible.

EventTracker 7.5 (Build 53)

  • Added support for IIS Express.
  • Revamped installation experience with a new default installation type that needs minimal user input.
  • Added support for users in list management. (ET75U13-012)
  • Feature for customizing the application logo for each user.(ET75U14-027)
  • Option to purge the transaction logs on hourly basis in Diagnostic.
  • Updated the description of event id 2257 to indicate the resource type.
  • Three types of installation options: Standard, Collection Point & Custom.
  • Added filter exception for event id 1074 for source “USER32” in default agent configuration and server template.
  • Added SMTP STARTTLS (Explicit TLS) support in mail client. (ET75U14-038)
  • Agent configuration fails to modify only CPU performance in System Monitor.(Update ET74U13-017)
  • Fix for the LFM issue where log rotation is not getting detected and access denied while opening EventTracker Agent configuration UI. (ET74U14-024)
  • Fix for count mismatch when searched from trending in basic logsearch. (ET75U13-006)
  • Fix for agent-less issues. (Update ET75U13-007)
  • Fix for no data shown in incident tabular view when non-admin user logs in. (ET75U13-008)
  • Fix for data display issues in incident dashboard. (ET75U13-010)
  • Optimizations in data transfer between Collection Point and Collection Master.(ET75U13-011)
  • Fix for blocking of report generation when license usage violation happens. (ET75U13-013)
  • Support for custom separator in DLA and fix for issues in log search.(ET75U13-014)
  • Fix for user permission issues in incident, log search, reports & dashboard application.(ET75U13-015)
  • Fix for unquoted service path issue in EventTracker Remote Agent Installer. (ET75U13-016)
  • Fix for unquoted service path issue in Change Audit Remote Agent Installer. (ET75U13-017)
  • Fix for logbook reference issues in reports and config assessment. (ET75U14-018)
  • Fix for issue where EventTracker Agent service fails to start on Windows 2000 system. Fix for issue in upgrading 64-bit agent from 32-bit EventTracker Console. (ET75U14-019)
  • Fix for handling of browser pop-ups when pop-up blocker is enabled.(ET75U14-020)
  • Agentless deployment fix for some regional settings. (ET75U14-022)
  • Fix for log search showing wrong date validation message in UK time-zone.( ET75U14-025)
  • Behavior engine is considering the event id of previously defined custom rule if event id is not specified in a newly created custom rule.
  • Agent does not read windows event logs if it is deployed on windows server 2003 or below, using the default etaconfig_Servers.ini or etaconfig_Workstations.ini under “Custom config”.
  • Improper pop up message is displayed during traffic analyzer report generation.
  • Diagnostic fails to show all CP details at CM console if cab is not received from any CP at first time.
  • On deleting the VCP port from Manager Configuration the respective config file is not removed from remote installer folder.
  • The configured scheduled scripts details are retained.
  • Netflow volume and utilization tab is shown blank on EventTracker web.
  • Fix for scheduled report Run Now not working for certain regional settings. (ET75U14-035)
  • Fix for the issue where scheduling of weekly report for the selected week day was not getting saved. (ET75U14-037)

EventTracker 7.5 (Build 29)

  • Unified Risk based View of Incidents across sites
  • Threat Intelligence Feed Management
  • SNMP v3 support for receiving/sending INFORM and traps is now available
  • Feature to permit any user provided script to be executed on a schedule
  • Active Directory reports for users, computers
  • Index Explorer allows power users to browse all created indexes including those within the sparse matrix. Options are available to disable indexing of hex, SID and GUID values.
  • Collection Points may send either incidents only or archives only or both to their Collection Master(s)
  • Unified licensing across all sites is now available
  • Metered license model is now available for MSP partners
  • Advanced Log Search page is redesigned
  • Behavior module dashlets updated to better reflect the processing
  • CIDR representation of IP addresses is allowed in Behavior dashlet filters
  • Behavior module can be reset by an administrator; this restarts the learning period
  • Users can be designated Admin-Read only, a new role
  • Incidents tabular view, when an incident search results are shown, bulk acknowledge is available
  • StatusTracker now allows concept of scheduled maintenance window. In this time, state changes do not cause alerts
  • Exported results from EventVault Explorer now include a summary page
  • Logbook entries can now be marked as closed so that further entries are not permitted
  • Log Search results can be instantly appended to existing or new logbook entries
  • Logbook Field names are now configurable
  • Option for monthly reports is available
  • Report calendar can be filtered by user
  • Performance enhancements in NCM. (Update ET73U13-104)
  • EventTracker Diagnostic Change Request
  • Diagnostics utility displays warning for stopped service even if the feature is not available in license.

New benchmarks added in Configuration Assessment

Microsoft SCM

  • Windows 7
  • Win7SP1 Bitlocker
  • Win7SP1 Computer
  • Win7SP1 Domain
  • Windows 2008 R2 SP1
  • WS2008R2SP1 AD Certificate Services
  • WS2008R2SP1 DHCP Server
  • WS2008R2SP1 DNS Server
  • WS2008R2SP1 Domain
  • WS2008R2SP1 Domain Controller
  • WS2008R2SP1 File Server
  • WS2008R2SP1 Hyper-V
  • WS2008R2SP1 Member Server
  • WS2008R2SP1 Network Access Services
  • WS2008R2SP1 Print Server
  • WS2008R2SP1 Remote Desktop Services
  • WS2008R2SP1 Web Server
  • google_chrome23windows_v1r2_stig_benchmark_20130827
  • microsoft_dotnet_framework4_v1r1_benchmark
  • windows_7_v1r16_stig_benchmark
  • windows_2008_r2_dc_v1r8_stig_benchmark
  • EventTracker: Published reports deleted
  • EventTracker: Behavior data reset performed
  • Task Scheduler: Task failed to start
  • Task Scheduler: Task finished
  • Task Scheduler: Task started
  • EventTracker: Logbook Email sent.
  • Updated category: EventTracker: RSS feed added
  • Added new category: EventTracker: Logbook config changes
  • Removed category: EventTracker: Change audit access history launched.
  • Added new pre-defined behavior rule for “Logon Activity”.
  • Modified category: EventTracker: Collection master deleted.
  • EventTracker: Change audit integrity violation status changed
  • EventTracker: Change audit access history launched
  • EventTracker: Change audit changed objects authorized
  • EventTracker: Behavior rule deleted
  • EventTracker: Collection point deleted
  • EventTracker: Collection Point cab files deleted
  • EventTracker: Collection master port setting changed
  • EventTracker: Config assessment policy results deleted
  • EventTracker: List entity added
  • EventTracker: List entity deleted
  • EventTracker: List entity updated
  • EventTracker: Correlation rule added
  • EventTracker: Correlation rule inactivated
  • EventTracker: Correlation rule modified
  • EventTracker: EventVault cabs deleted
  • EventTracker: EventVault explorer configuration modified
  • EventTracker: EventVault flex history database purged
  • EventTracker: Incident acknowledged
  • EventTracker: Incident unacknowledged
  • EventTracker: IP reputation lookup configuration added
  • EventTracker: IP reputation lookup configuration deleted
  • EventTracker: IP reputation lookup configuration activated-Inactivated
  • EventTracker: IP reputation lookup settings modified
  • EventTracker: Log book entry added
  • EventTracker: Log book entry modified
  • EventTracker: Logbook activity Inserted
  • EventTracker: Logbook activity modified
  • EventTracker: Logbook attachment Deleted
  • EventTracker: Logbook attachment inserted
  • EventTracker: Logbook investigation complete
  • EventTracker: Logbook reference deleted
  • EventTracker: Logbook reference inserted
  • EventTracker: Logbook referenced attachment deleted
  • EventTracker: Logbook entry reopened
  • EventTracker: Change audit policy schedule added
  • EventTracker: Change audit policy schedule modified
  • EventTracker: Change audit policy schedule deleted
  • EventTracker: RSS feed added
  • EventTracker: RSS feed deleted
  • EventTracker: RSS feed Modified
  • EventTracker: Report sent via Email
  • AD-DisabledUserAccounts
  • AD-DomainComputers
  • AD-EnabledUserAccounts
  • AD-ExpiredUserAccounts
  • AD-InactiveUserAccounts
  • AD-NeverLoggedInUsers
  • AD-PasswordExpiredUsers
  • AD-RecentlyLoggedInUsers
  • AD-UserAccountdetails
  • AD-UserAccountPasswordNeverExpires