EventTracker 9.0 - Release Notes

The EventTracker engineering team continues to monitor changes in operation management, enterprise applications, and regulation compliance standards. Version upgrades are made based on customer feedback and experience in the field, providing you the best solution possible.

EventTracker 9.0 (Build 18)

  • Redesigned UI Themes: Dashboard with customizable tiles. Sleek, contemporary appearance.
  • Responsive and adaptive design: UI adjusts automatically to the device/resolution you use.
  • EventTracker Common Indexing Model (CIM): All logs/events normalized and mapped to common schema.
  • Improved search performance using Elasticsearch: Proven, open-source search technology delivers big data capacity, so enterprises can capture all the data required for automated analysis and rapid investigations. It is used to store all events represented in EventTracker CIM for last 7 days.
  • TearAway enhancement: configurable UI
  • Saved searches in widget configuration.
  • Exposed tabular data as a new dashlet type.
  • Export import of dashlets in Compliance dashboard.
  • Enable/Disable option for sub-folder monitoring.
  • Specific registry/folder monitoring can be enabled/disabled at system as well as global level.
  • Creating dashlets from logsearch.
  • Admin Diagnostics redesigned dashboard available.
  • Controlling the size of flex dashlets.
  • Enhancement in application and network connection monitoring for identification of new hash and unique IP address in the network.( ET83U17-024)
  • Support for VMware vCenter 6.0 and later: Support for reading logs from vSphere 6.5 in Agent LFM.
  • Support for importing of STIX IOC's directly to active watch list.
  • Added default compliance dashboards for PCI DSS and NIST 800-171.
  • Added new behavior rules "Windows Service Started" and "TCP Port Listening Started".
  • New chart types (Stacked Area, Area and Pie) are added in dashlet/widget configuration.
  • Added a new dashboard for unsafe hashes.
  • No device specific KPs are imported automatically during setup. All relevant KPs need to be imported during initial setup. All KPs are distributed in the setup and available in new folder structure under "EventTracker->Knowledge Packs".
  • Renamed "Logbook" to "Casebook"
  • "Knowledge Category" is now known as "Pre-defined - Saved Search"
  • EventTracker Console/Manager can only be installed on 64-bit windows
  • Windows sensor is no longer supported on Windows XP and Windows Server 2003. Minimum supported operating systems are Windows Vista and Windows Server 2008.
  • Support for SQL Server 2005 for EventTracker Console/Manager is deprecated.
  • Log search from various modules - animation to add search as a task is removed.
  • Event id 8009, 8014 and 8015 are generated based on safe hash list instead of "knownexewhilelist" watchlist. Removed the "KnownExeWhitelist" from Active watchlist.
  • Event Id 9999, 9998 and 10000 contain additional information like remote Address, MD5 Hash and direction in Event description.
  • EventTracker does not generate process and network events for its own processes.
  • Added 8.8.8.8, 255.255.255.255 and Microsoft Office services IP addresses in IP Activity filters.
  • "Flex Dashboard" is changed to "My Dashboard"
  • Removed "My EventTracker"
  • Configuration Assessment (SCAP)
  • StatusTracker
  • The built in netflow receiver is no longer available
  • LogWatch
  • Net Message and RSS alert notification types.
  • Fix for Correlator receiver crashing issue (ET83U17-023)
  • Fix for the issue where some Alerts are not getting Triggered. (Update ET83U17-018)
  • Change Audit: Fix for the issue where Config sent folder are not getting deleted.
  • Fix for the issue where EventTracker EventVault consuming high memory. (Update ET83U17-030)
Following new KOs are included
  • Duo Security
  • Akamai Web Application Firewall
  • Carbon Black
  • Tenable.io
  • Microsoft Antimalware
  • Carbon Black Protection
  • Check Point Firewall
  • Cisco IOS
  • ET VAS
  • HAProxy Server
  • VMWare
  • Webroot Antivirus
  • Websense Security Gateway WSG
  • Mimecast