Release Notes ================ IBM Security Guardium. Guardium v10.0 p200 GPU. Guardium v release notes

Similar documents
For reference, V10.0 Detailed Release Notes (August 2015)

Release Notes ================ IBM Security Guardium. Release: v10.0. Completion Date: Guardium v10.0 release notes

Release Notes ================ IBM Security Guardium. Guardium v10.0 GPU p400. Guardium v release notes

DB2 S-TAP, IMS S-TAP, VSAM S-TAP

SqlGuard-9.0p750_GPU_March_2017_32-bit.tgz.enc. SqlGuard-9.0p750_GPU_March_2017_64-bit.tgz.enc

Release Notes ================ IBM Security Guardium. Release: v10.1. Version Guardium v10.1 (patch 100) Completion Date:

Release Notes ================ InfoSphere Guardium. Release: 9.1. Version InfoSphere Guardium v9.0, patch 200. Fix Completion Date:

IBM Security Guardium

Release Notes ================ IBM Security Guardium. Release: v10.5. Version Guardium v10.0 GPU 500. Guardium v10.5 release notes

IBM InfoSphere Guardium

Description: InfoSphere Guardium GPU v9.5 (v9.0 patch 500)

ff5f5b56ce55bcf0cbe4daa5b412a72e SqlGuard-9.0p530_64-bit.tgz.enc

Click "Continue", then select "Browse for fixes" and click "Continue" again.

IBM InfoSphere Guardium

Release Notes ================ InfoSphere Guardium. Release: 9.0. Fix ID# V9.0 GPU Patch 50. Fix Completion Date:

InfoSphere Guardium v9.1 Linux STAP r Click "Continue", then select "Browse for fixes" and click "Continue" again.

Release Notes ================ IBM Security Guardium. Guardium v10.0 GPU p230. Completion Date: 2017-August 18. Guardium v10.1.

IBM services and technology solutions for supporting GDPR program

IBM C IBM Security Guardium V10.0 Administration.

IBM Security Guardium Analyzer

IBM InfoSphere Guardium Tech Talk: Roadmap to a successful V9 upgrade

Intrusion Detection and Prevention IDP 4.1r4 Release Notes

IBM Security Guardium Cloud Deployment Guide IBM SoftLayer

IBM Security Guardium: Troubleshooting No Traffic Issues

IBM Security Guardium Cloud Deployment Guide AWS EC2

IBM Security Guardium v9.5 Features and Updates Tech Talk

McAfee epolicy Orchestrator Release Notes

Version 11 Release 0 May 31, IBM Interact - GDPR IBM

A Quick Look at IBM SmartCloud Monitoring. Author: Larry McWilliams, IBM Tivoli Integration of Competency Document Version 1, Update:

IBM Security technology and services for GDPR programs GIULIA CALIARI SECURITY ARCHITECT

IBM Proventia Management SiteProtector Policies and Responses Configuration Guide

DataSunrise Database Security Suite Release Notes

ForeScout Extended Module for Qualys VM

McAfee Enterprise Security Manager

IBM Security Guardium Tech Talk

Empowering DBA's with IBM Data Studio. Deb Jenson, Data Studio Product Manager,

IBM BigFix Version 9.5. WebUI Administrators Guide IBM

NetIQ Privileged Account Manager 3.5 includes new features, improves usability and resolves several previous issues.

Using Buffer Usage Monitor Report & Sniffer must_gather for troubleshooting

Enabling AT-TLS encrypted communication between z/os and IBM Guardium Appliance

IBM Hyper-Scale Manager as an Application Version 1.7. User Guide GC

IBM QRadar User Behavior Analytics (UBA) app Version 2 Release 7. User Guide IBM

IBM Security QRadar Version Architecture and Deployment Guide IBM

NGFW Security Management Center

IBM Security QRadar Version 7 Release 3. Community Edition IBM

IBM Campaign Version-independent Integration with IBM Engage Version 1 Release 3.1 April 07, Integration Guide IBM

Exam Questions C

Intrusion Detection and Prevention Release Notes

This Readme describes the NetIQ Access Manager 3.1 SP5 release.

Carbon Black QRadar App User Guide

Click to edit Master subtitle style

IBM Security Guardium Tech Talk

IBM InfoSphere Guardium Tech Talk: Take Control of your IBM InfoSphere Guardium Appliance

Archived. h h Health monitoring of the Guardium S-TAP Collectors to ensure traffic is sent to a Collector that is actually up and available,

This document contains information on fixed and known limitations for Test Data Management.

IBM Hyper-Scale Manager as an Application Version 1.8. User Guide IBM GC

Application Discovery Manager User s Guide vcenter Application Discovery Manager 6.2.2

Copyright 2014, Oracle and/or its affiliates. All rights reserved.

Sentinel 8.0 includes new features, improves usability, and resolves several previous issues.

Managing Oracle Real Application Clusters. An Oracle White Paper January 2002

vcenter Server Appliance Configuration Modified on 17 APR 2018 VMware vsphere 6.7 VMware ESXi 6.7 vcenter Server 6.7

InfoSphere Guardium 9.1 TechTalk Reporting 101

NGFW Security Management Center

Microsoft SQL Server Fix Pack 15. Reference IBM

IBM Marketing Software 10.1

DATABASE SECURITY AND COMPLIANCE. FortiDB Handbook VERSION

Release Notes for Snare Server v6 Release Notes for Snare Server v6

Oracle Communications Order and Service Management

Network Security Platform 8.1

IBM Enterprise Marketing Management 9.1.2

How to Troubleshoot Databases and Exadata Using Oracle Log Analytics

IBM Security QRadar SIEM Version Getting Started Guide

WhatsConfigured v3.1 User Guide

IBM XIV Storage System IBM Hyper-Scale Manager Installation as application Version 1.4. User Guide GC

Using Hive for Data Warehousing

McAfee Network Security Platform 8.3

IBM Tivoli Storage Manager Version Introduction to Data Protection Solutions IBM

Interface Reference topics

Juniper Secure Analytics Patch Release Notes

McAfee Network Security Platform 8.3

IBM Security Guardium Data Activity Monitor

McAfee Database Security Hotfix 2 Release Notes

Getting Started With Intellicus. Version: 7.3

Perceptive Content. Release Notes. Version: 7.0.x

McAfee Network Security Platform 9.1

Adaptive Risk Manager Offline PoC Guide 10g ( ) December 2007

Netezza PureData System Administration Course

Oracle Financial Services Data Management Application Pack

Configuring Cisco TelePresence Manager

IBM Spectrum Protect Version Introduction to Data Protection Solutions IBM

MidVision Cloud - Image Support #3021 DataPower DNS Issue

Security Content Update Release Notes for CCS Update

Enhanced Threat Detection, Investigation, and Response

IBM InfoSphere Information Analyzer

IBM Security QRadar. Vulnerability Assessment Configuration Guide. January 2019 IBM

Network Security Platform 8.1

McAfee Network Security Platform 9.1

Guardium Tech Talk: Hints and tips for a successful V10 upgrade. Javaid Rajmohamed Guardium Lab Advocate. Ron Ben-Natan Founder/CTO JSonar

Oracle Data Masking and Subsetting

Bsafe/Enterprise Security Enhancements v.6.1

Transcription:

Release Notes ================ Product: Release: Version Completion Date: IBM Security Guardium v10.1.2 Guardium v10.0 p200 GPU 2016-December-15 IBM Guardium offers the most complete database protection solution for reducing risk, simplifying compliance and lowering audit cost. The IBM Security Guardium solution is offered in two versions: IBM Security Guardium Database Activity Monitoring (DAM) IBM Security Guardium File Activity Monitoring (FAM) - Use Guardium file activity monitoring to extend monitoring capabilities to file servers. The IBM Guardium products provide a simple, robust solution for preventing data leaks from databases and files, helping to ensure the integrity of information in the data center and automating compliance controls. 1

Contents Guardium v10.0 p200 GPU (v10.1.2) Release Notes... 3 Health Check patch... 3 Controlled Upgrade Program... 3 New for 10.1.2 features/functions and enhancements... 5 Additional OS and Databases supported... 8 Known Issues and Limitations... 9 Bugs fixed in v10.1.2 (v10.0 patch 200 GPU)... 11 Additional S-TAP-related bugs fixed in v10.1.2... 14 Combined Fix Packs for v10.0 since V10.1 (June 2016)... 15 Security Patches since V10.1 (June 2016)... 15 Sniffer Updates since V10.1 (June 2016)... 16 Links... 19 Link to formal Guardium V10.1 product announcement... 19 Online help available via Web... 19 V10.1.2 Detailed Release Notes (November 2016)... 19 V10.1 Detailed Release Notes (June 2016)... 19 Links to System requirements/ Technical requirements for v10.1/10.1.2... 19 V10.1 and Developerworks... 20 2

Guardium v10.0 p200 GPU (v10.1.2) Release Notes General note on upgrading to v10.1.2 v10.0 p200 GPU can be installed on any v10.x system regardless whether it was upgraded from v9.x or built from earlier v10.x image. The only dependency is that v10.0 Health Check patch 9997 must be successfully installed before installing the Guardium v10.0 p200 GPU. See the section below on Health Check patch. v10.0 p200 GPU includes all previous v10.0 fixpacks and security updates. See the section later in this document about v10.x fixpacks, security updates and sniffer-related patches. Health Check patch v10.0 Health Check patch 9997 must be successfully installed before installing the Guardium v10.0 p200 GPU. This GPU patch will not install without FIRST installing the Health Check patch. The name of this file is SqlGuard-10.0p9997_(date).tgz.enc. Always use the latest and newest version of Health Check patch on Fixcentral. Note: v10.0 Health Check patch 9997 installed for an earlier GPU (for example, v10.0 p100) needs to be installed again for v10.0 p200 GPU (make sure to download and install the latest version of v10.0 Health Check patch 9997 prior to running GPU patch). Always use the latest and newest version of Health Check patch on Fixcentral. For further information on Health Check patch 9997, refer to https://delivery04.dhe.ibm.com/sar/cma/ima/06jf2/0/v10.0_health_check_patch_rele ase_notes.pdf Controlled Upgrade Program To ensure overall client success, the Guardium team has put together a team of experts to implement a controlled upgrade program. For a limited time, the Guardium team will work closely with customers that wish to upgrade their Guardium v9 64-bit to v10.1. There is no direct upgrade to v10.1.2 from v9. The path is v9 to v10.1, then install v10.0 p200 GPU to get to v10.1.2. The effort will include assistance for a small scale environment or a small subset of a larger environment. 3

This initiative will provide IBM a better understanding of the upgrade from the customers point of view thereby enhancing the upgrade experience for all. Note: For the period of time that the controlled upgrade program is running, the upgrade package will not be available on Passport Advantage or on Fix central. For more information on this program, please contact Carrie Rogers, carriero@us.ibm.com Note: An Upgrade v9.x to v10.1 document is available from the following hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg27048188 4

New for 10.1.2 features/functions and enhancements 1. Outlier detection enhancements An outlier is defined by behavior from a particular source (a database, a particular user on a database, a server, or an OS user) in a particular time period that is outside of the normal timeframe or scope of the particular source's activity. Outliers detection extends traditional database monitoring with increased intelligence that provides early detection of possible attacks during operation by analyzing changes in source behavior. This release introduces: FAM support Runs on an aggregator on data from several collectors (previously to 10.1.2 only ran on collector locally) Outlier mining status page, providing the current status of the outlier mining process on all managed units, and drill-down into outlier processes that did not complete successfully Two tabs in the Results Table of the Investigation Dashboard: Summary tab has one row per source per hour in which an anomaly was found, with anomaly score and reasons; Details tab has one row per outlier with the anomaly score, outlier reason(s) and details (source program, object, verb, etc.) 2. Hadoop activity monitoring and Cloudera 5.7+ integration/ Ranger enhancements This release expands Guardium support for monitoring Hadoop data with Cloudera integration using Cloudera Navigator and Hortonworks integration using Apache Ranger. These integrations allow SSL encryption for clients that need to access Hadoop data and are supported by a new Hadoop Monitoring UI. 3. Classifier enhancements and new Cleversafe backup/archive option Guardium now supports running multiple classifier processes concurrently. The ability to run more than one classifier process at a time allows more efficient use of available system CPU resources. By default, Guardium classification processes now exclude several system databases and schema used by database software providers. By excluding these databases and tables, classification processes run more efficiently and may return fewer errors. 5

Cleversafe backup/archive supports the Amazon S3 interface using the same SDK. Guardium interface to Cleversafe is analogous to Amazon S3 (which is also supported by Guardium). Guardium cloud support now includes Cleversafe, SoftLayer and Amazon S3. 4. Enterprise health views The new Deployment Health Dashboard expands existing deployment health views by providing an at-a-glance summary of health issues from across an entire Guardium deployment. The dashboard is especially useful for identifying patterns and trends in the health data before investigating individual systems where problems are identified. 5. FAM enhancements -UID chaining and multi-action rule and outliers UID chain for Windows FAM - Currently the Windows FAM agent returns the username for the process assigned to a file event. Now the Windows FAM agent will change that single username into a chain of usernames that belong to the history of the process (UID chain). For instance is Process 1 (user janedoe) spawns Process 2 (user johndoe), then for file events related to process #2, FAM will report the UID chain consisting of {janedoe, johndoe}. Multi-Action Rule for FAM - Evaluate multiple commands using one rule and a group of commands to multiple actions. The commands in a FAM context are: Read, Write, Delete, Execute and File Operation. Outlier detection now supports FAM. 6. Entitlements optimization Entitlement Optimization mediates between the role of the DBA in providing users the entitlements required to perform their jobs efficiently, and the role of Security in keeping entitlements as accurate and as minimal as possible to prevent system vulnerabilities. Navigate to Entitlements optimization by Discover > Database Entitlements > Entitlements Optimization 7. HP Vertica support HP Vertica is a big data system that competes with Hadoop. HP-Vertica provides a standard Postgres SQL interface with its proprietary extensions. HP Vertica is used for data warehouses to provide very fast query performance. HP Vertica is used for user interaction analysis, ad tracking, click stream applications, threat assessment and financial forecasting. 6

8. UNIX S-TAP RPM changes Installation to /opt/guardium (location cannot be changed). RPM default configuration ktap_installed=1 Flex loading can be used by exporting NI_ALLOW_MODULE_COMBOS="Y" prior to RPM installation sqlguard_ip set to 127.0.0.1 tap_ip set to hostname RPM logs saved to /opt/guardium/rpm_logs Live update is supported. KTAP request updates supported via existing processes (increments package version). Shell and GIM installers will refuse to install if RPM installation is detected. STAP will be running after installation, but needs to be configured. New script, guard-config-update, provided to make post-installation configuration easier. 9. GDPR Accelerator Data privacy and security are the most pressing concerns that any organization must face. Previously within the European Union each country required different levels of compliance, the newly announced General Data Protection Regulation (GDPR) expands and standardizes data protection rules across the whole European Union. The Guardium GDPR accelerator provides predefined reports based on GDPR groups and policies. To begin working with the GDPR accelerator, assign the GDPR role to a Guardium user, then navigate to Accelerators > GDPR with that user account. 10. Data in-sight Data in-sight introduces a revolutionary paradigm that utilizes human visual capabilities to gain an overall view on data flow and to identify unexpected behaviors. Guardium already provides robust machine learning and data-analysis features to assist audits and detect attacks, based on accumulated experience and knowledge. Data in-sight adds the flexibility of human visual perception to spot associations and movements in the raw data, irrespective of known attack types, that would otherwise be unnoticed. 7

For example, an object recognition project to identify potholes in city streets would not identify an elephant wandering the neighborhood. The human eye, however, would spot it immediately. Similarly, when reviewing audited data in bar charts, users looks for known issue types, but can easily overlook new (unknown) aberrations. Data in-sight converts audited data to a 3-D chronological visualization of data sources and destinations, showing data transactions unfold exactly as they occurred. The visualization space contains two planes, each represents entities of the audit domain of a given type. Every entry in the audit data is represented as a moving flash line from an object of the upper plane (one of client IP, OS user, DB user, source program) to an object of the lower plane (one of database, object, server). The flash line between the source and the destination leaves a trail (a dotted line) indicating the presence of interaction between the specific source and destination, which gradually fades into the background. The trails form an overview of the interaction between sources and destinations in the selected time period. The sources are located near their destinations, and near other similar sources. The size of the destination entity is proportional to the volume of transactions relative to the other destination entities. There are many ways of modifying the display including: color-code the top entity (color changes as data source details change), filter from the data in-sight chart, and the investigation dashboard facets. You can also view data in-sight with VR headsets. To access data in-sight: in the Investigation Dashboard, click Add Chart > data in-sight chart. 11. Quick Search renamed Investigation Dashboard Guardium s quick search capabilities have increased over the last few releases, and the name of the search results page has been changed accordingly, to Investigation Dashboard. The dashboard contains the previous quick search for enterprise functionality with additional enhancements for visualizing and analyzing data. The original quick search is now named the Results table, and appears at the bottom of the investigation dashboard. Additional OS and Databases supported Support for the S-TAP agent RedHat 7.1 on Power 8 (Big endian) architecture. MS-SQL Server 2016 RedHat 7 s390; AIX 7.2; DB2 11; MemSQL 8

Known Issues and Limitations Issue No. Description Guardium Component Bug # 1. STAP discovery will not discover the Oracle instance with no listener. 2. When using Linux RH7 LE machines (ppc64, little endian), a GIM installation does not work on a SSL connection with certificates (over port 8446). On this specific platform, a GIM installation is successful on a SSL connection without certificates (over port 8444). To be clear, this issue does not affect S-TAP or any other agent interacting with Tomcat. UNIX STAP 39855 SSL connection with and without certificates 3. On some UNIX/Linux systems, and specifically on AIX, even after stopping the database, the ATAP libraries may be marked by the system as in-use and activation will be prohibited after Live update because the system will prevent the user from copying the new library files. In this instance, look in the directory for the file (both specified in the error message) and delete it manually if completely certain that the database is down and that no one else has started it, or any other ATAP is using that library. An alternative involves rebooting the server to clear the in-use designation which is set by the OS kernel and is not under Guardium user control. ATAP libraries in-use with AIX 34828 4. Shell and GIM installers will refuse to install if RPM installation is detected. 5. If (1) you add data to a backup screen such as SCP and save it. Then (2) click on a different backup page (for example, FTP), but do not fill in the FTP page and then (3) click back to the SCP page. The data that was saved on the SCP page will not display. The user will have to refresh the screen in order to see the contents of the SCP page again. 6. Multiple threads are not allowed by Central Manager load balancer. 7. Consolidated shell installer cannot be used for AIX 7. The workaround is to use the single shell installer. Linux S-TAP/ RPM 39159 Backup and restore 40133 CM load balancer Shell installer 9

Issue No. Description Guardium Component Bug # 8. When a distributed report, in immediate or schedule mode, is added to My Custom Reports, those reports are only present for that session. If the user logs off and back on, the reports are gone. As a workaround, add these reports to My Dashboard and then logout/ log back in - these reports are saved. Specific distributed reports - Admin Dashboard VA stats - Distributed Admin; Dashboard TODO list stats - Distributed Distributed reports/ My Custom Reports 40196 Note: Important issues in this table will be addressed in future V10.x maintenance releases. 10

Bugs fixed in v10.1.2 (v10.0 patch 200 GPU) The list below details many of the bugs fixed in v10.1.2. However, if you are looking for a certain bug, that is not listed, check with your Guardium support team member. RTC # APAR Description 40013 System stops, Windows 2008 32-bit system with Windows STAP installed 39883 GA15931 New 10.1 X-series appliance unable to access the network 39691 grdapi create_fam_rule should not use a constant values list for serverhost 39315 GA15908 'Logout Date and Time' is always blank after a successful login. 39279 GA15933 Error adding receiver for audits with correct role access 39090 Issue running built-in report "Installed Patches" as a task via audit process. 38995 GA15934 Query Rewrite - MU issues when masking pattern is in single quote, double quote or no quote for DB2 38983 KTAP Serial System Call resulting in high CPU. 38955 Toggle automatic and manual management of hn.arc (hostnames archive) content via ADMINCONSOLE_PARAMETER switch. 38582 SNMP settings missing after applying v10 p120 38463 GA15974 update_stap_config is not updating some parameters for UNIX S-TAP 38234 FAM: Alert and Audit setting are lost in Japanese and Chinese settings. 38228 Can't stop guard_discovery from GIM (setting STAP_USE_DISCOVERY=0) 38092 GA15846 Audit process results GUI column orders are wrong after upgrading to v10 GPU100 38076 GA15823 System backup calculation is incorrect and should be revised. 38063 Remote audit report on v10 does not show result data when there is only record returned. 37915 IT17334 Aggregator backup keys file is not working on v10p32 and v10p100 37632 GA15918 Fix an instance of audit task is taking too long to complete. 37114 Running report based on computed attributes results in "Bad date format" error 36881 Need to increase amount of records to 15 days(21600) for SNIFFER_BUFFER_USAGE in all related must gather commands 36786 GA15846 Column order is incorrect in audit process results. 36700 Can't populate group from pre-defined custom tables 36692 Add an option to ignore the check for aggregation health for deployments that do not have aggregators 11

RTC # APAR Description 36341 GIM client should write to syslog when losing/restoring connection to GIM server 36338 Auto assign Windows GIM client ip to avoid duplicate GIM client IPs when cloning database servers 36337 Auto assign GIM client IP to avoid duplicate GIM client IP when cloning database servers 36329 Add grdapi command to list user roles 36314 GIM processes should not be restarted while UNIX system is in shutdown mode 36308 Oracle Exadata servers are not directly supported by STAP shell installers 36307 Windows STAP Rebalancing: Missing DB_User in GDM_ACCESS after traffic relocated to another Managed Unit 36297 Remove Patch Backup configuration screen and CLI as function is deprecated 36295 Support FAM UID chain in UNIX S-TAP 36276 Add "KTAP_ALLOW_MODULE_COMBOS" as optional parameter for GIM consolidated installations 36275 Add CAS install option for GIM consolidated installation 36262 Add the remaining policy rule actions to the sensitive data scenario 36261 Add catalog and unstructured search to discover sensitive data scenario 36257 Allow larger root partition during install 36255 Assess the risk of converting from EXT3 to EXT4 36231 Restart Sniffer after store system time 36216 Report using datasource is not working with user hierarchy 36101 Windows S-TAP enhancement: Send crash dump to appliance 30982 Allow Application User Translation connect to a server requiring an Encrypted connection 54817 bugzilla GA15910 Fix GuardApp event fields Event Type 0 and Event Value Str blank in Entity Policy Rule Violation but are with Entity SQL 12

Note: Installing or upgrading to 10.1.2 Windows S-TAP: Fresh install of v10.1.2, no reboot required Upgrading from v9 to v10.1.2, no reboot required Upgrading from v10.0 and build lower than 83909, reboot is required Upgrading from v10.1.xx (revisions lower than Windows STAP v10.1.22.16), reboot is required 13

Additional S-TAP-related bugs fixed in v10.1.2 RTC # APAR Description 34779 Add support for scrub for Informix EXIT 34823 Enable Windows STAP to negotiate TLS 1.2 as its first priority 34856 Add grdapi function based on GUI action "Add Guardium Hosts" for S-TAP from S-TAP control screen 34885 Add STAP discovery option when using GIM consolidated installer 35051 Allow user to point STAP to more than one Guardium system from grdapi 35089 restart_stap API is not accepting hostname 35093 Implement firewall for DB2 exit 35272 Need to implement encryption through GUI for Postgres SSL 35321 Create a predefined report for STAP statistics 35334 Add a grdapi command to "Run Database Instance Discovery" 36472 Change STAP to permit TLS 1.2 (or TLS 1.0+) instead of just TLS 1.0. 37225 Improve predefined scrub rules 37328 Add networks, exclude IP to EXIT protocol 37481 STAP update for shell installation should update newer set of Linux modules if installer subversion number is higher 37523 STAP monitor not working in GIM environment if GIM not installed in "/usr/local/guardium" directory 39285 Regression : datestamps in the monitor don't always show up 39319 Add a parameter to globally disable FAM 39343 Support Greenplum SSL 39646 GA15922 (Bug 55093) - KTAP stopped inside SEOS affecting Solaris 14

Combined Fix Packs for v10.0 since V10.1 (June 2016) Guardium v10.0 patch 120 Combined Fix Pack for v10.0 GPU 100 (August 24 2016) SqlGuard-10.0p120_CFP_Aug_24_2016.tgz.enc.sig https://delivery04.dhe.ibm.com/sar/cma/ima/06efq/1/v10_0_cfp_patch_120_detailed_release _notes_august_2016.pdf = = = = = = = = = = = = Guardium v10.0 patch 125 Update Bundle for v10.0 CFP 120 (Sep 15 2016) SqlGuard-10.0p125_Bundle_Sep_15_2016.tgz.enc.sig https://delivery04.dhe.ibm.com/sar/cma/ima/06g1w/0/guardium_v10_0_patch_125_detailed_ release_notes_sept_2016.pdf = = = = = = = = = = = = Security Patches since V10.1 (June 2016) Patch 10.0p6021 Bugs fixed - PSIRT 83620 CVE-2016-6065 RTC Description 34843 Shell injection in CLI command CVE-2016-6065 35924 Shell injection in CLI command CVE-2016-6065 38430 Shell injection in CLI command CVE-2016-6065 38432 Shell injection in CLI command CVE-2016-6065 38439 Shell injection in CLI command CVE-2016-6065 15

Sniffer Updates since V10.1 (June 2016) v10.0p4020 Sniffer Update Notes: Installation of patch 4020 needs to be performed/scheduled during the "quiet" time on the Guardium appliance to avoid conflicts with other long-running processes (such as heavy reports, audit processes, backups, imports and so on). Installation of this patch 4020 will automatically restart the sniffer process. If the downloaded package is in.zip format, customers are required to unzip it outside Guardium appliance before uploading/ installing it. Dependent on v10.0p01 (v10.0 patch 01) or higher When this patch is installed on a collector appliance, make sure that the patch is also installed on the corresponding aggregator appliance. Do this to avoid aggregator merge issues. This sniffer patch should be installed across all the appliances: Central Manager, aggregators and collectors. This sniffer patch introduces two new session ignore statuses. o 6 - Yes Stap Revocable- Session was/is ignored based on policy 'Ignore Stap session Revocable' o 7 - No Revoked- Session was ignored but not any more Session Ignore was revoked) Note: Customers installing this sniffer patch before version v10.1.2 and having a policy with Ignore (Revocable) rule, might see in the reports some of the session's statuses with no values. Installing next GPU (v10.1.2) will resolve this discrepancy. Customers can also request AdHoc patch to solve this issue locally in v10.1 versions. Existing reports displaying session status field require to re-save these queries after installing 10.1.2 GPU /ADHOC patch to embed new value fix into the query. 16

v10.0 Sniffer Update patch 4020 The bugs that were fixed in this patch: Sniffer update Guardium Bugzilla # Guardium RTC # APAR Description 1. 4015 Patch on FixCentral: https://delivery04.dhe.ibm.com/sar/cma/i MA/06ea0/2/Guardium_v10_0_p4015_sn iffer_update_release_notes.pdf 2. 4016 52785 GA10827 Application Username missing for some traffic 54482 38084 GA15861 Fix parser error of a Netezza Select 54808 38014 GA15869 Fix segfaults in sniffer for p4013 54906 37997 GA15886 Fix sniffer stopping in V10.1, due to tuple rule 37463 GA15886 See p 4016, RTC # 37997 3. 4017 36272 All SAP HANA traffic is not logged 38170 GA15892 MSSQL sp_executesql not parsed in some cases 38324 GA15903 Only the first one of three SQLS executed in a JDBC batch are captured 54851 Teradata - some SQL errors are being logged as both Login_Failed and sql_error 4. 4018 38250 GA15895 Use "database"; has double quotes in GDM_SESSION.DB_NAME 39292 GA15938 Data redacted that did not meet criteria 5. 4019 39530 GA15937 Guardium SYSLOG messages not sent to QRadar consistently 17

Sniffer update Guardium Bugzilla # Guardium RTC # APAR Description 6. 4020 38087 GA15862 39368 GA15939 Some specific Aster DB SQL is missing in logs "Query Rewrite" functionality failure for JDBC Toad 32 bit client 18

Links Link to formal Guardium V10.1 product announcement http://www- 01.ibm.com/common/ssi/ShowDoc.wss?docURL=/common/ssi/rep_ca/9/760/ENUSJP16-0229/index.html&lang=en&request_locale=en Online help available via Web The online help is included in the Guardium v10.1 Knowledge Center on the Web at: http://www-01.ibm.com/support/knowledgecenter/ssmphh/ssmphh_welcome.html Search all the product information together at that site. The Knowledge center is updated more frequently than the embedded online help and is the most up-to-date source of information. V10.1.2 Detailed Release Notes (November 2016) http://www-01.ibm.com/support/docview.wss?uid=swg27049019 V10.1 Detailed Release Notes (June 2016) http://www-01.ibm.com/support/docview.wss?uid=swg27047839 Links to System requirements/ Technical requirements for v10.1/10.1.2 For a list of V10.1 databases and operating systems, go to: V10.1 System Requirements (Platforms Supported) (November 2016) 64-bit http://www-01.ibm.com/support/docview.wss?uid=swg27047801 V10.1 Software Appliance Technical Requirements (November 2016) 64-bit http://www-01.ibm.com/support/docview.wss?uid=swg27047802 19

V10.1 and V10.1.2 S-TAP filenames and MD5Sums (November 2016) http://www-01.ibm.com/support/docview.wss?&uid=swg27048065 V10.1 and Developerworks For more information, see the Guardium V10.1 articles on IBM Developerworks: https://www.ibm.com/developerworks/community/groups/service/html/communityview?commu nityuuid=432a9382-b250-4e55-98d7-8e9ee6cbf90e What's new in IBM Security Guardium V10.1 (Developerworks) Analyze, adapt, and protect http://www.ibm.com/developerworks/library/se-guardium-v10/index.html Configure Guardium Activity Monitoring for Cloudera Hadoop using Navigator Integration https://www-01.ibm.com/support/docview.wss?uid=swg21993878 2016-December-15 IBM Guardium Version 10.1.x Licensed Materials - Property of IBM. Copyright IBM Corp. 2016. U.S. Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. IBM, the IBM logo, and ibm.com are trademarks or registered trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at Copyright and trademark information (www.ibm.com/legal/copytrade.shtml) 20

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback