Juniper Secure Analytics Patch Release Notes

Similar documents
Juniper Secure Analytics Patch Release Notes

Juniper Secure Analytics Patch Release Notes

Juniper Secure Analytics Patch Release Notes

Juniper Secure Analytics Patch Release Notes

UPGRADING STRM TO R1 PATCH

Upgrading STRM to

Juniper Secure Analytics

Troubleshooting Guide

NSM Plug-In Users Guide

Patch Release Notes. Release Juniper Secure Analytics. Juniper Networks, Inc.

Release Notes Patch 1

STRM Series to JSA Series

NSM Plug-In Users Guide

Juniper Secure Analytics Virtual Appliance Installation Guide

Contrail Release Release Notes

Patch Release Notes. Release Juniper Secure Analytics. Juniper Networks, Inc.

Web Device Manager Guide

EX2500 Ethernet Switch 3.1 Release Notes

STRM Administration Guide

Juniper Networks CTPOS Release 7.0R1 Software Release Notes

Subscriber Traffic Redirection

JUNOSPHERE RELEASE NOTES

High Availability Guide

Junos Space. Reports. Release Published: Copyright 2014, Juniper Networks, Inc.

JUNOSPHERE RELEASE NOTES

Juniper Secure Analytics

Juniper Secure Analytics

IDP Detector Engine Release Notes

Juniper Secure Analytics

SETTING UP A JSA SERVER

Junos Pulse Secure Access Service

JSA Common Ports Lists

Adaptive Log Exporter Users Guide

Junos Pulse Secure Access Service

Service Now Getting Started Guide

STRM Log Manager Administration Guide

Partition Splitting. Release Juniper Secure Analytics. Juniper Networks, Inc.

Deploying JSA in an IPV6 Environment

Junos Pulse. Client Customization Developer Guide. Release 5.0. Published: Copyright 2013, Juniper Networks, Inc.

Installing JSA Using a Bootable USB Flash Drive

Intrusion Detection and Prevention IDP 4.1r4 Release Notes

Restore Data. Release Juniper Secure Analytics. Juniper Networks, Inc.

WinCollect User Guide

Juniper Secure Analytics

SRX 5600 and SRX 5800 Services Gateway Routing Engine Installation Instructions

Third-Party Network Devices with Scripting Service in the SRC Network

Setting Up an STRM Update Server

NSM Plug-In Users Guide

SRX 5600 Services Gateway DC Power Supply Installation Instructions

Juniper Secure Analytics Release Notes

Junos Pulse Mobile Security Gateway

Offboard storage. Release Modified: Copyright 2016, Juniper Networks, Inc.

CBA850 3G/4G/LTE Wireless WAN Bridge Application Guide

JunosE Software for E Series Broadband Services Routers

EX2500 Ethernet Switch 3.0 Release Notes

Junos Space Virtual Appliance Installation and Configuration Guide

Junos Pulse Mobile Security Gateway

McAfee epolicy Orchestrator Release Notes

Junos Pulse Secure Access Service Release Notes

Deploying STRM in an IPV6 Environment

One Identity Management Console for Unix 2.5.1

Junos Space Service Now Getting Started Guide

Juniper Secure Analytics Configuring Offboard Storage Guide

Wireless LAN. SmartPass Quick Start Guide. Release 9.0. Published: Copyright 2013, Juniper Networks, Inc.

McAfee epolicy Orchestrator Release Notes

Junos Pulse Secure Access Service

Reconfigure Offboard Storage During a JSA Upgrade

Patch Release Notes. Release Juniper Secure Analytics. Juniper Networks, Inc.

Subscriber Management in a Wireless Roaming Environment

Customizing the Right-Click Menu

PCMM Devices in an SRC-Managed Network

Junos Space Network Management Platform

Log & Event Manager UPGRADE GUIDE. Version Last Updated: Thursday, May 25, 2017

Pulse Secure Desktop Client Release Notes

Juniper Secure Analytics Quick Start Guide

Setting Up the Dell DR Series System as an NFS Target on Amanda Enterprise 3.3.5

Server Installation Guide

Junos Space Virtual Appliance Installation and Configuration Guide

Junos Space Virtual Appliance Installation and Configuration Guide

Junos Pulse Access Control Service Release Notes

Install and upgrade Qlik Sense. Qlik Sense 3.0 Copyright QlikTech International AB. All rights reserved.

Service Automation Monitoring and Troubleshooting

Unless otherwise noted, all references to STRM refer to STRM, STRM Log Manager, and STRM Network Anomaly Detection.

Migrating vrealize Automation 6.2 to 7.2

Juniper Extension Toolkit Applications Guide

JUNOSPHERE RELEASE NOTES

Security Director. Security Director Installation and Upgrade Guide. Modified: Copyright 2017, Juniper Networks, Inc.

Installing and Configuring VMware Identity Manager Connector (Windows) OCT 2018 VMware Identity Manager VMware Identity Manager 3.

VMware Mirage Web Manager Guide

Clearspan Hosted Thin Call Center R Release Notes JANUARY 2019 RELEASE NOTES

Virtual Route Reflector

Juniper Secure Analytics Tuning Guide

UPGRADE GUIDE. Log & Event Manager. Version 6.4

Installing and Upgrading Avaya Aura System Manager

IBM Security Support Open Mic

Junos Pulse Mobile Security Dashboard

Junos Space. Junos Space Frequently Asked Questions. Release Modified: Copyright 2016, Juniper Networks, Inc.

Junos Pulse Access Control Service

Security Director. Security Director Installation and Upgrade Guide. Modified: Copyright 2018, Juniper Networks, Inc.

IBM Security QRadar. WinCollect User Guide V7.2.7 IBM

Transcription:

Juniper Secure Analytics Patch Release Notes 2014.8 October 2017 2014.8.r11.20171013131303 patch resolves several known issues in Juniper Secure Analytics (JSA). Contents Installing 2014.8.r11 Patch.............................................. 2 Clearing the Cache................................................... 5 Known Issues and Limitations.......................................... 6 Resolved Issues..................................................... 6 Documentation Feedback............................................. 8 Requesting Technical Support......................................... 8 Self-Help Online Tools and Resources............................... 9 Opening a Case with JTAC......................................... 9 Revision History..................................................... 9 1

JSA Patch Release Notes Installing 2014.8.r11 Patch Important Administrator Notes JSA 2014.8.r11 patch is released and resolves various field issues reported from users and administrators. Before installing this update, there are three important changes that administrators should be aware of. This message is being included in the 2014.8.r11 patch release note for visibility: TLSv1 is disabled in JSA 2014.8.r9 patch and above. This change was originally completed in JSA 7.3.0 and has been ported to the JSA 2014.8 software stream as of 2014.8.r9 patch. This means that Tomcat will no longer listen and actively refuse browser connections using TLSv1.0 or TLSv1.1 after updating to JSA 2014.8.r11 patch. Browsers will be required to use TLSv1.2 to authenticate to JSA. This should only impact users with older or legacy browsers. The installation of JSA 2014.8.r11 patch and later updates the Java version to Java 8. The Master Console v0.10.0 or v0.11.0 is not supported on JSA 2014.8.r9 patch and later, including JSA 2014.8.r11 patch due to changes made with Java 8 and TLSv1.0 connections as described above. Administrators who require the Master Console should not upgrade to a version above JSA 2014.8.r7 patch. Administrators with managed WinCollect agents at version 7.2.3 or earlier can be impacted by disabled ciphers in JSA 2014.8.r9 patch and later. It is recommended that administrators with managed WinCollect agents upgrade to the latest WinCollect agent version. Administrators who have upgraded to WinCollect 7.2.4 or later are not impacted by this issue and administrators with Stand-alone WinCollect agents are also not impacted. If your deployment is installed with version of 2014.4 or later, you can install the 2014.8.r11.20171013131303 patch. NOTE: The 2014.8.r11.20171013131303 patch can upgrade 2014.4.r1 and above to the latest software version. However, this document does not cover all of the installation messages and requirements, such as changes to memory requirements or browser requirements for JSA. For information on upgrading from JSA 2014.4 or later, see the Upgrading to JSA 2014.8 guide. If you are on a version of JSA earlier than JSA 2014.4, you must upgrade to JSA 2014.4 before proceeding to JSA 2014.8. NOTE: You may encounter a password change prompt when you first log in to JSA after an upgrade to the 2014.8 version. This prompt is displayed if the password was set before the JSA 2014.5 version and encrypted using an encryption algorithm that is no longer used in the JSA 2014.8 version. For more information about password change, see the section Changing Password After Upgrading to JSA 2014.8 in the Upgrading JSA to 2014.8 guide. 2

Installing 2014.8.r11 Patch Ensure that you take the following precautions: Back up your data before you begin any software upgrade. For more information about backup and recovery, see the Juniper Secure Analytics Administration Guide. To avoid access errors in your log file, close all open JSA webui sessions. All appliances in the deployment must be on the same version. The patch for JSA cannot be installed on a managed host that is at a different software version from the console. Verify that all changes are deployed on your appliances. The patch cannot install on appliances that have changes that are not deployed. The.sfs file is only capable of upgrading existing JSA installations. A JSA 2014.8 R1 ISO is available for administrators who want to install a new appliance or virtual machine. Administrators who want to do a new install need to review the Juniper Secure Analytics Installation Guide. Patches are software updates that address known software issues in your JSA deployment. JSA patches are installed by using an SFS file. To install the 2014.8.r11 patch: 1. Download the 2014.8.r11.20171013131303 patch from the Juniper Customer Support website. www.juniper.net/support/downloads/ 2. Using SSH, log into your system as the root user. 3. Copy the patch to the /tmp directory on the JSA console. NOTE: If space in the /tmp directory is limited, copy the patch to another location that has sufficient space. 4. Unzip the file in the /tmp directory using the bunzip utility: bunzip2 2014.8.r11.20171013131303.sfs.bz2 5. To create the /media/updates directory, type the following command: mkdir -p /media/updates 6. Change to the directory where you copied the patch file. For example, cd /tmp 7. To mount the patch file to the /media/updates directory, type the following command: 3

JSA Patch Release Notes mount -o loop -t squashfs 2014.8.r11.20171013131303.sfs /media/updates/ 8. To run the patch installer, type the following command: /media/updates/installer NOTE: The first time that you run the patch, there might be a delay before the patch install menu is displayed. 9. Using the patch installer, select all. The all option updates the software on all appliances in the following order: Console No order required for remaining appliances. All remaining appliances can be updated in any order the administrator requires. If you do not select the all option, you must select your console appliance. As of the JSA 2014.6.r4 patch and later, administrators are only provided the option to update all or update the console appliance. Managed hosts are not displayed in the installation menu to ensure that the console is patched first. After the console is patched, a list of managed hosts that can be updated is displayed in the installation menu. This change was made starting with the JSA 2014.6.r4 patch to ensure that the console appliance is always updated before managed hosts to prevent upgrade issues. If administrators want to patch systems in series, they can update the console first, then copy the patch to all other appliances and run the patch installer individually on each managed host. The console must be patched before you can run the installer on managed hosts. When updating in parallel, there is no order required in how you update appliances after the console is updated. If your Secure Shell (SSH) session is disconnected while the upgrade is in progress, the upgrade continues. When you reopen your SSH session and rerun the installer, the patch installation resumes. 10. To exit the patch installer after the installation completes, type the following command: umount /media/updates 11. Administrators and users should clear their browser cache before logging in to the Console. Results A summary of the patch installation advises you of any managed host that were not updated. If the patch fails to update a managed host, you can copy the patch to the host and run the installation locally. 4

Clearing the Cache What to do next You are now ready to clear the Java cache and the browser cache. Related Documentation Clearing the Cache on page 5 Known Issues and Limitations on page 6 Resolved Issues on page 6 Clearing the Cache After you install the patch, you must clear your Java cache and your web browser cache before you log into the JSA appliance. Before you begin Ensure that you have only one instance of your browser open. If you have multiple versions of your browser open, the cache might fail to clear. Ensure that the Java Runtime Environment is installed on the desktop system that you use to view the user interface. You can download Java version 1.7 from the Java website: http://java.com/. About this task If you use the Microsoft Windows 7 operating system, the Java icon is typically located under the Programs pane. To clear the cache: 1. Clear your Java cache: a. On your desktop, select Start > Control Panel. b. Double-click the Java icon. c. In the Temporary Internet Files pane, click View. d. On the Java Cache Viewer window, select all Deployment Editor entries. e. Click the Delete icon. f. Click Close. g. Click OK. 2. Open your web browser. 3. Clear the cache of your web browser. If you use the Mozilla Firefox web browser, you must clear the cache in the Microsoft Internet Explorer and Mozilla Firefox web browsers. 4. Log in to JSA. 5

JSA Patch Release Notes Related Documentation Installing 2014.8.r11 Patch on page 2 Known Issues and Limitations on page 6 Resolved Issues on page 6 Known Issues and Limitations The following is the known issue in the 2014.8.r11 patch: HTTP ERROR 400 ERROR WHEN DRILLING DOWN INTO SEARCH RESULTS USING INTERNET EXPLORER 11 AND EDGE WEB BROWSER. Related Documentation Installing 2014.8.r11 Patch on page 2 Clearing the Cache on page 5 Resolved Issues on page 6 Resolved Issues The following is the resolved issue addressed in the 2014.8.r11 patch: A CUSTOM ACTION SCRIPT USING THE PARAMETER CREEVENTLIST CAN FAIL AND GENERATE AN EXCEPTION IN JSA LOGGING. CUSTOM ACTION RESPONSE RETURNS NULL VALUE FOR SOME DEFINED PARAMETERS. THE ASSET NAME FIELD FOR ASSETS CAN SOMETIMES BE BLANK. PATCHING TO JSA VERSION 2014.7.+ CAN FAIL IF THE CONSOLE DATABASE HAD PREVIOUSLY BEEN MANUALLY RESTORED. DEVICE STOPPED SENDING EVENTS RULE SOMETIMES DOES NOT DISPLAY THE ASSOCIATED LOG SOURCE WHEN PART OF AN OFFENSE. NEW JSA USERS THAT ARE CREATED BY LDAP AUTHENTICATION DO NOT HAVE ANY DEFAULT DASHBOARDS. DSM EDITOR CAN DISPLAY REGEX GRABS INCONSISTENTLY BETWEEN WORKSPACE FIELD AND LOG ACTIVITY PREVIEW. THE ASSET DETAILS, ASSET SUMMARY WINDOW OF AN ASSET CAN SOMETIMES BE MISSING THE OPERATING SYSTEM DATA. EVENTS CONTRIBUTING TO AN OFFENSE CANNOT BE DISPLAYED AFTER CUSTOM EVENT PROPERTY OFFENSEID IS CREATED IN DSM EDITOR. FLOWSOURCE_ALIAS TABLE IS NOT REPLICATED FROM CONSOLE TO MANAGED HOSTS. SELECTED EVENT DOES NOT DISPLAY IN THE DSM EDITOR WORKSPACE. 6

Resolved Issues SEARCHES CAN FAIL WITH CONNECTING TO THE QUERY SERVER ERRORS OR I/O ERROR OCCURRED WHEN A LARGE NUMBER OF SECURITY PROFILES EXIST. HOSTCONTEXT CAN RUN OUT OF MEMORY DUE TO TASK MANAGEMENT DATABASE TABLE BECOMING CORRUPTED. THE /STORE/TRANSIENT PARTITION DOES NOT PERFORM REQUIRED CLEANUP WHEN RUNNING LOW ON FREE DISK SPACE. /VAR/LOG/ PARTITION CAN RUN OUT OF SPACE DUE TO LOGS FILLING WITH MESSAGES THE USERSESSION OBJECT IN SESSIONCONTEXT... SEARCHES FOR VULNERABILITY BY INSTANCE CAN DISPLAY A COUNT, BUT NO DATA. VIEWING OFFENSES IN MASTER CONSOLE CAN GENERATE THE ERROR ERROR 12: ENDPOINT INVOCATION RETURNED AN UNEXPECTED ERROR. SEARCHES CAN FAIL/CANCEL WHEN A MAXIMUM NUMBER OF RESULTS IS REACHED. MANAGE SEARCH RESULTS PAGE FAILS TO LOAD WITH A GENERAL FAILURE. PLEASE TRY AGAIN ERROR MESSAGE. THE QFLOW PROCESS CAN SOMETIMES STOP PROCESSING WHEN OVERFLOW CONDITIONS ARE EXPERIENCED. JSA BACKUPS CAN TIMEOUT WHEN APPS ARE INSTALLED. UNABLE TO ALLOCATE LICENSE TO A 3129 CONSOLE APPLIANCE. A VULNERABILITY REPORT'S VULNERABILITY COUNT VALUE CAN VARY WITHIN DIFFERENT SECTIONS OF THE SAME REPORT. TUNNEL CONNECTIONS REMAIN AFTER A DATA NODE OR EVENT COLLECTOR ARE REMOVED FROM A JSA DEPLOYMENT. AUTO UPDATE CAN CAUSE AN INTERRUPTION IN FLOW COLLECTION AND A PERFORMANCE DEGRADATION SYSTEM NOTIFICATION IN THE USER INTERFACE. IN PROGRESS SEARCHES THAT RUN LONGER THAN THE CONFIGURED SEARCH RESULTS RETENTION PERIOD ARE DELETED PRIOR TO COMPLETION. ATTEMPTING TO OBFUSCATE A LARGE VOLUME OF USERNAME FIELD BASED EVENTS CAN CAUSE OBFUSCATED EVENTS TO BE DROPPED. JSA VULNERABILITY MANAGER SCAN RESULT DISPLAYS 100% PROGRESS AND STOPPED AS SCAN DURATION TIME CONTINUES TO INCREMENT. THE USER MANAGEMENT > AUTHENTICATION WINDOW CAN DISPLAY KEY NOT FOUND: JSP.QRADAR... MESSAGES IN THE USER INTERFACE. API SEARCHES RETRIEVING A COMPLETED SEARCH FROM THE /ARIEL/SEARCHES ENDPOINT CAN SOMETIMES RETURN A 500 ERROR CODE. JSA 2014.8 REPLACES REDHAT'S GRUB WITH GRUB 2. JSA APPLICATION DATA CAN APPEAR TO BE MISSING AFTER APPLYING A JSA PATCH. 7

JSA Patch Release Notes JSA PATCHING TO 2014.8.r9 FAILS IF THE SYSTEM WAS BUILT USING JSA ISO BUILD NUMBER 7.1.0.380596 AND HAS JSA RISK MANAGER. EMAILED VULNERABILITY SCAN REPORTS CAN SOMETIMES BE BLANK. ARIEL SEARCHES THAT DO MANY STRING COMPARISONS CAN RUN SLOWER THAN EXPECTED IN LOW MEMORY SCENARIOS. FLOW PROCESSORS CAN EXPERIENCE REPETITIVE PROCESS FAILURES TO START, AND CORE DUMPS THAT CAN LEAD TO FILE SPACE ISSUES. SCAN RESULT DATA CAN SOMETIMES FAIL TO UPDATE THE JSA ASSET MODEL. ADDITIONAL RULE TESTS CANNOT BE ADDED TO CURRENT RULES AND NEW RULES CANNOT BE CREATED WHEN USING JSA LOG MANAGER. LUCENE INDEX DIRECTORIES DO NOT HONOR THE PAYLOAD INDEX RETENTION CONFIGURED IN THE SYSTEM SETTINGS. INCONSISTENT ASSET COUNTS WHEN DRILLING DOWN INTO SOME SCAN RESULTS. JSA UPGRADE FROM 2014.8.r7 TO 7.3.0 GA CAN FAIL AT TOMCAT NOT STARTING. Related Documentation Installing 2014.8.r11 Patch on page 2 Clearing the Cache on page 5 Known Issues and Limitations on page 6 Documentation Feedback We encourage you to provide feedback, comments, and suggestions so that we can improve the documentation. You can provide feedback by using either of the following methods: Online feedback rating system On any page of the Juniper Networks TechLibrary site at http://www.juniper.net/techpubs/index.html, simply click the stars to rate the content, and use the pop-up form to provide us with information about your experience. Alternately, you can use the online feedback form at http://www.juniper.net/techpubs/feedback/. E-mail Send your comments to techpubs-comments@juniper.net. Include the document or topic name, URL or page number, and software version (if applicable). Requesting Technical Support Technical product support is available through the Juniper Networks Technical Assistance Center (JTAC). If you are a customer with an active J-Care or Partner Support Service support contract, or are covered under warranty, and need post-sales technical support, you can access our tools and resources online or open a case with JTAC. 8

Requesting Technical Support JTAC policies For a complete understanding of our JTAC procedures and policies, review the JTAC User Guide located at http://www.juniper.net/us/en/local/pdf/resource-guides/7100059-en.pdf. Product warranties For product warranty information, visit http://www.juniper.net/support/warranty/. JTAC hours of operation The JTAC centers have resources available 24 hours a day, 7 days a week, 365 days a year. Self-Help Online Tools and Resources For quick and easy problem resolution, Juniper Networks has designed an online self-service portal called the Customer Support Center (CSC) that provides you with the following features: Find CSC offerings: http://www.juniper.net/customers/support/ Find product documentation: http://www.juniper.net/techpubs/ Find solutions and answer questions using our Knowledge Base: http://kb.juniper.net/ Download the latest versions of software and review release notes: http://www.juniper.net/customers/csc/software/ Search technical bulletins for relevant hardware and software notifications: http://kb.juniper.net/infocenter/ Join and participate in the Juniper Networks Community Forum: http://www.juniper.net/company/communities/ Open a case online in the CSC Case Management tool: http://www.juniper.net/cm/ To verify service entitlement by product serial number, use our Serial Number Entitlement (SNE) Tool: https://tools.juniper.net/serialnumberentitlementsearch/ Opening a Case with JTAC You can open a case with JTAC on the Web or by telephone. Use the Case Management tool in the CSC at http://www.juniper.net/cm/. Call 1-888-314-JTAC (1-888-314-5822 toll-free in the USA, Canada, and Mexico). Revision History For international or direct-dial options in countries without toll-free numbers, see http://www.juniper.net/support/requesting-support.html. October 2017 for the JSA Release 2014.8.r11 All rights reserved. Juniper Networks, Junos, Steel-Belted Radius, NetScreen, and ScreenOS are registered trademarks of Juniper Networks, Inc. in the United States and other countries. The Juniper Networks Logo, the Junos logo, and JunosE are trademarks of Juniper Networks, Inc. All other trademarks, service marks, registered trademarks, or registered service marks are the property of their respective owners. 9

JSA Patch Release Notes Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice. 10

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback