Threat Detection and Response Release Notes Introduction

Similar documents
Threat Detection and Response. Deployment Guide

WatchGuard Dimension v1.1 Update 1 Release Notes

WatchGuard Cloud Release Notes

WatchGuard Dimension v2.0 Update 2 Release Notes. Introducing New Dimension Command. Build Number Revision Date 13 August 2015

Integration Guide. Auvik

TDR and Symantec. Integration Guide

WatchGuard Dimension v2.1.1 Update 3 Release Notes

Integration Guide. AlienVault Unified Security Management (USM)

TDR and Microsoft Security Essentials. Integration Guide

Revised: 22 November Integration Guide

This guide details the deployment and initial configuration necessary to maximize the value of JetAdvantage Insights.

The SSL device also supports the 64-bit Internet Explorer with new ActiveX loaders for Assessment, Abolishment, and the Access Client.

Integration Guide. NetIQ Sentinel Enterprise

TDR and Windows Defender. Integration Guide

Okta SAML Authentication with WatchGuard Access Portal. Integration Guide

ObserveIT 7.1 Release Notes

Fireware-Essentials. Number: Fireware Essentials Passing Score: 800 Time Limit: 120 min File Version: 7.

Firebox T50 and T50 Wireless

ForeScout CounterACT. Configuration Guide. Version 2.2

OneLogin SAML Authentication with WatchGuard Access Portal. Integration Guide

Firebox Cloud. Deployment Guide. Firebox Cloud for AWS and Microsoft Azure

Contents GUIDE TO INTEGRATION IMPLEMENTATION

Fireware v Update 1 Release Notes

MALWAREBYTES PLUGIN DOCUMENTATION

What s New in Fireware v WatchGuard Training

Integration with McAfee DXL

Barracuda Threat Scanner for Exchange

Sophos Enterprise Console Help. Product version: 5.3

IBM CLOUD DISCOVERY APP FOR QRADAR

Notices. Third Party Project Usage. Sample Code in Documentation

Carbon Black QRadar App User Guide

Qualys Cloud Suite 2.28

1 - Download the VarAFT software. Go to click on the Download section

Windows Intune Trial Guide Getting the most from your Windows Intune trial. Simplify PC management. Amplify productivity.

Fireware v Release Notes

ZENworks 11 Support Pack 4 Management Zone Settings Reference. October 2016

This release also includes updated localization for the Fireware XTM Web UI, as described in the Localization section.

Integration Guide PRTG

Fiery Command WorkStation 5.8 with Fiery Extended Applications 4.4

What s New in Fireware v12.3 WatchGuard Training

Juniper Secure Analytics Patch Release Notes

ForeScout Extended Module for Symantec Endpoint Protection

Comodo SecureBox Management Console Software Version 1.9

Implementing and Supporting Windows Intune

Software Delivery Solution 6.1 SP1 HF2 for Windows Release Notes

SpringCM Release Notes. January 2018

Ekran System v Program Overview

Azure for On-Premises Administrators Practice Exercises

The Convergence of Management and Security. Stephen Brown, Sr. Product Manager December 2008

ZENworks 2017 Patch Management Airgap Solution. 1 About the Airgap Solution. 2 Prerequisites. December 2017

Management Portal Version 7.7

Fireware v Release Notes

SOLUTION OVERVIEW. Manage your network security for up to 250 seats from a single cloud-based console

Windows Update Instructions Xp Not Working 2012

Tanium IaaS Cloud Solution Deployment Guide for Microsoft Azure

Integration Guide. LoginTC

Clearspan Hosted Thin Call Center R Release Notes APRIL 2015 RELEASE NOTES

Mission Control for the Microsoft Cloud. 5nine Cloud Security. Web Portal Version 12.o. Getting Started Guide

NGFW Security Management Center

Zadara Enterprise Storage in

CounterACT Macintosh/Linux Property Scanner Plugin

Five9 Plus Adapter for Agent Desktop Toolkit

ForeScout Extended Module for Qualys VM

LiveNX Upgrade Guide from v5.2.0 to v5.2.1

CounterACT IOC Scanner Plugin

Comodo Endpoint Security Manager Professional Edition Software Version 3.3

Veriato Recon / 360. Version 9.0.3

Ekran System v Program Overview

Guide for network administrators Systems Management. Guide for network Administrators. Version: Author: Panda Security

WatchGuard XTMv Setup Guide

Telbo Cloud Store. End-user manual. For. Kaspersky Security

Polycom Better Together over Ethernet Connector 3.9.0

ESET Remote Administrator v6 Getting Started Guide for MSPs January 2017

McAfee Network Security Platform 8.3

Sync User Guide. Powered by Axient Anchor

NGFW Security Management Center

OPMANTEK NETWORK MANAGEMENT AND IT AUDIT SOFTWARE. Troubleshooting Open-AudIT Discoveries v1 January 2019

Comodo Endpoint Manager Software Version 6.26

Cisco s AnyConnect VPN Client (version 2.4)

provides several new features and enhancements, and resolves several issues reported by WatchGuard customers.

GRS Enterprise Synchronization Tool

Seqrite Endpoint Security

: Administration of Symantec Endpoint Protection 14 Exam

Pulse Desktop Client. Release Notes PDC 5.3R1.1 Build 755. Release, Build Published Document Version. 5.3R1.1, 755 May,

ESET REMOTE ADMINISTRATOR PLUG-IN FOR KASEYA. Technical Setup and User Guide

Getting Started with QuarkXPress 2016 October 2017 Update

Release Notes: Blue Jeans 2.9.5

Dell Wyse Management Suite. Version 1.1 Migration Guide

McAfee Network Security Platform 8.3

DSS User Guide. End User Guide. - i -

Integration Guide. ManageEngine Network Configuration Manager

Install and upgrade Qlik Sense. Qlik Sense 3.0 Copyright QlikTech International AB. All rights reserved.

User Guide. Version R94. English

IBM Endpoint Manager. OS Deployment V3.5 User's Guide

McAfee Network Security Platform 8.3

Filr 3.3 Desktop Application Guide for Linux. December 2017

Firebox T10, Firebox M400, M440, M500 XTM 3, 5, 8, 800, 1500, and 2500 Series XTM 25, XTM 26, XTM 1050, XTM 2050 XTMv, WatchGuard AP

NGFW Security Management Center


Juniper Secure Analytics Patch Release Notes

Transcription:

Threat Detection and Response Release Notes Latest TDR Update: 14 March 2018 Release Notes Revision Date 14 March 2018 TDR Cloud 5.3.2 Host Sensor for 5.3.2 Host Sensor for Linux 5.3.2 Host Sensor for Mac 5.3.2 AD Helper 5.3.2 Introduction Threat Detection and Response (TDR) is a cloud-based subscription service that integrates with your Firebox. TDR is included in the Total Security subscription or is available as a separate subscription service for your Firebox. TDR minimizes the consequences of data breaches and penetrations through early detection and automated remediation of security threats. TDR collects and analyzes forensic data from the Firebox, and from endpoints on your network, to proactively detect and respond to security threats. For a full description of TDR features and functionality, see Fireware Help. WatchGuard periodically updates the Threat Detection and Response service to provide additional functionality and resolve reported issues. For information on the enhancements and resolved issues in each update, see the Enhancements and section. This release supports these features, which are currently in beta: Mac Host Sensor Email Notification Rules For information about how to participate in the TDR beta, join our Beta test community. This release includes a new version of the, Mac, and Linux Host Sensors and a new version of AD Helper. AD Helper and the and Mac Host Sensors automatically upgrade to the latest version, when an upgrade is available. The Linux Host Sensor does not automatically upgrade. For information about how to manually update the Host Sensor for Linux, see Upgrade Notes.

Enhancements and Enhancements and Latest Version Version 5.3.2: 14 March 2018 Improvements and Usability Enhancements Email notifications now include the TDR Account Name the Host belongs to. Email notifications now include the Host Group, if the Host is a member of a group. You can now test a test email to the recipients in a saved Notification Rule. To send a test notification, on the Notification Rules page click the Gear icon on the right and select "Sent Test Email". Automatic updates to the Host Sensor no longer fail for Host Sensors deployed through Group Policy Objects. When you click the Manual Remediations count in the TDR Dashboard, the Remediations page now shows all manually remediated indicators. Previous Versions Version 5.3.1: 15 February 2018 Improvements and Usability Enhancements Remediation policies are now applied on a per Indicator basis instead of a per Incident basis. This means that a policy applies to all new indicators that match the policy rules, but does not apply to other indicators that are part of the same incident. On the TDR Dashboard, you can now click items in the Remediations widget to see a filtered view of the Remediations page. The mouseover text for the Host Sensor status icons has been updated to match the documentation. The Linux Host Sensor has been tested on and is now supported on CentOS7. Performance and Security Enhancements Reallocated cloud resources to improve the performance of event analytics. APT Blocker results now appear in the Additional Details for indicators on the Remediations page The action Mark as externally remediated now succeeds when more than one indicator is selected. Version 5.3.0: 24 January 2018 Usability Enhancements You can now clear the unique identifier of a Host Sensor to prepare it for use in an IT OS image. You can use a new Host Sensor command line option to clear the unique identifier that 2 WatchGuard Technologies, Inc.

Enhancements and identifies each Host Sensor in the cloud before you create your master image. The Host Sensor automatically generates a new unique identifier the next time it launches. Japanese text is now rendered correctly in graphs exported from the top of the Indicators and Remediations pages. Version 5.2.2: 3 January 2018 Performance and Security Enhancements Improved performance of MD5 calculations on Mac and Linux Host Sensors. Reduced memory utilization for the, Mac, and Linux Host Sensors. Reduced CPU utilization for the Host Sensor. Usability Enhancements A new page, Threatsync > Remediations shows information about remediated threats. On the Resolved Indicator Timeline, you can now click a bubble to go to the Remediations page. You can now uninstall the Mac Host Sensor from the desktop. On the Mac, select Applications > WatchGuard > TDR > TDRHostSensorUninstall. Fixed an issue that caused on-demand reports to remain in a pending state. Fixed an issue that caused scheduled reports not to be generated. Fixed an issue that caused scheduled reports to be generated on disabled accounts. Version 5.2.1: 6 December 2017 Performance and Security Enhancements New indicators with an APT Blocker threat level of Clean will now be rescored to 0. Added support for UTF8mb4 for improved performance for Asian languages Host Sensor performance improvement network connection polling code was optimized to reduce CPU utilization. All Host Sensors performance improvement implemented file scan caching to reduce the volume of files scanned during a baseline scan. Once a file has been scanned for heuristics, if the same file is identified by MD5, the file is not scanned. Usability Enhancements Improved management of Host Groups: The Hosts page now has a Host Group column that shows the Host Group a host is a member of. On the Hosts page, you can select the Change Host Group action to change the Host Group for selected hosts. On the Groups page, when you expand a Host Group, Active Directory Group or IP Subnet group, you can select the Change Host Group action to change the Host Group for selected hosts. The Sandbox Analysis by APT Blocker feature is now called APT Blocker and is labeled consistently throughout the UI. Release Notes 3

Known Issues and Limitations The Indicators page has a new Previous Score column which shows the previous threat score for a remediated indicator. The column is not enabled by default. Click Choose Columns to see and enable it. On the Hosts page, you can now select the action to remove a Mac Host Sensor, just as you can for a Host Sensor. Service Provider Administrators and Operators now stay on the same page when they switch between managed accounts. The Quarantine File action no longer fails if the path contains double-byte characters. Version 5.2.0: 25 October 2017 Performance and Security Enhancements Updates to support the Mac Host Sensor beta Email for scheduled reports in Japanese now uses the correct encoding Known Issues and Limitations Known issues for Threat Detection and Response, the TDR Host Sensor client, and AD Helper, including workarounds where available, can be found on the Technical Search > Knowledge Base tab. To see known issues for TDR, from the Product & Version filters select TDR. 4 WatchGuard Technologies, Inc.

Host Sensor and AD Helper Operating System Compatibility Host Sensor and AD Helper Operating System Compatibility Last revised: 11 Nov 2017 TDR Component Microsoft 7, 8, 10 Microsoft 2008 and 2012 Microsoft Terminal Server 2012 Microsoft Server 2016 CentOS 6, 7 Mac OS X 10.10, 10.11 macos 10.12, 10.13 AD Helper* Host Sensor for Host Sensor for Linux Host Sensor for Mac * AD Helper requires Java 8, which is compatible with these operating systems: 10 (8u51 and above) 8.x (Desktop) 7 SP1 Server 2008 R2 SP1 (64-bit) Server 2012 and 2012 R2 (64-bit) You must log in to your TDR account to install these components. This software is not available from the WatchGuard Software Downloads page. Release Notes 5

Upgrade Notes Upgrade Notes Threat Detection and Response includes two installable components, Host Sensor and AD Helper. AD Helper and the Host Sensor for automatically upgrade to the latest version, when an upgrade is available. The Host Sensor for Linux does not automatically upgrade to the latest version. Upgrade the Linux Host Sensor The Host Sensor for Linux does not automatically upgrade to the latest version. To upgrade the Host Sensor, you must manually update the Host Sensor for Linux. To update an existing installation of the Linux Host Sensor: 1. Download the.rpm installation file from your TDR account to the Linux computer. 2. Start a Command Prompt as a user with root credentials. 3. To update the Host Sensor, type this command: yum update [SENSOR_RPM_PATH] Replace [Sensor_RPM_PATH] with the name and path of the.rpm file you downloaded. Reinstall AD Helper for Another TDR Account or Region You must remove the AD Helper files before you reinstall AD Helper for another TDR account or region. To uninstall AD Helper: 1. On the computer where AD Helper is installed, select Control Panel > Programs and Features. 2. Find the WatchGuard Active Directory Helper application. 3. Right-click the application and select Uninstall. AD Helper is uninstalled. To manually remove the local files created by AD Helper, delete this folder: c:\\system32\config\systemprofile\helperapp\ 6 WatchGuard Technologies, Inc.

Technical Assistance Technical Assistance For technical assistance, contact WatchGuard Technical Support by telephone or log in to the WatchGuard Portal on the Web at https://www.watchguard.com/wgrd-support/overview. When you contact Technical Support, you must supply your registered Product Serial Number or Partner ID. Phone Number U.S. End Users 877.232.3531 International End Users +1 206.613.0456 Authorized WatchGuard Resellers 206.521.8375 Release Notes 7

Technical Assistance Release Notes 8

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback