ObserveIT 7.1 Release Notes

Similar documents
ObserveIT Release Notes

Performing an ObserveIT Upgrade Using the Interactive Installer

Upgrading an ObserveIT One-Click Installation

WHAT S NEW WITH OBSERVEIT: INSIDER THREAT MANAGEMENT VERSION 6.5

WHAT S NEW IN OBSERVEIT 5.8 ObserveIT 5.8 delivers a range of enhancements aimed at more efficiently supporting the monitoring of business users.

Ekran System v Program Overview

OBSERVEIT TECHNICAL SOLUTION OVERVIEW

OBSERVEIT TECHNICAL SOLUTION OVERVIEW

Ekran System v Program Overview

Integrating IBM Security Privileged Identity Manager with ObserveIT Enterprise Session Recording

NetIQ Privileged Account Manager 3.5 includes new features, improves usability and resolves several previous issues.

ObserveIT Technology Overview

This guide details the deployment and initial configuration necessary to maximize the value of JetAdvantage Insights.

Setting Up Resources in VMware Identity Manager (On Premises) Modified on 30 AUG 2017 VMware AirWatch 9.1.1

Ekran System v.5.1 Help File

VMware vcenter Configuration Manager Administration Guide vcenter Configuration Manager 5.7

VMware Identity Manager Administration

Live Connect. Live Connect

Technical Overview. Access control lists define the users, groups, and roles that can access content as well as the operations that can be performed.

22 August 2018 NETOP REMOTE CONTROL PORTAL USER S GUIDE

Installation and Deployment Guide for HEAT Service Management

Setting Up Resources in VMware Identity Manager. VMware Identity Manager 2.8

This section of the release notes is reserved for notable changes and new features since the prior version.

APAR PO06620 Installation Instructions

Get Started with Cisco DNA Center

PRACTICE-LABS User Guide

DBXL AZURE INSTALLATION GUIDE

This section of the release notes is reserved for notable changes and new features since the prior version.

The Cisco HCM-F Administrative Interface

ESET Remote Administrator 6. Version 6.0 Product Details

NetIQ Privileged Account Manager 3.2 Patch Update 4 Release Notes

Deploying VMware Workspace ONE Intelligent Hub. October 2018 VMware Workspace ONE

WatchGuard Cloud Release Notes

PRACTICE-LABS User Guide

ForeScout Extended Module for VMware AirWatch MDM

Adept 2018 PREP GUIDE

Installing and Configuring VMware Identity Manager Connector (Windows) OCT 2018 VMware Identity Manager VMware Identity Manager 3.

Agent and Agent Browser. Updated Friday, January 26, Autotask Corporation

VMware Identity Manager Cloud Deployment. Modified on 01 OCT 2017 VMware Identity Manager

VMware Identity Manager Cloud Deployment. DEC 2017 VMware AirWatch 9.2 VMware Identity Manager

This section of the release notes is reserved for notable changes and new features since the prior version.

SC-T35/SC-T45/SC-T46/SC-T47 ViewSonic Device Manager User Guide

vrealize Operations Manager Customization and Administration Guide vrealize Operations Manager 6.4

Deployment guide for Duet Enterprise for Microsoft SharePoint and SAP Server 2.0

Get to know SysKit Monitor

VMware Identity Manager Connector Installation and Configuration (Legacy Mode)

ForeScout App for IBM QRadar

IBM Security Access Manager Version December Release information

Get Started with Cisco DNA Center

Ekran System v.5.5 Deployment Guide

SailPoint IdentityIQ Integration with the BeyondInsight Platform. Providing Complete Visibility and Auditing of Identities

OnCommand Unified Manager Installation and Setup Guide for Use with Core Package 5.2 and Host Package 1.3

Upgrade Guide Version 7.2

ForeScout Extended Module for MaaS360

VMware Identity Manager Administration. MAY 2018 VMware Identity Manager 3.2

Security in Bomgar Remote Support

Lucid Key Server. Help Documentation.

HP Management Integration Framework 1.7

Cisco Unified Serviceability

Install and upgrade Qlik Sense. Qlik Sense 3.0 Copyright QlikTech International AB. All rights reserved.

User Guide. Version R94. English

HIPAA Compliance. with O365 Manager Plus.

Netwrix Auditor Competitive Checklist

Anchor User Guide. Presented by: Last Revised: August 07, 2017

Threat Detection and Response Release Notes Introduction

ForeScout Extended Module for Tenable Vulnerability Management

Taking SAP Contact Center End-User Applications into Use

Database Security Service. FAQs. Issue 19 Date HUAWEI TECHNOLOGIES CO., LTD.

Ekran System v.6.1 Troubleshooting

WatchGuard Dimension v1.1 Update 1 Release Notes

Workstation Configuration Guide

Upgrade Guide for Cisco Digital Media System Release 5.0

SkyFormation for Salesforce. Cloud Connector

2012 Microsoft Corporation. All rights reserved. Microsoft, Active Directory, Excel, Lync, Outlook, SharePoint, Silverlight, SQL Server, Windows,

Sophos Central Admin. help

ForeScout CounterACT. Single CounterACT Appliance. Quick Installation Guide. Version 8.0

Instructions for using Borg and Ide CONNECT. Referring Provider Portal. Version 3.5.

Secret Server Demo Outline

ForeScout Extended Module for MobileIron

The Convergence of Management and Security. Stephen Brown, Sr. Product Manager December 2008

Verizon MDM UEM Unified Endpoint Management

Enter your Appserv username and password to sign in to the Website

SAML-Based SSO Configuration

McAfee Data Loss Prevention Endpoint

HPE Security Fortify Plugins for Eclipse

IBM QRadar User Behavior Analytics (UBA) app Version 2 Release 7. User Guide IBM

Welcome to the e-learning course for SAP Business One Analytics Powered by SAP HANA: Installation and Licensing. This course is valid for release

Click Studios. Passwordstate. Installation Instructions

Citrix Synchronizer 5.9.1

EM L04 Using Workflow to Manage Your Patch Process and Follow CISSP Best Practices


GLBA Compliance. with O365 Manager Plus.

What s New. New and Enhanced Features in NetSupport DNA v4. Welcome Dashboard. Auto Discovery. Platform Support

Security in the Privileged Remote Access Appliance

GSX 365 Usage Usage & Compliance Reporting Collect, Analyze & Anticipate

ISO27001 Preparing your business with Snare

HCP Anywhere. By Storage & Cloud Services. Quick Start Guide Nov 2017 HCP ANYWHERE

How to create a System Logon Account in Backup Exec for Windows Servers

Avaya Desktop Collector Snap-in R GA Release Notes

Silk Test 15.0 Silk4NET Web Edition. Installation Guide

Transcription:

ObserveIT 7.1 Release Notes In This Document About This Release... 2 New Features and Enhancements... 2 Backward Compatibility... 3 New Supported Platforms... 3 Resolved Issues... 4 Known Issues... 4 Limitations... 5 File Activity Monitoring (Beta)... 5 Anonymization Limitations (from ObserveIT 6.7)... 5 In-App Elements... 5 Active Directory Limitations... 5 1 1

About This Release This document lists the new features and enhancements, issues that were discovered and fixed since the release of ObserveIT version 7.0.0, and known issues. It is important that you read this document before you install and configure ObserveIT version 7.1.0. The most up-to-date release documentation is available here. New Features and Enhancements This release includes several major new features and enhancements. File Activity Monitoring (BETA feature) Enable security analysts to detect data exfiltration before it happens, with full file audit. Track and alert on files that were downloaded or exported using a browser or web-based application, from the internet or intranet. Alert if a tracked file is copied or moved to the default local sync folder of cloud storage apps: Dropbox, Google Drive, icloud, Box (Windows only), OneDrive (Windows only). Track activities on downloaded/tracked files copy, move, rename, delete. File Diary browse and filter activities on tracked files. Print and export to Excel. File History view full history of each tracked file and link to Video playback for more context. Enhanced Alert Review Workflow enable Incident Response teams to drive incident investigation. Export alerts metadata and screenshots to PDF file share real-time information on risky user activity and specific incidents with people in the organization who do not have access to ObserveIT. Add comments to alerts, view comments, and filter by comment text. Alert when Copying Text to Clipboard Alert when text that contains sensitive or confidential content is copied to the clipboard. New Reports New reporting capabilities that enable compliance teams to meet the regulatory requirements. Typed text (key-logger) SQL Queries (DBA Activity) User Text Feedback (Notifications and Preventive Actions) Enhanced Insider Threat Library (ITL) Additional out-of-the-box insider threat scenarios are provided by new system rules to prevent data exfiltration, enabling compliance teams to meet the regulatory requirements. Detect & Prevent SFTP commands (Linux) sent from remote servers with intent to bypass security controls. 2 2

Backward Compatibility Most features, functions, and capabilities of ObserveIT are backward compatible, which means that you can use an earlier version of the ObserveIT Agent with the current version of the ObserveIT server-side components. However, to maintain full feature compatibility, it is highly recommended that you use the most current version of the product. Following are the minimum server-side and Agent components versions that are supported in this release: Component Minimum Supported Version Upgrade Requirements Server-Side 5.8.3 is the oldest version that can be upgraded to version 7.x.x. If you have an earlier version that is not supported, first upgrade to the minimum supported version, and then upgrade to the Agents (Windows or Unix) 5.8.3 is the oldest version that can work against Server 7.x.x (backward compatibility of Agents). New Supported Platforms latest version. If you have an earlier version that is not supported, uninstall it, and then install the latest version. The following new supported platforms provide coverage for the latest OS and application versions: Agent support for Windows Server 2016 DBA Activity support for MS SQL Server Management Studio 2016 64-bit Application Server A full list of all the currently supported platforms and their update versions is provided in the ObserveIT Product Documentation. 3 3

Resolved Issues [Issue #46809] When Session Data Integrity is enabled, the Console now loads data at the normal speed. [Issues #48676, 53251] ObserveIT now supports complex Active Directory passwords and special characters upon Web Console login. [Issue #49965] Uninstalling the Web Console now completes properly. [Issue #53072] When ObserveIT is active, starting the tomcat browser on Linux as a regular user (not root) no longer fails. [Issue #53247] The Website Categorization module is updated properly when running under the SSPI service user. [Issue #53252] The Unix Agent now registers properly for Fully Qualified host names. [Issue #53272] After unregistering an Agent, 3-999 days of inactivity are supported. [Issues #53366, 53998] Agent installation no longer fails on HTTPS port 443 when TLS 1.1/1.2 is enabled. [Issue #53637] Lists can now be configured properly in the Chinese version of ObserveIT. [Issue #53692] Out-of-the-box alerts are triggered for all regular users; Unix/Linux users are now automatically added to the Everyday Users list. [Issues #53794, 53795, 53796] The status of Agents is now reflected properly in the Health Monitoring Admin Dashboard the numbers of recently installed/uninstalled Agents are displayed correctly in the Deployed Agent Versions portal. [Issue #54027] User notification feedback messages now support the use of Chinese characters. [Issue #54093] When key logging is disabled, alerts are now generated when a user executes an SQL command. [Issue #54707] In the User Risk Dashboard, filtering the display of users by Endpoints now works correctly. [Issue #54846] Windows commands are now captured properly in Putty applications that use uncommon prompts. [Issue #55231] On RHEL/CentOS 7.0, unnecessary audit logs are no longer generated. [Issue #55475] In the User Activity Profile, an error no longer occurs when choosing the Date in a specific language. [Issue #55622] ObserveIT Website Categorization now works properly when installed in proxy mode. Known Issues In rare cases, when File Activity Monitoring (Beta version) is enabled, Agent CPU utilization shows an increase. This issue will be fixed in the next version. 4 4

Limitations For Asian languages that use a virtual keyboard, key logging data is captured by "writing" on the keyboard, but typed characters cannot be captured by mouse clicks. Graphical (X) applications are not recorded except for the supported X terminals, such as GNOME-terminal or dtterm. File Activity Monitoring (Beta) New File Activity metadata is not yet fully integrated in all modules across the Web Console including Search, Reports, Session Diaries, Video Player, and SIEM integration. Cloud Sync & Share: Only the default installation folders are supported. For example, if you install Dropbox in a non-default folder an alert will not be triggered when copying a tracked file to this folder. It is not possible to add another Cloud Sync & Share vendor to the 5 currently supported vendors. Tracked files are kept at the Agent level, therefore, files that are downloaded from one monitored computer will not be tracked when they are accessed from another monitored computer. Files accessed by different users from the same monitored computer are tracked properly. Anonymization Limitations (from ObserveIT 6.7) The following are known issues that relate to the ObserveIT Anonymization feature: When an Anonymized Web Console user logs in to the Web Console, the following features are disabled: Reports, Archive, DBA Activity, Saved Sessions, Audit Sessions, Audit Saved Sessions, and Inventory view in the Endpoint Diary. When Anonymization is enabled, Web Console users who are Anonymized can see previously scheduled reports in the clear (i.e., not anonymized). To prevent Anonymized users from viewing data that is not anonymized, disable the Reports feature or remove the relevant Web Console users from the distribution list ( Scheduled Reports for Console User ) in the Reports page. In-App Elements [Issue #22203, #22873] Applications that were developed using the following technologies are not supported for marking and capturing user interactions with applications: Java-based apps, desktop and web (Java applets) JTK-based apps Flash-based app (Adobe Air, web) Proprietary windows-based technologies such as SAP Business One [Issue #31562] Capturing In-App elements metadata on user interactions with applications/websites is disabled on Citrix and Terminal Servers. [Issue #31561, #31563, #31564] The Internet Explorer 9, Opera, and Firefox browsers are not supported for marking In-App elements data. [Issue #31652] Alert rules cannot be created from an In-App element password field using the "empty" or "not empty" operator. Active Directory Limitations User domain is NOT Equal to group domain: Old Agent: Only when USER domain is nested in DL (different domain to USER) that is nested in another DL (different domain to USER). User domain is NOT equal to resource domain (domain of the Agent machine): New Agent: DL group from USER domain will not work (see Microsoft known behavior: http://technet.microsoft.com/en-us/library/cc755692%28v=ws.10%29.aspx.) 5 5

The Application Server must have access to at least one Domain Controller of the 'Login Domain', otherwise the old Agent will fail to retrieve the user's group membership. This also occurs when there is One Way Trust between forests. In order that the Application Server/Web Console will refresh the Active Directory networking topology (for example, when there is a new Domain Controller, forest trust relationship, etc.), the user must reset the IIS (Microsoft Internet Information Server). 6 6

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback