Release Notes
September 2018
These release notes provide information about the Quest® InTrust release.
Topics:
Quest® InTrust 11.3.2 delivers an enterprise-scale event log management solution for multi-location heterogeneous environments.
New features in InTrust 11.3.2:
See also:
Table 1: Enhancements in InTrust 11.3.2
Enhancement |
Issue ID |
---|---|
The number of file open operations during indexed repository searches has been reduced significantly. This increases repository search performance. The speedup is most noticeable in searches that return few results; in some cases such searches run twice as fast as before. |
IN-900 |
Syslog events collected from Unix hosts are now more compact in repositories, because redundant data is not stored anymore. The optimized Syslog event data takes four to ten times less space than before. |
IN-901 |
InTrust Deployment Manager user experience has been improved:
|
IN-1161 |
The sets of event fields for the Windows Security log and InTrust Server log have been extended to make event records clearer. For details, see the Changes to Event Fields topic. |
IN-1454 |
All SSRS reports in the Windows Report Pack can now handle events from Windows Server 2016 and from prior Windows versions equally well. |
IN-2573 |
For convenience and better visibility, all real-time monitoring rules for attack prevention have been moved to a dedicated “Advanced Threat Protection” rule group. The bindings of those rules to real-time monitoring policies did not change. |
IN-2524 |
The set of attributes for filtering objects in sites and gathering policies has been updated to better match the versions of Windows supported by InTrust. There are now appropriately named attributes for all supported Windows versions, and older Windows versions are now specified by the Legacy Windows (agentless gathering) attribute. |
IN-1684 |
Repository search query processing has been improved to make some previously unsupported search terms work on indexed data. Relevant results are now returned for individual parts of strings containing ampersands, such as "smith&sons". Search terms like "smith" and "sons" didn't return such results before. |
IN-2605 |
InTrust now distinguishes if Syslog events from Linux were generated through the use of sudo. To search for such activity in Repository VIewer, make sure that the Source field is "sudo" and the What fields contains "Permission Request". |
IN-2410 |
On Linux hosts, InTrust agents now set up Syslog auditing and real-time monitoring automatically. No manual Syslog-related configuration is required on Linux anymore. |
IN-2513 |
The following is a list of issues addressed in this release.
Table 2: Resolved issues
Resolved Issue |
Issue ID |
---|---|
The following real-time monitoring rules don't trigger alerts on Debian GNU/Linux hosts:
|
IN-1739 |
The format of the dates and times displayed in Repository Viewer is not consistent with the system date and time format settings on the computer where Repository Viewer is running. |
IN-1250 |
When InTrust captures Syslog messages, if the timestamp of a message doesn't contain the year, InTrust may supply the year value incorrectly, so that the event appears to occur in the future. |
IN-1766 |
When hot repository index files are merged together, if a file becomes corrupted, InTrust Server crashes without any error messages. This is an extremely rare situation. |
IN-1769 |
Repository cleanup operations use an excessive number of disk accesses. As a result, cleanup takes a very long time. This behavior can also be interpreted as an attempted attack, and InTrust can be denied access to the repository. |
IN-1916 |
During InTrust upgrade, the installer fails to update information about known named event fields in the configuration database. As a result, an incomplete set of named event fields may be in use after the upgrade. |
IN-2300 |
Repository indexing uses an excessive number of disk accesses. This behavior can be interpreted as an attempted attack, and InTrust can be denied access to the repository. |
IN-1272 |
The predefined custom filters for real-time monitoring rules don't work for events from Windows Server 2016 unless you edit the OS version matching condition in those filters. |
IN-1740 |
When multiple repository searches are performed simultaneously, some of them can fail with the following error: "The indexing server is busy. Please try again later". |
584592 IN-1923 |
© 2024 Quest Software Inc. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center