지금 지원 담당자와 채팅
지원 담당자와 채팅

InTrust 11.5.1 - What's New

Whats new in InTrust 11.5.1

Oracle 18c, 19c and 21c support

Intrust 11.5 now supports InTrust 11.5 now supports Oracle 18c, 19c and 21c.

SQL Server 2019 support

InTrust 11.5 now supports SQL Server 2019.

Openssl 3.0.7 support

InTrust 11.5 now supports Openssl 3.0.7.

Other updates

  • InTrust now uses AES Encryption in place 3DES Encryption.
  • In-Place upgrade option in Installer is disabled.

What's New in 11.5

FIPS hashing and encryption algorithms

Intrust 11.5 now supports FIPS approved hashing and encryption algorithms. It can be enabled using the tool adcorgpwd.exe available in the SupportTools folder of installation folder.

For fresh installation, FIPS compliant algorithms are enabled automatically. For upgrade from older versions (11.4.2 or older), you need to enable it manually using the tool adcorgpwd.exe available in the SupportTools folder of installation folder. Once FIPS compliant algorithms are enable, they will remain enabled and cannot be changed back to Non-FIPS algorithms. Please refer Upgrade Document for further details.

Support for Sun/Oracle Solaris is Discontinued

This InTrust release does not include Solaris related components or configuration items. It is not expected that future versions will provide them.

What's New in InTrust 11.4.2

Alerts on More Suspicious Logons

The new "Multiple logons by the same user from different workstations" rule helps you capture situations where a set of credentials is shared by a group of people or has been stolen by an attacker and is being tried on multiple computers at once. These incidents are tricky because they slip through the cracks if you are only focusing on individual workstations. The rule is based on making the InTrust server analyze incoming audit data from multiple monitored computers.

To minimize false positives, the rule comes with a flexible set of parameters that let you fine-tune the analysis, including the logon types you want to watch for.

The rule is located in the Advanced Threat Protection | Windows/AD Suspicious Activity | Gaining User Access | Suspicious logons rule folder.

Support for Exchange Server 2019 Auditing

The Exchange auditing capabilities of InTrust have been extended to Exchange Server 2019.

Solaris Knowledge Pack Distribution Resumes

The Knowledge Pack for Solaris has been rebuilt for this version of InTrust, and you don't need to get it from a previous version anymore.

HP-UX Auditing and Real-Time Monitoring Support is Discontinued

This InTrust release does not include HP-UX related components or configuration items. It is not expected that future versions will provide them.

New in InTrust 11.4.1 Update 1

New Real-Time Monitoring Rules for Detection of Advanced Threats

PowerShell downgrade attack detected

In earlier versions of PowerShell, the logging facilities were inferior to the recent versions. Therefore, a common attack strategy is to use an old version of PowerShell in order to prevent logging of malicious activity. This rule informs you about such threats. For details, see Monitoring for PowerShell Downgrades. The rule is located in the Advanced Threat Protection | Windows/AD Suspicious Activity | PowerShell rule folder.

Exploitable logon by high-privileged account

This rule captures situations where a powerful account logs on to a workstation in ways that are vulnerable to pass-the-hash attacks, which are based on retrieval of credentials from memory or cache. The rule is located in the Advanced Threat Protection | Windows/AD Suspicious Activity | Gaining Administrative Rights rule folder.

Suspicious process was started (Security log on Windows 10 / Windows Server 2016 and later)

The rule detects launches of suspicious processes, meaning processes that are started from unusual locations or generate events containing telltale keywords. As the name suggests, the rule relies on the Secuity log. The rule is located in the Advanced Threat Protection | Windows/AD Suspicious Activity | Backdoors rule folder. For details, see Setting Up Monitoring for Suspicious Processes.

Support for VMware ESXi 6.0–6.7 Auditing

The range of VMware systems that InTrust can audit has been extended to include ESXi 6.0, 6.5 and 6.7.

Logging of Real-Time Monitoring Rule Matches and Alerts

Event Log Recipient is a new type of notification recipient (formerly, operator) that makes it possible to use Windows event log as the notification destination. If this recipient is specified for a real-time monitoring rule, then InTrust generates an event about how the rule was matched and includes alert data. At this time, these events are written only to the InTrust log. You can use it to integrate InTrust alerts into your SIEM security log analytics workflow. Alerts provide the focus that you don't get by streaming everything into your SIEM.
For more details, see Example: Mirroring InTrust Real-Time Alerts in SIEM. For convenient batch configuration of rules, see Quest Support Knowledge Base article 312739.

셀프 서비스 도구
지식 기반
공지 및 알림
제품 지원
소프트웨어 다운로드
기술 설명서
사용자 포럼
비디오 자습서
RSS 피드
문의처
라이센싱 지원가져오기
기술 지원
모두 보기
관련 문서

The document was helpful.

평가 결과 선택

I easily found the information I needed.

평가 결과 선택