The following is a list of issues addressed in IT Security Search 11.4.1 Update 3.
Table 5: Resolved issues in IT Security Search 11.4.1 Update 3
Resolved Issue | Issue ID |
---|---|
If you use a function in your search query but omit the closing parenthesis, you get an unclear "Unrecognized expression" error message. |
IS-2875 |
On the Details page for any file, clicking the "Who has direct or indirect access permissions on this folder" action link in the left pane may cause an error. |
IS-2983 |
A saved search doesn't work if its query contains an ampersand (&). |
IS-2993 |
When you click a file or folder item to view its details, the details page takes a long time to open. |
IS-3330 |
When you save a query that contains a pair of parentheses, they are dropped from the resulting saved search. This can break the query. |
IS-3195 |
Table 6: Resolved issues in IT Security Search 11.4.1 Update 2
Resolved Issue | Issue ID |
---|---|
When you run searches on data provided by Enterprise Reporter, you get the following error message: Ambiguous column name 'WhenCreated'. This is caused by changes in the Enterprise Reporter database schema in version 3.2.1. |
IS-2707 |
IT Security Search uses an unreliable account impersonation method for connection to SQL Server. As a result, the connection uses the computer account of the IT Security Search server, and this fails with an error like the following: System.Data.SqlClient.SqlException (0x80131904): Login failed for user 'domain_name\itss_server_name$'. |
IS-2757 |
If the network link used by any of the enabled IT Security Search connectors is slow, then it takes a long time to show the details pages for items and may make the application unresponsive indefinitely. This happens even where no data from that connector is actually used. |
IS-2780, |
If you add tabs to the result grid and later try to remove them by clicking their cross icons, in some situations the tabs stay there. |
IS-1736 |
The following issues were resolved in previous releases of IT Security Search.
Table 7: Resolved issues in IT Security Search 11.4.1 Update 1
Resolved Issue | Issue ID |
---|---|
If an IT Security Search operator's scope is limited by a query that contains the name of a specific field (for example, Source="Active Roles"), then that operator may not be able to view details pages when clicking the links in search results. |
IS-2023 |
If the data store for the Warehouse component is in a network share that is not hosted on the IT Security Search server, then Active Roles events can be absent from search results. |
IS-1783 |
Indexing of effective group membership data from Enterprise Reporter is slow and causes the "tempdb" database to exceed its size limit. |
IS-2099 |
Indexing fails during calculation of group membership data from Enterprise Reporter if there is circular membership among the groups (meaning that groups are their own members through membership in other groups). |
IS-2121 |
In InTrust connector settings, if you select a repository but then click Cancel, the repository is still there the next time you reopen the settings. |
IS-1716 |
The breadcrumbs area contains garbage. |
IS-1972 |
Table 8: Resolved issues in IT Security Search 11.4.1
Resolved Issue | Issue ID |
---|---|
In some cases the Warehouse connector can produce huge error messages. |
IS-1282 IS-1719 |
In some cases, if you pin an object type as a tab and the object type name is not all-lowercase, then you get duplicate tabs for it: one has your original spelling and the other is all-lowercase. |
IS-1320 |
Sometimes if you copy a value from the search grid, garbage can be appended to the copied string. |
IS-1310 |
For computer local users, "null" is shown on the Member Of tab. |
IS-781 |
For some types of object (particularly, objects that reference other objects through attributes), when you click the VIew Details link, you get the details for the wrong object. |
IS-1465 |
If you expand or collapse the contents of a facet while a search is in progress, you may get an incomplete list of results. |
IS-1421 |
The Warehouse store index may become corrupted if the Warehouse service is stopped while the index is being built. |
IS-1411 |
If you use negative expressions in Warehouse searches, you may get incorrect search results for Enterprise Reporter data. |
IS-1440 |
The web UI doesn't get dates from the IT Security Search server in a consistent format. It isn't always clear which number is the month and which is the day. |
IS-1659 |
The details view for an Active Directory account shows the Last Logon field with a timestamp taken from Active Directory. However, it's possible that there are more recent logons by the account. Information about the last logons should be available in the events view instead of the details view. |
IS-1751 |
When you try to click a facet to filter results, it can suddenly move away from the cursor. |
IS-1880 |
If you use the Warehouse connector for working with Enterprise Reporter data in an environment with a large number of Active Directory objects, then data for container objects with a lot of members may fail to be saved in the Warehouse store. |
IS-1580 |
If multiple events of the same kind (meaning, with the same values in fields such as What, Who, Whom and Where) occur less than a second apart, then the View Details link for all of these events may point to the newest of them. |
IS-1043 |
The following is a list of issues, including those attributed to third-party products, known to exist at the time of release.
Table 9: General known issues
Known Issue |
Issue ID |
---|---|
Internet Explorer becomes unresponsive when IT Security Search shows a modal dialog box on top of the browser windows. You can work around this by minimizing all windows and clicking the close button in the modal window; Internet Explorer resumes working. |
IS-360 |
After an IT Security Search upgrade, the layout of the controls in the web interface can appear broken (missing blocks of data, misplaced elements and so on). You can correct this by refreshing the page, preferably with a cache cleanup (Ctrl+F5). |
— |
During the IT Security Search Warehouse installation step of IT Security Search setup, an unused service connection point is created in Active Directory. This operation is skipped if the user account used for installation doesn't have the required privileges. Whether or not the service connection point is created, this has no effect on the installation or operation of IT Security Search. |
IS-954 |
If you are upgrading IT Security Search from version 11.3 or later and you use data sending from Enterprise Reporter 3.0, you may need to go to Enterprise Reporter Configuration Manager and resend all data to IT Security Search. Otherwise, no pre-upgrade Enterprise Reporter data will be available to IT Security Search. |
— |
Search results from InTrust repositories and IT Security Search Warehouse may be incomplete. Eligible objects will be skipped if their names contain any of the following characters: . @ " This issue affects the following:
|
IS-1162 |
The IT Security Search Warehouse component may become inaccessible if you reinstall IT Security Search into the same organization where IT Security Search was previously deployed. Root-cause: Newly installed server will receive new identification and data collected by a server with another ID will not be available for it. Workaround:
After the reconfiguration is finished, the following services should be started on IT Security Search server:
It is recommended to either deploy a separate InTrust organization for IT Security Search every time you install the server or always perform the reconfiguration. InTrust system protects data collected by a specific server and prevents unauthorized access even for queries from the same computer. |
IS-1256 |
Before installing IT Security Search 11.4.1 Update 3, ensure that your system meets the following minimum hardware and software requirements.
The following versions of data-providing systems are supported in this version of IT Security Search:
The IT Security Search Web interface works correctly with the following browsers:
The minimum supported monitor resolution is 1024x768.
To find out the disk requirements for IT Security Search installation, consider the sections below. They describe how much disk space is used for indexing data provided by specific connectors.
These numbers are for a sample environment with 10000 of each type of Enterprise Reporter object. Scale the values according to your own circumstances.
Object type | Size of an index entry | Number of objects | Size of the index |
---|---|---|---|
Computers | 1KB | 10000 | 10MB |
Files | 0.2KB | 10000 | 2MB |
Groups | 2.5KB | 10000 | 25MB |
Shares | 1KB | 10000 | 10MB |
Users | 2KB | 10000 | 20MB |
Total | 50000 | 67MB |
These are the average index entry sizes for each type of Enterprise Reporter object. Use them in calculating the required disk space for your particular on-premises or hybrid environment.
Note that there are generally multiple index entries per object, depending on how often objects are changed.
Object type |
Average size of an index entry, in kilobytes |
---|---|
AD Permissions |
2.1 |
AD Contacts |
3.3 |
Computers |
1.6 |
Groups |
1.5 |
Files |
1.5 |
OUs |
2.3 |
Shares |
2.1 |
Users |
1.6 |
Azure Applications |
1.6 |
Azure Contacts |
1.6 |
Azure Devices |
5 |
Azure Groups |
1.4 |
Azure Network Security Groups |
2.2 |
Azure Resource Groups |
1.5 |
Azure Resource Subscriptions |
5 |
Azure Resources |
1.6 |
Azure Roles |
1.4 |
Azure Service Principals |
1.5 |
Azure Tenants |
2.8 |
Azure Users |
3.4 |
Azure Virtual Machines |
2.5 |
An index entry for a single Active Roles event in IT Security Search Warehouse takes 0.5KB on average. Estimate the event rate in your environment to calculate the required disk space.
To display InTrust and Change Auditor events, IT Security Search uses the built-in indexes in InTrust and Change Auditor data stores, so no additional disk space is required.
It is recommended that you install IT Security Search in the same domain as the servers of your data-providing systems: InTrust, Enterprise Reporter, Change Auditor, Recovery Manager for Active Directory and Active Roles. Do not install IT Security Search on any of those systems' servers.
This product does not require licensing.
© 2024 Quest Software Inc. ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center