Chat now with support
Chat with Support

InTrust 11.4.1 - Release Notes

Release Notes

Quest® InTrust 11.4.1

Release Notes

June 2019

These release notes provide information about the Quest® InTrust release.




About this release

Quest® InTrust 11.4.1 delivers an enterprise-scale event log management solution for multi-location heterogeneous environments.

New features

New features in InTrust 11.4.1:

  • Event forwarding in Syslog RFC 5424 format
    The Syslog message format defined by RFC 5424 is widely supported by SIEM providers. Now that InTrust can forward events in this format, you can easily integrate your InTrust-collected data with a variety of SIEM solutions, without the need for custom scripts implementing proprietary formats.
  • Event forwarding takes advantage of TLS
    Event forwarding over TCP can now be secured with TLS in environments where this type of security is used. TLS-Secured TCP is a new transport option in the forwarding settings for InTrust repositories.
  • Support for multiple filters for event forwarding
    Unlike previous releases where you used one event forwarding filter per repository, you can now specify multiple filters. InTrust will forward events that match any of the filters you select. Each filter you add broadens the scope instead of narrowing it.
  • Support for deployment on Windows Server 2019 and SQL Server 2017
    InTrust components can be installed on computers running Windows Server 2019. InTrust configuration, audit and alert databases can be hosted on Microsoft SQL Server 2017.
  • Best practice filters for event forwarding
    InTrust provides a set of event forwarding filters that incorporate security analysis best practices. These filters incorporate recommendations from such sources as NSA and MITRE and categorized so that you can easily combine them as necessary.
    The filters are customarily implemented as searches and are available in the Threat Hunting | Windows | Native OS Logs Telemetry search folder.
  • InTrust SDK improvements
    The InTrust SDK now provides bindings for working with sites and event forwarding configuration.
  • Alerts on password spraying attempts
    The new "Potential password spraying (multiple failed logons for valid accounts)" rule captures situations where an attacker tries multiple user names in a row with the same password, circumventing the built-in account-locking mechanism.
    The rule complements the existing multiple logon failure rules and is located in the Advanced Threat Protection | Windows/AD Suspicious Activity | Gaining User Access | Brute-force attacks rule folder.

IMPORTANT: This release does not contain any changes to the Knowledge Packs for Solaris and IBM AIX, therefore these components were not rebuilt for InTrust 11.4.1 and are not included. If you need InTrust configuration objects related to these platforms and InTrust agents for them, use previous versions of these components. Do one of the following:

  • If you are upgrading to InTrust 11.4.1, just perform the upgrade. Your agents and configuration objects will keep working.
  • If you are doing a fresh deployment of InTrust 11.4.1, install version 11.4 of the Knowledge Packs in addition. To download the packages, go to

See also:


Table 1: Enhancements in InTrust 11.4.1


Issue ID

InTrust Server log events have been made clearer and easier to analyze in Repository Viewer:

  • All InTrust Server log events now have named fields such as Repository, Server and Data Source Type. Previously, these fields were absent from some relevant events.
  • Several InTrust Server log-based predefined searches have been added to Repository Viewer.


Security log events about Active Directory changes are now broken into named fields in a more meaningful way that makes it easier to analyze security incidents. Thanks to new named fields in its event definitions, InTrust captures the names of all affected Active Directory attributes from such events.


The performance of repository searches has been significantly improved. Generally, searches are now at least 30% faster. In the best cases, they are up to 8 times faster.


Resolved issues

The following is a list of issues addressed in this release.

Table 2: Resolved issues

Resolved Issue

Issue ID

The forwarding statistics in the properties of a repository in InTrust Deployment Manager are shown in an unclear notation when a large number of events have been processed.


Self Service Tools
Knowledge Base
Notifications & Alerts
Product Support
Software Downloads
Technical Documentation
User Forums
Video Tutorials
What's New
Contact Us
Licensing Assistance
Technical Support
View All
Related Documents