What are thew new features and what has been resolved in InTrust 11.4.1?
解决办法
New Features:
Event forwarding in Syslog RFC 5424 format:
The Syslog message format defined by RFC 5424 is widely supported by SIEM providers. Now that InTrust can forward events in this format, you can easily integrate your InTrust-collected data with a variety of SIEM solutions, without the need for custom scripts implementing proprietary formats.
Enhancements:
InTrust Server log events have been made clearer and easier to analyze in Repository Viewer - IN-2561:
All InTrust Server log events now have named fields such as Repository, Server and Data Source Type. Previously, these fields were absent from some relevant events
Several InTrust Server log-based predefined searches have been added to Repository Viewer
Security log events about Active Directory changes are now broken into named fields in a more meaningful way that makes it easier to analyze security incidents. Thanks to new named fields in its event definitions, InTrust captures the names of all affected Active Directory attributes from such events - IN-5248
Resolved Issues:
If the Quest InTrust Server service crashes and is resumed later, real-time monitoring can stop functioning. This happens if email notification is enabled in any real-time monitoring rules – IN-4887