立即与支持人员聊天
与支持团队交流

InTrust 11.4.2 - Release Notes

Release Notes

Quest® InTrust 11.4.2

Release Notes

November 2020

These release notes provide information about the Quest® InTrust release.

 

Topics:

 

About this release

Quest® InTrust delivers an enterprise-scale event log management solution for multi-location heterogeneous environments.

New features

New features in InTrust 11.4.2:

  • Alerts on more suspicious logons
    The new "Multiple logons by the same user from different workstations" rule helps you capture situations where a set of credentials is shared by a group of people or has been stolen by an attacker and is being tried on multiple computers at once. These incidents are tricky because they slip through the cracks if you are only focusing on individual workstations. The rule is based on making the InTrust server analyze incoming audit data from multiple monitored computers.
    To minimize false positives, the rule comes with a flexible set of parameters that let you fine-tune the analysis, including the logon types you want to watch for.
    The rule is located in the Advanced Threat Protection | Windows/AD Suspicious Activity | Gaining User Access | Suspicious logons rule folder.
  • Support for Exchange Server 2019 Auditing
    The Exchange auditing capabilities of InTrust have been extended to Exchange Server 2019.
  • Solaris Knowledge Pack distribution resumes
    The Knowledge Pack for Solaris has been rebuilt for this version of InTrust, and you don't need to get it from a previous version anymore.

Enhancements

Table 1: Enhancements in InTrust 11.4.2

Enhancement

Issue ID

Safer use of Repository Viewer searches for event forwarding purposes

If a search is used as an event filter for forwarding from any repository, this is now clearly indicated in Repository Viewer so that you don't accidentally break the forwarding configuration. If you try to edit such a search, you get a warning message, and deleting a filtering search (or a search folder that contains it) is disallowed.

IN-1320

Improved InTrust deployment health tracking with new rules

The following real-time monitoring rules have been added to help you ensure smooth InTrust operation:

  • InTrust Internal Events | InTrust Log Monitoring | Scheduled job failed
  • InTrust Internal Events | InTrust Log Monitoring | Repository write failed during real-time collection
  • InTrust Internal Events | Agent Management | Agent is not responding
  • InTrust Internal Events | Agent Management | Agent is lost

All of these rules are based on events from the InTrust Server log.

IN-12840

Deprecated features

The following is a list of features that are no longer supported starting with InTrust 11.4.2.

  • Auditing and real-time monitoring support for IBM AIX is discontinued

    This release does not include components or configuration items related to IBM AIX. It is not expected that future versions will provide them.

  • Auditing and real-time monitoring support for HP-UX is discontinued

    This release does not include components or configuration items related to HP-UX. It is not expected that future versions will provide them.

自助服务工具
知识库
通知和警报
产品支持
下载软件
技术说明文件
用户论坛
视频教程
RSS订阅源
联系我们
获得许可 帮助
技术支持
查看全部
相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级