Intrust 11.5 now supports InTrust 11.5 now supports Oracle 18c, 19c and 21c.
InTrust 11.5 now supports SQL Server 2019.
InTrust 11.5 now supports Openssl 3.0.7.
Intrust 11.5 now supports FIPS approved hashing and encryption algorithms. It can be enabled using the tool adcorgpwd.exe available in the SupportTools folder of installation folder.
For fresh installation, FIPS compliant algorithms are enabled automatically. For upgrade from older versions (11.4.2 or older), you need to enable it manually using the tool adcorgpwd.exe available in the SupportTools folder of installation folder. Once FIPS compliant algorithms are enable, they will remain enabled and cannot be changed back to Non-FIPS algorithms. Please refer Upgrade Document for further details.
This InTrust release does not include Solaris related components or configuration items. It is not expected that future versions will provide them.
The new "Multiple logons by the same user from different workstations" rule helps you capture situations where a set of credentials is shared by a group of people or has been stolen by an attacker and is being tried on multiple computers at once. These incidents are tricky because they slip through the cracks if you are only focusing on individual workstations. The rule is based on making the InTrust server analyze incoming audit data from multiple monitored computers.
To minimize false positives, the rule comes with a flexible set of parameters that let you fine-tune the analysis, including the logon types you want to watch for.
The rule is located in the Advanced Threat Protection | Windows/AD Suspicious Activity | Gaining User Access | Suspicious logons rule folder.
The Exchange auditing capabilities of InTrust have been extended to Exchange Server 2019.
The Knowledge Pack for Solaris has been rebuilt for this version of InTrust, and you don't need to get it from a previous version anymore.
This InTrust release does not include HP-UX related components or configuration items. It is not expected that future versions will provide them.
In earlier versions of PowerShell, the logging facilities were inferior to the recent versions. Therefore, a common attack strategy is to use an old version of PowerShell in order to prevent logging of malicious activity. This rule informs you about such threats. For details, see Monitoring for PowerShell Downgrades. The rule is located in the Advanced Threat Protection | Windows/AD Suspicious Activity | PowerShell rule folder.
This rule captures situations where a powerful account logs on to a workstation in ways that are vulnerable to pass-the-hash attacks, which are based on retrieval of credentials from memory or cache. The rule is located in the Advanced Threat Protection | Windows/AD Suspicious Activity | Gaining Administrative Rights rule folder.
The rule detects launches of suspicious processes, meaning processes that are started from unusual locations or generate events containing telltale keywords. As the name suggests, the rule relies on the Secuity log. The rule is located in the Advanced Threat Protection | Windows/AD Suspicious Activity | Backdoors rule folder. For details, see Setting Up Monitoring for Suspicious Processes.
The range of VMware systems that InTrust can audit has been extended to include ESXi 6.0, 6.5 and 6.7.
Event Log Recipient is a new type of notification recipient (formerly, operator) that makes it possible to use Windows event log as the notification destination. If this recipient is specified for a real-time monitoring rule, then InTrust generates an event about how the rule was matched and includes alert data. At this time, these events are written only to the InTrust log. You can use it to integrate InTrust alerts into your SIEM security log analytics workflow. Alerts provide the focus that you don't get by streaming everything into your SIEM.
For more details, see Example: Mirroring InTrust Real-Time Alerts in SIEM. For convenient batch configuration of rules, see Quest Support Knowledge Base article 312739.
© 2024 Quest Software Inc. ALL RIGHTS RESERVED. 使用条款 隐私 Cookie Preference Center