The following notes describe the changes that are included in Log Correlation Engine (LCE) version 4.8, significant enhancements to LCE, and information about upgrading. A PDF file of these release notes is also available here.
General Upgrade Notes
- As with any application, it is always advisable to perform a backup of your LCE installation and archived logs before upgrading.
- Detailed instructions and notes on upgrading are located in the Log Correlation Engine 4.8 User Guide.
- The supported upgrade path to 4.8.0 is 4.6.1, 4.6.0, and 4.4.x. If you have deployed LCE < 4.4.x, please perform an intermediate upgrade to LCE 4.4.x, then upgrade to LCE 4.8.0.
- LCE version 4.8 is compatible with SecurityCenter version 18.104.22.168 or later. Older versions of SecurityCenter will work with LCE 4.8 without issues, but will not support some new features.
- LCE version 4.8 is compatible with LCE Clients version 4.0.0 or later. Older LCE Clients will not be able to log in and send event data to LCE 4.8.
- Please contact Tenable Support at firstname.lastname@example.org if you have any questions about compatibility issues.
File Names & MD5 Checksums
New Features and Improvements:
- LCE Client Management UI: LCE server 4.8 can manage clients that report data to it. The new Client management UI allows users to use the LCE server as a one stop shop for all client management options. Users can assign policies, rename clients, and authorized and delete clients all from the same screen. Multi-LCE organizations may manage clients locally via the LCE UI without using SecurityCenter.
- LCE Client Policy Editor: The new Client policy editor guides users in creating and editing client policies. The policy editor provides a complete listing of LCE clients and allows customers to configure policy and options for all clients. The policy wizard walks users through policy modifications by showing all possible options for the selected client type, and validating them on-the-fly using a simple editor that requires no knowledge of the format of the policy. Advance users may still use the adjacent XML editor to edit the raw policy contents, if desired.
- CVSS 3.0 Support: LCE now supports and scores select vulnerabilities based on CVSS 3.0 rating system. This is for a limited number of vulnerabilities and may affect some dashboards and reports
- Added configuration option to limit communication to TLS 1.2 only
- Replaced SHA1 certificate chains with SHA256
- Updated hash algorithm for completed silo from MD5 to SHA256
- Updated OpenSSL to version 1.0.2g
- Addressed CVE-2015-8035, upgraded Libxml to 2.9.3
- Segfault occurs when starting the LCE server, indexer, and TASL demons due to an issue in the config library
- LCE Server SYN Flooding
- Event rule filter “+Text” not filtering as expected
- LCE low priority queries execute slowly or not at all
- LCE- NDB Indexer will not attempt to index gzipped silos
- LCE and stats daemons not being shut down on reboot or shut down
- LCE reindex_db_elements: ERROR: unable to translate type 254
- LCE refuses to normalize usernames with inferred IPs
- TASL daemon does not attempt to read .ndb.gz files