TOC & Recently Viewed

Recently Viewed Topics

Log Correlation Engine 4.8.3 Release Notes - 10/30/2017

The following notes describe the changes that are included in Log Correlation Engine (LCE) version 4.8.3, significant enhancements to LCE, and information about upgrading.

Improvements:

  • Added Targeted IDS support for SourceFire version 6.2
  • Improved input validation of LCE login username field to prevent potential application issues caused by invalid characters
  • Continued improvements to LCE memory usage
  • Added better controls to mitigate password guessing attacks - admin account will be locked out after 5 unsuccessful login attempts
  • Raised TASL VM limit to 100 MB each, allowing TASLs to store more temporal information for correlation
  • Exposed sensor name to TASL scripts to allow users to pivot on the host / sensor name rather than relying only on IP addresses when TASLs are triggered

Security Enhancements:

  • Upgraded cURL/libcurl to version 7.56.1 to apply the latest security updates
  • Disabled 3DES cipher in LCE web server
  • Updated OpenSSL to version 1.0.2l

Resolved Items:

  • Fixed an issue where duplicate data sensor information and wrong timestamps were appearing in client and syslog sections of the LCE web UI
  • Fixed an issue that could cause the disk to fill with TASL abort log messages
  • Fixed a High Availability issue which could prevent the backup LCE server from taking over if primary server is brought down
  • Fixed an issue that caused the LCE daemon to restart with the 'Unable to reload the policy map' error
  • Fixed an issue that resulted in errors during processing of multiline attribute values in LCE policies and rendered the policy invalid
  • Fixed an issue where policy entries in Client Assignment Rules were being truncated if multiple client policies were added to a rule
  • Fixed an issue that could cause LCE to restart if plugins are reloaded while processing certain data
  • Fixed an issue that was causing the 'Next Step' button to be disabled on the Quick Setup Port Configuration page
  • Fixed intermittent LCE crashes caused by stopping of lce_tasld process
  • Stopped addition of duplicate syslog headers, when forwarding data via UDP or TCP event forwarding rules

 

File Names & MD5 Checksums

File SHA256 MD5 SHA1
lce-4.8.3-el5.x86_64.rpm 68a1c9501db6b33b7bb438fd4075017d13afdbbe86a056256e52e850dd93de9d 45f6f619ee9d13172df0ac626131d9eb N/A
lce-4.8.3-el6.x86_64.rpm 6db24c59a6c3de728622e6dabb0277e0935df7a1174b51764913d5c5f44ba344 dc32111361dbc06ead3cc29fa3c964d6 N/A
lce-4.8.3-el7.x86_64.rpm c5495e940daf6465f3fb70380100e5b03410e20bcef6c37517fde4438131549f 81d2f95c2b1ce2d585af6a437cc10d37 N/A

Copyright 2017 Tenable, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of Tenable, Inc.  Tenable, Tenable.io, Assure, and The Cyber Exposure Company are trademarks of Tenable, Inc.  All other products or services are trademarks of their respective owners.