Security Center 3.4.6 Release Notes
The following list describes many of the changes that are included in Security Center version 3.4.6 and the significant issues that have been resolved. A PDF file of these release notes is also available here.
Snort IDS Signature Updates
Enabling "Nightly update of Snort signatures" now pulls the snort.ids.gz file from Tenable's web site (and not from Sourcefire (http://www.snort.org) or Emerging Threats.net (http://www.emergingthreats.net)). Tenable downloads the signatures and produces an aggregated snort.ids.gz file that is downloaded by the Security Center. Once downloaded, a snort.ids file is placed in the /opt/sc3/admin/ids directory.
The following options have been removed from the "Console -> Configure the Security Center" page:
- Oinkmaster Snort HASH
- Download Emerging Threats Snort signatures
Customers must have an IDS source configured to manage event alerts. An error message is displayed when navigating to the Event Alerting page if no IDS source has been configured.
List OS Analysis Tool
The "List OS" page for passive data now includes the type of device, if detected. Otherwise, "general-purpose" is displayed. This differs for active data where only the OS type is displayed.
Plugin 12053 (FQDN of the remote host) no longer counts towards the IP license.
Upgraded the following third-party dependencies to the specified versions: OpenLDAP 2.4.21, OpenSSL 0.9.8o, Apache 2.2.15, PHP 5.2.14, SQLite 220.127.116.11, libxml 2.7.7, libpng 1.2.44.
This is a rollup release and includes all fixes previously provided for Security Center 3.4.5 in hotfix01-hotfix04.
Hotfix01 for Security Center 3.4.5 (11/2/2009)
Static Asset List Add/Edit/Delete Screen:
This hotfix addresses several issues discovered with the "Static Asset List Add/Edit/Delete" screen:
- The Entries column previously reported the incorrect number of entries an asset list contained
- Adding multiple IPs/CIDRs/Ranges to an asset list incorrectly displayed an error
- The ability to delete the "Customer Ranges" static asset list has been added
- An error was incorrectly displayed when attempting to edit an asset list, that prevented the asset list from being edited
Hotfix02 for Security Center 3.4.5 (12/14/2009)
IDS Splash Screen: The "Top 10 Vulnerabilities-Security Event Analysis for last 7 days" chart does not display for asset lists with a file name that contains a space. By design, Security Center will update the splash charts when the next nightly updates occur. As of SC 3.4.5, the splash screen generation is optional but enabled by default. This option is evident for Security Center administrators, under the "Console -> Configure the Security Center" page, as "Enable splash screen chart updates". If this option is turned off, then the last generated splash chart will be displayed.
CSV Exports for Vulnerability Data: Large CSV exports for vulnerability data were truncated (in certain cases) to 10,000 lines. For example, if you request a CSV using the "Display Vuln Details" analysis tool and the total number of vulnerabilities is 27,000, you would only get a CSV consisting of 10,000 lines, instead of 27,000.
IDS Correlation: IDS correlation was not functioning as expected in 3.4.5. When navigating to "Events -> Analyze IDS Events" in the Security Center GUI and applying the Correlation Filter (by selecting "Yes" from the drop down menu), if there were events that correlated to vulnerabilities, a "No Records Found" message was always displayed.
Patched & Mitigated - First Observed/Last Discovered: First Observed and Last Discovered fields (in most cases) displayed the current date instead of the date of the event. This issued may have occurred if using Tenable's Passive Vulnerability Scanner (PVS) or you had imported scan data manually using the import_manual.pl script.
Comments Converted into Garbage When Opening Tickets: In some cases when tickets were entered for vulnerabilities, the comment text was converted to garbage because of an issue with MSIE6 and browser caching. Tenable recommends clearing your browser cache after applying this hotfix.
Plugin Output for Nessus "os_fingerprint.nasl" Plugin: A minor issue with the handling of the os_fingerprint.nasl plugin output has been corrected.
Plugin Updates Fail: In certain cases, plugin updates fail for Nessus scanners when using a proxy.
Hotfix03 for Security Center 3.4.5 (1/8/2010)
Scans Scheduled for 2010 Display "Launch Window Exceeded": Scans scheduled for the year 2010 would display "launch window exceeded" as their status message when the scan was submitted. However, the scan ran for the date/time that it was scheduled for, even though Security Center indicates otherwise.
Cannot Download .nessus Files from "Browse Individual Scan Results" Screen for 2010: An issue has been addressed that prevented downloading .nessus files from the "Browse Individual Scan Results" screen for a scan that completed in the year 2010. When trying to download the .nessus file, a screen was displayed with the text "Bad Date".
Large IDS Files Cause logd to Crash: The logd daemon would crash when it attempted to access a file larger than 2GB.
Hotfix04 for Security Center 3.4.5 (3/17/2010)
Certain Combinations of Asset Ranges Causes Scan to Fail: An issue was corrected where scans would fail to launch when using certain combinations of asset list ranges.
Randomize Target IPS - Scan Option: This option is no longer valid and has been disabled.
Scans Fail Using an Uploaded Static Asset List That Contains Spaces/Newline Chars: An issue has been addressed for scans failing to launch when using an uploaded static asset list that contains spaces and/or newline characters.
Rollover Scans Renamed Incorrectly: An issue has been addressed where rollover scan file names were being renamed incorrectly. This issue would prevent the Manage Scan options in the SC3 GUI from functioning properly.