Release Notes 5.3
Welcome 5.3!
In this release we’ve included over 400 improvements to the underlying infrastructure and bugfixes, added new content and expanded our Palo Alto Networks firewalls’ support. Please reach out to our support team to get the updated release.
IMPORTANT NOTE TO CHECK POINT USERS: Starting with 5.3, indeni no longer uses port 8181 to communicate with the firewall. The advantages of using port 8181 prior to 5.3 are now built into the use of port 22, the standard SSH port.
NOTE: Customers who require support of a given product version prior to the main release can contact support@indeni.com and a running build will be provided.
Select new signatures:
- IK-2301: Signature Request: alert when the in.ahclientd operating system process goes down (Check Point firewalls)
- IK-2273: Configuration Check Request: alert when a specified hotfix is used with the wrong take (Check Point firewalls)
- IK-2272: Configuration Check Request: alert when the TCP and UDP ports open on a given device do not follow the baseline (Check Point firewalls)
- IK-2271: Alert when a device is running older versions of software (Palo Alto Networks firewalls)
- IK-2218: Configuration Check: alert when a firewall that is managed by Panorama is also using local rules (Palo Alto Networks firewalls)
- IK-2217: Alert when one member of a firewall cluster is running an older software version than the other, including Wildfire and AV updates (Palo Alto Networks firewalls)
- IK-2191: Signature Request: alert when a job is stuck in pending (Palo Alto Networks firewalls)
Select bugs fixed and minor improvements:
- IS-1813: Network Health: Improve performance and reduce impact on other web console operations
- IS-1808: Deprecated: Configuration Journal (under Compliance Management), will be reinstated at a later version with a rewritten algorithm
- IS-1797: Analysis Tab: In some occasions, the dates were wrong
- IS-1776: Device Explorer: Make the search more exhaustive
- IS-1773: Stop using TLS v1.0 and all RC4 ciphersuites
- IS-1771: Add the name of the affected domain or virtual system in e-mail alerts
- IS-1767: Ensure no temporary files remain on the analyzed device after a failed backup
- IS-1765: Add alert creation timestamps in the Alert Summary report
- IS-1457: Better handling of unrelated log messages appearing during device backup (Check Point firewalls)
- IS-1446: Fixed multiple scenarios where the indeni web console is overloading indeni’s backend
- IS-1441: Remove redundant groups showing for F5 devices
- IS-1424: Verified that fw_worker CPU usage is working on all scenarios
- IS-1411: Install VMWare Tools in order to decrease the likelihood of file corruption due to hard power off of the virtual machine that indeni is running on.
- IS-1399: Juniper Junos (SRX): failure to parse certain process names and data
- IS-1348: Scheduled reports not adhering to DST changes
- IK-2388: Operating system processes not shown in “High Average CPU Usage” alert for Cisco switches and routers
- IK-2377: Improve the logic for the safeguard triggered during high CPU
- IK-2375: Reduce storage used by operating system process data when collected from analyzed devices
- IK-2363: Reduce the number of commands run simultaneously on smaller Check Point IP appliances
- IK-2359: Consolidate alerts for “operating system process is down” checks
- IK-2357: Improve collection of operating system process data in Palo Alto Networks firewalls
- IK-2348: Issue Failed to Communicate for devices that present a non-standard password prompt (Check Point IP appliances)
- IK-2346: Simplify license verification logic and improve its performance
- IK-2344: Device backups run immediately, in some cases, after configuring them instead of waiting for the scheduled time
- IK-2339: Increase sensitivity of “swap memory usage” alert
- IK-2338: Improved alerting for known vulnerabilities in Cisco software
- IK-2327: Ensure trending database files are safeguarded from multiple write operations running in parallel
- IK-2326: Adjust calculation of memory utilization of management pane (Palo Alto Networks firewalls)
- IK-2321: Add identification of CPU utilization of separate cores and planes (Palo Alto Networks firewalls)
- IK-2319: False positive: “no valid license exists” (Check Point VSX firewalls)
- IK-2314: False positive: “DNS server resolution test failed” when DNS resolution takes 0 milliseconds
- IK-2305: Analysis Tab: network interface related graphs missing sometimes
- IK-2302: Failure to correctly identify and handle virtual systems in certain versions (Check Point VSX)
- IK-2287: Network Health: resolve performance degradation caused by a high number of critical alerts
- IK-2270: “High Average CPU Usage” alert not triggering in certain cases
- IK-2263: Eliminate idle sessions left open by indeni’s analysis of a device (Palo Alto Networks firewalls)
- IK-2254: Identification of virtual system fails in certain cases (Check Point VSX firewalls)
- IK-2252: Increase default threshold for DNS response time check
- IK-2251: Analysis Tab: holes appear in graphs in certain circumstances
- IK-2248: Improve identification of shell prompt (F5 load balancers)
- IK-2245: Improve NTP issue alerting and reduce potential false positives (Palo Alto Networks firewalls)
- IK-2240: False positive: “firewall is in a critical state” for certain virtual systems (Check Point VSX)
- IK-2237: Error during parsing of job data for certain jobs still executing (Palo Alto Networks firewalls)
- IK-2231: Increase thresholds for the “file descriptor leak” alert
- IK-2224: Improve alerting when communication with a device has failed during setup
- IK-2220: Read the list of firewalls from Panorama to ease adding of new firewalls to indeni (Palo Alto Networks firewalls)
- IK-2216: Adjust “High Storage Usage” alerts for storages that are normally above 80%, such as /opt/panlogs (Palo Alto Networks firewalls)
- IK-2215: Support routing domains for Self IP (F5 load balancers)
- IK-2209: Several performance improvements and bottleneck reductions in the analysis engine
- IK-2199: False positive: identification of a second power supply when one does not exist on an IP appliances (Check Point firewalls)
- IK-2195: Actual Configuration: missing information for specific virtual systems running on certain software versions (Check Point VSX)
- IK-2194: False positive: alert for “management server HA sync issues” triggered for self synchronization (Check Point firewalls)
- IK-2187: False Negative: “ICMP redirects not allowed” not triggered in certain situations (Check Point firewalls)
- IK-2174: “Core dump files found” alert appearing with significant delay
- IK-2173: False Positive: “ClusterXL member is in a critical state” triggered in some Active/Active states (Check Point firewalls)
- IK-2171: Analysis automatically suspended due to a false identification of repeated restart (Cisco routers and switches)
- IK-2168: Fix access test for certificate authority
- IK-2167: False Positive: alerts issued regarding certain kernel tables nearing their maximum, due to a miscalculation of the maximum (Check Point firewalls)
- IK-2162: Aggregate multiple alerts for problematic log lines into one alert to reduce alert count
- IK-2157: Storage utilization information missing for some devices (Check Point firewalls)
- IK-2147: Identify clusters of firewalls (Palo Alto Networks firewalls)
- IK-2124: Ensure user is using tmsh and not bash during analysis (F5 load balancers)
- IK-2115: Configuration Check: the check for users defined may have false positives (Check Point firewalls)
- IK-2089: SSH-based analysis doesn’t handle RADIUS-related error messages appearing during login
- IK-2071: False Positive: “License(s) usage high” (Check Point VSX)
- IK-2061: Inventory Report: each VS on a VSX appears with a separate line but without the VS’s name (Check Point VSX)
- IK-2049: SSL transactions per second (TPS) calculated incorrectly (F5 load balancers)
- IK-2043: False Positive: “No sync interface defined for cluster member” in certain situations (Check Point firewalls)
- IK-2039: Logs relating to SSH sessions flooding /var/log/messages (Check Point firewalls)
- IK-1994: Failure to identify the amount of kernel memory used in certain software versions (Check Point VSX)
- IK-1954: “SSH session timeout” too short for many devices
- IK-1931: “Failed to Communicate” alert not generated when wrong username and password is used (F5 load balancers)
- IK-1907: Cannot read output of “cpstat sensors” in some cases (Check Point firewalls)
- IK-1819: “High CPU usage of specific cores” should only alert on a machine with more than one core
- IK-1647: “Failed to Communicate” alert not generated when device is reinstalled (Cisco routers and switches)
- IK-1612: “Connection lost to log servers” alert doesn’t automatically resolve when the missing log server is removed from the management server’s database (Check Point firewalls)
- IK-1582: Alerts pertaining to the behavior of the sync network are missing a reference to SK34475 (Check Point firewalls)
- IK-1524: /var/tmp on certain devices contains remainders of indeni-specific temporary files (Check Point firewalls)