Cluster Switchover Aggregate Policy – aggregating multiple issues into a related event. Instead of alerting per metric, generate one alert for a group of metrics associated with a cluster switchover event.
- Ability to re-run an Auto-Triage Element.
- Support for issue item – When a new issue item is added to the parent issue, the ATE will automatically run for all the issue items.
- View the history of all the runs and for all the issue items.
Local Passwords Policy
- Enforce password upon initial login.
- Option to generate password automatically.
- Password must meet complexity requirements policy – minimal password lengith, use of number and special character.
- Enforce password history policy to limit how often an old password can be reused.
- Maximum password age policy to ensure regular changing of passwords.
- Lock users out after a number of incorrect passwords.
- Send email notification prior to password expiry.
- Audit log for password changes.
- Enable ServiceNow integration from the UI.
Notification Behavior for Archived issues – When an issue is archived, the system will halt email notifications relating to the issue, but the system will continue to send updates to ServiceNow, Syslog and SNMP.
API Enhancement – Implemented API call filters to support:
- Issues created before / after
- Issues updated before / after
- Issues Severity
- Issues Category
- Filter by devices
- Filter by labels
- Filter for devices added before / after
- Filter by devices monitored / suspended
- Filter by device vendor
- FRONT-3663 Email notifications contain links to old issues framework
- FRONT-3536 Roles – Actions does not allow User Assignment
- FRONT-3509 Graph display is showing strange timeline
- DEVOPS-512 Backup and cold standby are running at the same time causing problems to copy the backups to the standby
- DEVOPS-408 Indeni Server memory allocation error
- DEVOPS-432 Ubuntu 18 – missing latest security updates
- Re-categorized (a list of rules re-categorized) and re-prioritized all the rules for improved alerting and reporting. See this list for details of all the changes.
- Created a new rule category “Center for Internet Security Rule (CIS)”.
- Changed the default severity for some rules from Error to Critical.
- Changed the default severity from Error to Warning for many rules.
- Moved some rules to the appropriate Rule Categories:
- New Check Point Auto-Triage Elements:
- RX packets overrun
- New alerts for PAN CVEs
- CVE-2020-2027 PAN-OS: Buffer overflow in authd authentication response
- CVE-2020-2028 PAN-OS: OS command injection vulnerability in FIPS-CC mode certificate verification
- CVE-2020-2029 PAN-OS: OS command injection vulnerability in management interface certificate generator
- CVE-2020-2032 GlobalProtect App: File race condition vulnerability leads to local privilege escalation during upgrade
- CVE-2020-2033 GlobalProtect App: Missing certificate validation vulnerability can disclose pre-logon authentication cookie
- IKP-3384 ASG – throughput alert False Positive due to ethtool reporting the wrong interface speed
- IKP-3964 VSX – Fixed VSW to collect relevant metrics only
- IKP-4018 VSX – Fixed the “Nat Connection limit nearing” duplicate issues
- IKP-4179 ATE – High CPU usage per core(s) – took into consideration the number of CPU cores
- IKP-4250 61k – power supply and fan down for non existing components
Palo Alto Networks:
- IKP-3278 PanOS Chassis devices not logging system environments for all chassis card slots
- IKP-4013 “Device not logging high DP Load” triggered for Panorama
- IKP-4353 panos-show-interface-rate – rx value returned for tx