Release Notes 8.1.0
Platform
New Features
- New Analytics Dashboard
- Issues At-A-Glance with a summary of issues organized by Rule Category and Severity
- Heatmap to show the top 10 devices with the highest number of issues
- The average and median number of issues per day per device, % of total issues from top 10 devices to help identify ‘problematic’ devices
- A new ‘Connection Counts’ graph with a line to show the average number of connections
Improvements
- Offline Upgrade process – eliminated the manual steps by using the ‘pre-offline’ command (available after upgrade)
- Persist the customer’s issued SSL certificate parameters through upgrades in order to eliminate the need for manual post-upgrade settings (available after the upgrade)
- Create support for persistent applications’ config files in order to eliminate manual post-upgrade settings (available after the upgrade)
- Alert Exports – added new fields (vendor, OS name, OS version).
Note: alerts created prior to 8.1 will not contain these fields
Bug Fixes
- FRONT-3827 Audit Log – display ‘Device Suspended’ activity
- FRONT-3829 Rule Configuration – enforce the selection of devices/labels to new configurations
- FRONT-3830 Device Page – added the ability to assign multiple devices to a label
- FRONT-3832 Issue Export – corrected timestamps, added vendor/os-version/revalidation-date
- FRONT-3833 Knowledge Explorer – avoid showing the same Automation Playbook repeatedly
- FRONT-3835 Custom Report – avoid displaying empty new reports until the browser is refreshed
- FRONT-3847 Knowledge Explorer – System rules – allow changes to be saved without device/label assignment
Knowledge
New Releases
- Support for Check Point release R81.20
- Support for Palo Alto Networks NGFW release 11.x
New Features
- New Auto Detect Elements for Check Point GAiA
- Alert if IPS is bypassed
- Alert if Dynamic Balancing Status if ‘OFF”
- Monitor the status of the Identity Awareness PDP Broker
- Alert on Domain Objects with FQDN
- Improvements for Check Point GAiA
- CHKP Firewall: “repeated failed login attempts” – added support for a threshold (new default value of 5 instead of 1)
- CHKP Firewall: “repeated failed login attempts” – added the source IP address to the reported user
- CHKP MDS: ‘known devices’ query – changed the interval from 5 minutes to 60 minutes
- New Auto-Detect Elements for Palo Alto Networks NGFW
- Alert if the primary static route is not configured
- Alert when the path-monitor is down
- Alert if an interface in an aggregated link is flapping
- New Auto-Detect Elements for Panorama
- Alert if the commit is not scheduled
- Alert if commit failed
- Alert when Panorama fails to connect to Active Directory servers
- Added HIGH severity CVE alert CVE-2022-0030 PAN-OS: Authentication Bypass in Web Interface
- New metrics for Broadcom Blue Coat ProxySG
- Alert if the total content analysis requests are low in a 15-minute window
Bug Fixes
- IKP-4671 F5 devices are appearing as CentOS
- IKP-4752 PANW – show_panorama-status.py support parsing of empty input
- IKP-4761 Zscaler – HA rules are incorrectly showing up in Knowledge Explorer
- IKP-4763 ASG – chkp-asg-cores-util support parsing of “NA” value
- IKP-4775 ZS – fixed the port consumption and file description exhaustion rules to reflect Zscaler
- IKP-4776 PANW – panos-show-system-resources-panos9 – fixed parsing error
- IKP-4782 F5 – added support the new ‘ifconfig’ format
- IKP-4790 CHKP – mdsstat – changed COLUMNS 150 to 170 in order to support long CMA names