Release Notes 8.4.0

For more details about this release, read this blog.

Platform

New Features

  • New embedded long time time-series database (timescaledb), enabling anomaly detection with machine learning
  • New CVE engine with the ability to retrieve CVE information from MITRE and NIST NVD and dynamically generate alerts
  • Custom reports – new system-defined reports
    • Out-of-the-box PCI compliance report
    • Out-of-the-box CVE report
  • Ability to send email notification for each alert item

Improvements

  • Custom reports
    • Ability to save the selected legends and filters
    • Ability to unselect all items from the legend

Bug Fixes

  • IND-263 Fixed the navigation problem from the home page to the analysis page
  • IND-328 Custom Report: Legend items overflow the chart area

Knowledge

New Features

#1 BueCat Integrity

New auto-detect elements:

  • DNS forwarder not working  
  • DNS serial # falling too far behind  
  • DHCP range nearing exhaustion   
  • Deployment failure  
  • Long deployment time (BAM only)  
  • Invalid or missing service-type key  
  • TCP client limit approaching (BDDS) 
  • Disk errors  
  • Excessive swap   
  • Zone transfer failure  
  • Database size is higher than recommended (BAM only)  
  • No syslog servers are configured 
  • Syslog server config does not meet compliance requirement  
  • XHA split-brain detected (BDDS only) 
  • Missing SSH access timeout configuration 
  • Configured SSH timeout too high 
  • Configured Web Management (GUI) timeout too high (BAM only) 
  • Hardware end of support nearing 
  • Memory usage of dhcpmon process high (BDDS only) 
  • Zone transfer failure (BDDS only) 

Anomaly detection for BlueCat BDDS:

  • SERVFAIL

Other enhancement:

  • Discover the list of BDDS from BAM, add the list to Known devices, greatly simplifying adding devices

#2 Broadcom/Symantec/Blue Coat Content Analysis

New Auto-Detect Elements:

  • ICAP queue count
  • ICAP failure
  • Hardware state failures
  • Port failures
  • Port utilization

Other enhancement:

  • Show device uptime in UI

#3 Check Point Maestro

  • Added security group support to Known Devices, greatly simplifying adding devices

#4 Palo Alto Networks NGFW

New Auto-Detect Elements: 

  • Alert on critical system alarms
    • BFD local state changed to down (critical) 
    • BFD local state changed to init (warning) 
    • BFD local state changed to admin down (info) 
    • BFD remote state changed to down (critical) 
    • BFD remote state changed to init (warning) 
    • BFD remote state changed to admin down (info) 

Anomalies detection for Palo Alto Networks drop counters

  • flow_tcp_non_sync_drop
  • flow_policy_deny
  • flow_action_close
  • nat_xlat_address_resolved_fail 

#5 CVE (multi-vendors)

  • Over 200 new common vulnerabilities and exposures rules (from 2022-2024) for Broadcom/Symantec CAS, ProxySG, Check Point, Cisco ASA, F5 LTM, Fortinet FortiGate, and Palo Alto Networks NGFW

Bug Fixes

  • IND-309 BlueCat BDDS: DNS statistics not available in HA passive mode
  • IND-310 BlueCat BDDS: named service not available in HA passive mode
  • IND-323 BlueCat Fixed meta_condition and supported fields rules with metric memory-usage
  • IND-375 BlueCat BDDS: Fixed the incorrect dhcpmon name in the list of services
  • IND-392 BlueCat BDDS: Fixed the DNS connectivity check issue
  • IND-420 BlueCat BDDS: Incorrect service status on passive xHA node (DNS service is down)
  • IND-36 CHKP: avoid issue on low values for chkp-mds-track-log-rotate
  • IND-99 CHKP: Fixed various chkp-http-login-denied issues
  • IND-362 CHKP Maestro: Fixed the cpu usage issue
  • IND-363 CHKP Maestro: Fixed the memory usage issue
  • IND-364 CHKP Maestro: Fixed the NTP sync false positive
  • IND-366 CHKP Maestro: Fixed the interface down false positive
  • IND-370 CHKP: Fixed the cphaprob_a_if_no_vsx parsing error
  • IND-377 CHKP: fixed the enabled_blades_vsx.py parsing error
  • IND-378 CHKP: Fixed the chkp_contract_file_size.py parsing error
  • IND-384 CHKP: Fixed the “Interface nearing maximum Rx/Tx throughput” reporting error over 100%
  • IND-416 CHKP CloudGuard: added support for “enabled”
  • IND-418 CHKP: Fixed tag “name” in “process-cpu” and “process-memory” metrics
  • IND-343 F5: Fixed the “Hardware element down – RAID” false positive issue
  • IND-345 Zscaler: MAC visualization not showing interfaces names
  • IND-417 Fixed the “parse method should return self.output” error

BlueCat acquires Indeni to boost its industry-leading DNS, DHCP and IP address management platform to help customers proactively assess network health and prevent outages.

Learn More