Extreme Networks Security Analytics Release Notes

Introduction

Extreme Networks Security Analytics V7.7.2.8 provides new features and fixes to known issues.

The 728_QRADAR-QRFULL-20160920132350 fix pack can upgrade ExtremeSecurity V7.7.2.4 (7.2.4.983526) and later to the latest software version. However, this document does not cover all of the installation messages and requirements, such as changes to memory requirements or browser requirements for ExtremeSecurity. To review any additional requirements, see the ExtremeSecurity Upgrade Guide. If you are on a version of ExtremeSecurity earlier than V7.7.2.4 you must upgrade to V7.7.2.4 before proceeding to ExtremeSecurity V7.7.2.8. For more information, see the Software Upgrade Progression technical note.

New features

The following new features and improves are available after installing ExtremeSecurity V7.7.2.8.

X-Force Threat Intelligence feed is now free and included with all QRadar appliances by enabling a system setting.
Administrators can now manage expensive searches by setting resource restrictions on specific users.
Data segregation: Reference sets are now domain aware and the user interface includes a domain setting.
Event and Flow data retention buckets now support tenants.
The offense assignment user interface as been improved and support tenants.
Offense renaming allows offenses to be created with more useful names.
A new DSM Editor provides a user interface to replace writing complex log source extensions for new or unknown data sources.
Delete users from ExtremeSecurity now prompts administrators to reassign any existing content to existing users.
ExtremeSecurity V7.7.2.8 introduces several new and updated API endpoints.
AQL now supports nested queries (sub-queries) in advanced searches, using IN or FROM statements.
Search performance enhancements: Asset query performance and UI wait times significantly improved.
Vulnerability user interface query performance is significantly improved.
Security Master Console now included with ExtremeSecurity . A separate RPM install is no longer required.

For a full list of changes, see What's new in ExtremeSecurity V7.7.2.8.

System requirements

For information about hardware and software compatibility, see the detailed system requirements in the ExtremeSecurity Installation Guide.

Installing ExtremeSecurity

Note

A minimum of ExtremeSecurity V7.7.2.4 is required before upgrading to V7.7.2.8.

For full installation instructions, see the ExtremeSecurity Installation Guide.

Fix list

Number	Description
IV81172	SQL Exception when running Events/Logs reports based on Advanced Search for assets
IV87841	Rule test with multiple reference sets only matches first reference set in test
IV82547	Web application XJAVASCRIPT filtering broken
IV84386	Critsit: Log Activity - UI Exception Popup when mousing over IP addresses
IV88370	Reference Data - Bulk Loading Performance Needs Work
IV84710	Asset screen in UI is slow when the number of assets is moderate to large
IV85584	Rule wizard UI issues
IV79236	CritSit: Cannot access Rule Wizard when navigating to an event through an offense
IV85435	Offense naming not working consistently
IV87029	Index roller bug
IV70567	Autoupdate HTTPS and proxy interception - CONNECT failures by UpdateConfs.pl
IV84567	Offenses Over Time reports can mismatch Offense Screen
IV86839	Filtering in Log Sources while sorted by EPS causes exception
IV82557	NullPointerException in Data Deletion causes user unable to delete rule or custom event property

Known Issues

Issue description	Workaround
When you install Extreme Security Incident Forensics, the Appliance ID 6200 appears as an option. This is reserved for future use.	The software will be available at a future date.

Release Notes for ExtremeSecurity V7.7.2.8