Extreme Networks Security Analytics Release Notes

Extreme Networks is pleased to introduce the ExtremeSecurity V7.7.2.8 Patch 11.

Note

We recommend that you review this document prior to installing or upgrading this product.

About this Patch

ExtremeSecurity V7.7.2.8 Patch 11 is released and resolves field issues reported from users and administrators. An additional security bulletin was added to this release note on December 4th, 2017.

Before installing this update, there are several important changes that administrators should be aware of if they did not install a previous ExtremeSecurity release (V7.7.2.8 Patch 7, Patch 8, or Patch 9). This message was included in the V7.7.2.8 Patch 10 release notes for visibility:

TLSv1 is disabled in ExtremeSecurity V7.7.2.8 Patch 7 and later. This change was originally completed in ExtremeSecurity V7.7.3.0 and has been ported to the ExtremeSecurity V7.7.2.8 software stream as of V7.7.2.8 Patch 7. This means that Tomcat will no longer listen and actively refuse browser connections using TLSv1.0 after updating to ExtremeSecurity V7.7.2.8 Patch 10. Browsers will be required to use TLSv1.1 or TLSv1.2 to authenticate to ExtremeSecurity SIEM. This should only impact users with older or legacy browsers.
The installation of ExtremeSecurity V7.7.2.8 Patch 10 and later updates the Java version to Java 8. This change was released as part of V7.7.2.8 Patch 7, but is also being noted for administrators in the release notes for V7.7.2.8 Patch 10 to ensure this change is communicated.
The Master Console v0.10.0 or v0.11.0 is not supported on ExtremeSecurity V7.7.2.8 Patch 7 or later, including V7.7.2.8 Patch 10 due to changes made with Java 8 and TLSv1.0 connections as described above. Administrators who require the Master Console should not upgrade to a version above ExtremeSecurity V7.7.2.8 Patch 6.
Administrators with managed WinCollect agents at version V7.7.2.3 or earlier can be impacted by disabled ciphers in ExtremeSecurity V7.7.2.8 Patch 7 and later. It is recommended that administrators with managed WinCollect agents upgrade to the latest WinCollect agent version. Administrators who have upgraded to WinCollect V7.7.2.4 or later are not impacted by this issue and administrators with Stand-alone WinCollect agents are also not impacted.

Fix packs are cumulative software updates to fix known software issues in your ExtremeSecurity deployment. ExtremeSecurity fix packs are installed by using an SFS file. The fix pack can update all appliances attached to the ExtremeSecurity Console. If your deployment is installed with any of the following ExtremeSecurity versions, you can install fix pack 7.2.8-QRADAR-QRSIEM-20171213225424 to upgrade to ExtremeSecurity V7.7.2.8 Patch 11:

Current ExtremeSecurity Version	Upgrades to ExtremeSecurity V7.7.2.8 Patch 10?
ExtremeSecurity V7.7.2.3 (any patch level) or earlier	No, a minimum of ExtremeSecurity V7.7.2.4 is required.
ExtremeSecurity V7.7.2.4 (any patch level)	Yes
ExtremeSecurity V7.7.2.5 (any patch level)	Yes
ExtremeSecurity V7.7.2.6 (any patch level)	Yes
ExtremeSecurity V7.7.2.7 (any patch level)	Yes
ExtremeSecurity V7.7.2.8 (any patch level)	Yes

The 7.2.8-QRADAR-QRSIEM-20171213225424 fix pack can upgrade ExtremeSecurity V7.7.2.4 (7.2.4.983526) and later to the latest software version. However, this document does not cover all of the installation messages and requirements, such as changes to memory requirements or browser requirements for QRadar. To review any additional requirements, see the ExtremeSecurity Upgrade Guide. If you are on a version of ExtremeSecurity earlier than ExtremeSecurity V7.7.2.4, you must upgrade to ExtremeSecurity V7.7.2.4 before proceeding to ExtremeSecurity V7.7.2.8.

Important

A ExtremeSecurity V7.7.2.8 ISO is available on IBM Fix Central for administrators to want to install a new appliance or virtual machine. Administrators who want to complete a new install need to review the ExtremeSecurity Installation Guide.

Resolved Issues

Note

Legend: ** characters are displayed next to an APAR indicate that this issue was discovered in another software version, such as ExtremeSecurity V7.7.3.0 and a fix was created to resolve this issue in V7.7.2.8 Patch 10. Some APAR links in the table below might take 24 hours to display properly after a software release.

Issues resolved in ExtremeSecurity V7.7.2.8 Patch 11

Product	Component	Number	Description
EXTREMESECURITY	LOG SOURCES	IV99511**	LOG SOURCE GROUP WINDOW CAN SOMETIMES FAIL TO LOAD WHEN GREATER THAN 1000 LOG SOURCES EXIST IN A GROUP
QRADAR VULNERABILITY MANAGER	SCAN POLICY	IV98930	'FAILED TO LOAD DATA' MESSAGE WHEN TRYING TO ADD NEW VULNERABILITIES INTO A PATCH SCAN POLICY
EXTREMESECURITY	DASHBOARDS	IV98873**	THE MESSAGE 'THERE WAS AN ERROR DOWNLOADING THIS ITEM' CAN SOMETIMES BE DISPLAYED IN A DASHBOARD WIDGET
EXTREMESECURITY	APPLICATIONS	IV98744	HOSTCONTEXT OUT OF MEMORY INSTANCES CAN SOMETIMES OCCUR DURING BACKUP OF EXTREMESECURITY APPS
EXTREMESECURITY	LOG SOURCES	IV98493	BULK ADD/EDIT OF MORE THAN 100 LOG SOURCES CAN FAIL
EXTREMESECURITY	LOG SOURCES	IV98436	UNABLE TO PERFORM A BULK ADD OF LOG SOURCES
EXTREMESECURITY	API	IV98260	COMMA'S ARE TREATED AS "OR" IN QUICK FILTER SEARCHES CAUSING VARIED SEARCH RESULTS
EXTREMESECURITY	SEARCHES	IV98190	'FAILED TO LOAD DATA' MESSAGE WHEN TRYING TO ADD NEW VULNERABILITIES INTO A PATCH SCAN POLICY
EXTREMESECURITY	SEARCHES	IV98100	ADDING A REGEX FILTER TO A SEARCH CAN GENERATE ERROR 'FATAL EXCEPTION IN VALIDATIONEXCEPTION: THIS IS NOT A VALID...'
EXTREMESECURITY	LOG SOURCE EXTENSIONS	IV97847	LOG SOURCE EXTENSIONS CAN EXPERIENCE SINGLE-DIGIT DATE PARSING ISSUES
EXTREMESECURITY VULNERABILITY MANAGER	VULNERABILITY ASSIGNMENT	IV97523	UNABLE TO ADD NEW CIDR RANGES IN VULNERABILITY ASSIGNMENT SCREEN
EXTREMESECURITY	SEARCHES	IV97151**	'THE SERVER ENCOUNTERED AN ERROR READING ONE OR MORE FILES' WHEN PERFORMING A LOG ACTIVITY SEARCH
EXTREMESECURITY	DOCKER	IV95751**	'THE SERVER ENCOUNTERED AN ERROR READING ONE OR MORE FILES' WHEN PERFORMING A LOG ACTIVITY SEARCH
EXTREMESECURITY	REPORTS	IV95248**	'THE SERVER ENCOUNTERED AN ERROR READING ONE OR MORE FILES' WHEN PERFORMING A LOG ACTIVITY SEARCH
EXTREMESECURITY	PATCH	IV93699	PATCH TO 7.2 MR1 HANGS ON REBOOT IF A NEW SESSION IS OPENED PRIOR TO REBOOTING
EXTREMESECURITY	OFFENSES	IV91301**	'OFFENSE SEARCH EXCLUSION FILTERS CONTAINING A DEFINED NETWORK HIERARCHY PARAMETER DO NOT RESPECT THE EXCLUSION
EXTREMESECURITY	CUSTOM RULES ENGINE	IV85841	EXTREMESECURITY SYSTEM DEGRADATION AND/OR DROPPED EVENTS CAN CAUSED BY SOME VULNERABILITY CRE TESTS
EXTREMESECURITY RISK MANAGER	GRAPHS	IV87193	THE QRM 'DOWNLOAD IMAGE' BUTTON GENERATES ERROR 'THE GRAPH WAS TOO LARGE TO DOWNLOAD.' INCORRECTLY
EXTREMESECURITY	DEPLOYMENT ACTIONS	IV78428	ADDING OR RE-ADDING A EXTREMESECURITY MANAGED HOST CAN SOMETIMES FAIL
EXTREMESECURITY VULNERABILITY MANAGER	VULNERABILITIES	IJ02090**	NEWLY CONFIGURED VULNERABILITY EXCEPTIONS CAN SOMETIMES BE DUPLICATED
EXTREMESECURITY	USER ROLES	IJ01112	NON ADMIN USERS WITH LIMITED USER ROLES MAY NOT BE ABLE TO FILTER BY CATAGTORIES
EXTREMESECURITY	CUSTOM EVENT PROPERTIES	IJ00489	COMMAS ARE SWITCHED TO 'OR' WHEN MULTIPLE CUSTOM EVENT PROPERTIES ARE CONTAINED IN A SEARCH
EXTREMESECURITY	USER INTERFACE	IJ00416	LOG AND NETWORK ACTIVITY EXPORTS TO CSV DISPLAY INCORRECT COLUMN NAMES
EXTREMESECURITY	AQL	IJ00327	AQL SEARCH WITH 'REFERENCESETCONTAINS' CAN FILL QRADAR LOGS WITH "THE USERSESSION OBJECT IN SESSIONCONTEXT IS NULL...
EXTREMESECURITY	DATA NODES	IJ00141**	DISK MAINTENANCE DELETES /STORE/ARIEL/FLOWS (RECORDS AND PAYLOADS) DIRECTORY ON DATANODES THAT RECEIVE EVENTS ONLY
EXTREMESECURITY	REPORTS	IJ00069**	'ERROR GENERATING SQL CHART' WHEN RUNNING A REPORT WITH "TIME" SET AS THE HORIZONTAL X-AXIS
EXTREMESECURITY	AQL	IJ00066	TABLE REPORTS USING ACCUMULATED AQL DATA DISPLAY INCORRECT COLUMNS
EXTREMESECURITY VULNERABILITY MANAGER	SCANNERS	IJ00034	VULNERABILITY DMZ EXTERNAL SCAN USING AUTHENTICATED PROXY OPTIONS DOES NOT WORK AS EXPECTED

Release Notes for ExtremeSecurity V7.7.2.8 Patch 11

About this Patch

Resolved Issues