5.5 Release Notes
Build 107 (Dec 19, 2017)
- IS-3045 – Gaia P/S monitoring – switch from “show asset power-supply” to “show sysenv ps”
Build 106 (Nov 16, 2017)
- IK-2825 – improve handling of clish CLINFR error messages
Build 105 (Sept 12, 2017)
- Indeni server – block HTTP access to the web console via port 8080
Build 102 (Sept 1, 2017)
- IK-2822 – CHKP – corrected the R77.30 EOS date from 2017-08-31 to 2019-05-31
- IK-2823 – “Software about to reach end of support” – fix an issue that caused the alert to mishandle the threshold
and left it active after the EOS date passed.
Build 100 (Aug 17, 2017)
- IS-2808 – Indeni – removed weak ciphers supported by Indeni’s web server in order to eliminate the SWEET32 vulnerability.
Build 99 (Jul 11, 2017)
- IK-2762 – CP – Gaia – avoid alerts on non-existing disks that are reported as Missing
Build 92 (Jul 11, 2017)
- IK-2817 – CP – add an alert for the client_auth Kernel Table
Build 91 (Jun 21, 2017)
- IK-2812 – CP 61K – continue to optimize monitoring
Build 89 (Jun 15, 2017)
- IK-2812 – CP 61K – fix parsing error while checking connectivity to ca server
- IK-2813 – CP 61K – replace “vsx stat -l” with “fw vsx stat -l” due to backward comparability issues with R76.40SP
Build 88 (Jun 13, 2017)
- IK-2811 – PAN – add suport for reading packet counter values
- IK-2802 – CP 61K – add suport for 61K VSXs
- IK-2802 – CP 61K – add support for backup using “backup_system backup”
- IK-2810 – CP 61K – increase the minimim threshold for dropped packets
Build 82 (May 26, 2017)
- IK-2790 – Inventory Report – reduce sheets/tabs in order to accommodate large systems
Build 80 (May 9, 2017)
- IK-2804 – increase the heartbeat in order to reduce gaps in Analysis graphs
Build 78 (Apr 24, 2017)
- IK-2800 – Device Configuration Checks were changed to run at 10 minute intervals
- IS-2581 – optimize alert timing in order to allow resource related processes to run more often
Build 76 (Apr 3, 2017)
- IK-2797 – add new compliance checks for specific files on Check Point Gaia devices
- IK-2796 – add support for defining an alerting window for the Identity Awareness alert
- Add support for migration exporter from 5.5 to 5.9
Build 73 (Mar 26, 2017)
- IS-2531 – improve handling of web console re-connection to the server
Build 72 (Mar 21, 2017)
- IK-2790 – remove Network Interface tab from the Inventory report
Build 70 (March 2, 2017)
- IK-2404 – Change from “show asset all” to “show asset power-supply” due to SK115634
- IK-2730 – Change storage mountPoint log from DEBUG to INFO
Build 69 (Feb 27, 2017)
- IK-2779 – Fix issues related to “Some members of the same cluster are not being monitored”
- IK-2787 – Replace Alert Headline “pep_identity_index” with “Identity Awareness user count high”
- IK-2786 – Juniper – add support for JUNOS 15
Build 67 (Feb 19, 2017)
- IK-2783 – Check Point – run DLP command multiple times to avoid stale data
Build 66 (Feb 15, 2017)
- IK-2755 – Check Point – reduce the number of files that we are scanning for the
Check Point Database data
Build 64 (Feb 12, 2017)
- IK-2783 – Check Point – identify if DLP scanning is stuck
- IK-2778 – Check Point – ignore 61K VS’s in known devices
- IK-2781 – Check Point – alert if AD is not responding
- IK-2784 – BlueCoat ProxySG – added rule for new SSL vulnerability
Build 62 (Feb 6, 2017)
- IK-2404 – identify power supply down in Check Point Gaia
- IS-2351 – use Alert’s Severity for Syslog severity field and add log for Syslog messages
- IK-2769 – fix issues with “NTP configured but not operational” alerts
- Acknowledge existing “NTP servers configured but not operational” alerts in order to allow new ones to be created (see above)
- IK-2777 – “Identity Awareness Users” – add alert and analysis graph for pep_identity_index usage
- Added better logging for loading Check Point DB (filter logs for “loadObject”)
Build 58 (Jan 18, 2017)
- IK-2768 – using “cpstat os” for Gaia’s Serial Number and Appliance Model
- IK-2770 – fix Installed Policy information’s display in Inventory Report
- IK-2771 – improve “cphaprob state” parsing for VSX devices
- IK-2765 – handling missing policy on Check Point devices
Build 55 (Dec 5, 2016)
- IK-2760 – removed one Check Point Database table from loading and added logging for database reloads
- IK-2763 – alert if the Check Point “monitord” proces is using a high percentage of CPU
- Change CPDB logger for cluster data to INFO in order to track cluster naming
Build 53 (Nov 19, 2016)
- Lower the Severity of the “Management Server is Unknown” alert
- IK-2760 – stop loading the Check Point firewall rules in order to reduce indeni’s memory usage
- Remove lock on cluster names in order to prevent blocking during Interrogation
Build 49 (Nov 12, 2016)
- IS-2048 – allow weekly schedules to start on the same day that they were defined
- IK-2755 – add support for identifying new checkpoint appliances
- Reduce log based alerts to use just last 10 minutes per alert
- Better handling of association with auto-groups
- IK-2730 – prevent handling subnet mask byte as an IP address
- Remove block on fetching nics in order to prevent deadlock between devices
- IK-2579 – ignore lines in cpmiquery output for CMAs that don’t contain an IP
Build 48 (Oct 31, 2016)
- IK-2753 alert on aggressive aging being enabled in CHKP
Build 47 (Oct 26, 2016)
- IK-2752 split Bluecoat sysinfo retrieval into multiple section
Build 46 (Oct 25, 2016)
- Use aggregation for alert full text search sorting
- IK-2748 add isSlave to Network Interface in order to avoid alerting on bond interface
Build 44 (Oct 18, 2016)
- Increase Bluecoat HTTP timeout to 60 seconds
Build 43 (Oct 10, 2016)
- IS-2014 Fix “leak” in indeni-secure-store and purge stale records to reduce the file size
Build 42 (Oct 5, 2016)
- IK-2719 Add support for wildcard in CP Configuration Check
- IK-2745 Fix to include all of the relevant kernel tables in the Generic Kernel Table limit alert
Build 41 (Sep 27, 2016)
- IK-2741 alert if tcpdump is on for CHKP devices.
Build 40 (Sep 26, 2016)
- IK-2514 moved “show configuration” backup out of SPLAT backup
- Add time window for indeni’s own Heap memory alert
Build 39 (Sep 19, 2016)
- IK-2738 Procurement Report empty due to wrong limit in query
Build 38 (Sep 15, 2016)
- IK-2718 Configuration Lines Config Check – FP for lines that contain special characters
Build 37 (Sep 12, 2016)
- IK-2733 – Remove the generic “Health Check Status” health check for Blue Coat devices
Build 35 (Sep 4, 2016)
- Enhance wording of license use description to specific standard and
- Enhance log for measurements used by Inventory
- IK-2729 Fixed the Actual Config and Inventory Report presentation for 61K
- IK-1910 – added debug for IPSO negative OS memory
- IK-2413 – “No Sync interface” FP – add debug lines
Build 32 (Aug 29, 2016)
- IK-2722 switched to use asg hw_monitor for 61k hardware component
- indeni License alert – add device types text to the “There are currently” string
- IS-1963 Include 2 special licenses in the trial license
- IK-2725 Resolved handling of process name in IPSO
Build 31 (Aug 22, 2016)
- IK-2621 Switched to cons25 as the default terminal in order to enhance IPSO compatibility
Build 29 (Aug 14, 2016)
- IK-2686 added rule for identifying 61K chassis going down
- IK-2713 Added support for VS utilization without resctrl
- IK-2714 Added free and used bytes to OsMemory2 and its presenter.
- IK-2720 Added ARP failure identification for Blue Coat
- IK-2715 Enable TLS 1.2 for all Spray HTTP clients
- IK-2665 Resurrect NIC failure process
Build 28 (Aug 7, 2016)
- PAN SWAP tracking: only if the swap memory is above 128mb (to avoid FPs)
- Log Alerts – change “negationPatterns” from “policy” to “[Pp]olicy” in order to reduce FPs
- IK-2708 – Fix NIC inserts into measurement collection
Build 27 (Jul 29, 2016)
- Static routes support for PAN
Build 26 (Jul 29, 2016)
- Added support for “Incomplete” in the ARP dumping for Cisco IOS
- Added support for identifying incomplete ARP entries in PAN-OS
Build 24 (Jul 26, 2016)
- IK-2701 Using cmpiquery to identify the CMAs in the database
- IK-2704 Added use of installed_jumbo_take where supported for CHKP
Build 23 (Jul 21, 2016)
- Rotate collector log file
- IK-2681 Make F2C a standard automation policy item so we can change its
Build 22 (Jul 18, 2016)
- Log collector command failures
- Fetch kernel params every 10 minutes
Build 20 (Jul 13, 2016)
- IK-2673 Add a critical alert when the heap utilization of indeni reaches
- IK-2669 Added CP61k-specific log line alert
- IK-2679 Fix parsing of 10G speed
- Added Blue Coat version identification and an alert for a specific issue
- IK-2578 Implemented the retrieval of static routes on Gaia via clish
Build 18 (Jul 1, 2016)
- Upgraded the severity of some important BlueCoat logs.
- Fix incorrect parsing of DNS Server health metrics and memory usage.
Build 17 (Jun 30, 2016)
- IK-2670 change BC client to support chunked responses.
Build 16 (Jun 29, 2016)
- IK-2663 Adding profile item for checking for specific lines in Gaia’s
- IS-1920 Introduce a separate thread-pool for SSH operations
Build 14 (Jun 28, 2016)
- IK-2663 Adding profile item for checking for specific lines in Gaia’s
- IK-2635 use cat instead of scp to fetch resolv.conf file for DNS parsing
Build 12 (Jun 22, 2016)
- Increased threshold of new Zombie and Load Average alerts to reduce FPs
Build 11 (Jun 22, 2016)
- IK-2633 Stop fetching Uptime when interrogating
Build 10 (Jun 21, 2016)
- IK-2381 Now alerting for 10mbps and SEPARATELY for half duplex.
- IK-2628 Added an ability to alert when uptime is higher than a certain value
- Added alert for high number of zombie processes and high load average
Build 9 (Jun 20, 2016)
- IK-2614 Send syslog when creating a new F2C alert
- IK-2593 cache license reading from securestore. No need to read it every hour
Build 3 (Jun 19, 2016)
- Support port ranges for the OpenPorts device profile
- Added version identification (check point firewall version) to IPSO
- Added check for logical drives on Fujitsu iRMC
- Added power supplies, fans and logical drives for Fujitsu iRMC
- IK-2625 avoid logging ERRORs if we cannot find the virtual memory
- IK-2598 Ignore error for substring issue in ipsctl
- IS-1806 Removed /home and /usr/local/bin from the Check Point backup
- IK-2622 Added OsVersion to inventory report