What’s new in Release 4.4.3
This release contains the following bug fixes and enhancements.
| Bug
ID |
Severity | Component | Description |
| 13806 | Major | Performance
Monitoring |
Server restart detection based on up time does not always work correctly in one case – if the server was in maintenance mode and this is the first time after maintenance and there was a server restart during maintenance. |
| 14527 | Major | App Server | Newly created Blocked IP and Domain groups can not be always downloaded correctly by the back end modules because the name in malware value group is incorrectly replaced by natural Id |
| 14565 | Major | App Server | Adding an Incident related report to Business Service Dashboard can cause the Dashboard to not show results |
| 14650 | Major | App Server | Upgrade from 4.4.1 to 4.4.2 may lead to duplicate Windows Servers in CMDB. In 4.4.2, hardware serial number is added to Windows server from Bios discovery via WMI. If a windows server existed in CMDB before 4.4.2, rediscovery in 4.4.2 would create a new windows server in CMDB with hardware serial number. The two windows servers one without hardware serial number and one with, would nor be merged. Workaround in 4.4.2 would be to delete the Windows server without hardware serial number. |
| 14652 | Major | App Server | Some rules created before 4.4.2 does not work after upgrade. The rule caching optimization introduced in 4.4.2 has a bug which ignores some rules with empty created date values. Workaround in 4.4.2 would be to disable and then re-enable the rule. |
| 14705 | Major | App Server | User edits to interface speeds are overwritten by Discovery. This bug was introduced when we added two fields – sent speed and receive speed to replace the single interface speed |
| 14726 | Major | App Server | Custom properties (such as global CPU utilization thresholds, per-device CPU utilization thresholds) are lost after upgrade |
| 14201 | Normal | Parser | Drop IPv6 net flow records if IPv6 and IPv4 records are mixed in received Netflow records – since we do not currently handle IPv6 records and they take up lots of storage space |
| 14476 | Normal | System | Disable rate limit on rsyslog – this would ensure that all internal logs would be accurately received by the system |
| 14477 | Normal | Performance
Monitoring |
Performance Monitor module crashes sometime due to memory corruption |
| 14528 | Normal | App Server | Blocked Domain and IP fields can not be downloaded if a field contains double quote in a field |
| 14666 | Normal | Performance
Monitoring |
The character \” in raw message causes custom WMI based performance monitor to have errors |
| 14690 | Normal | Data | The “A system User Created” rule in incorrectly categorized as a Availability rule |
| 14700 | Normal | Data
Manager |
Do not abort when DataManager module fails to create directories in NFS. Create a log
PH_UNABLE_CREATE_DIR_1. The rule “System Critical: DataManager event store failed” would trigger. |
| 14724 | Normal | Report
Worker |
In the Summary dashboard, the display of Availability Status column depends on the display of Ping Packet Loss column. So if the Ping Packet Loss column is removed, then the Availability Status column is also not displayed. |
| 14395 | Enhancement | System | Optimize the number of value group requests from back end modules to Application Server by caching – this would reduce the load on the Application Server specially when there are lots of value groups resulting from large number of organizations, business services or large number pf CMDB Objects used in rules and reports |
| 14567 | Enhancement | System | Beaconing – report Unknown Event Types as aggregates – not the raw events themselves |
| 14584 | Enhancement | Discovery,
Performance Monitoring |
Add discovery and Performance Monitoring for Cisco FirePower IPS module |
| 14688 | Enhancement | Discovery,
Performance Monitoring |
Add discovery and Performance Monitoring for Dell NSeries 4xxx switches |
| 14691 | Enhancement | Discovery,
Performance Monitoring |
Add discovery and Performance Monitoring for H3C Comware |
| 14684 | Enhancement | App Server | Bound the number of API downloaded Threat feed entries in the AccelOps CMDB – by default we never keep more than 100K active entries per threat feed group in AccelOps CMDB by default. This number can be increased or decreased by the user at their own risk. Since there is not guarantee on the quality and number of items in the external threat database, a sudden surge of downloaded entries can have detrimental effect on AccelOps system performance. |
| 14720 | Enhancement | Data | Parse a new format of Bit9 syslog |
| 14651 | Enhancement | Data | Parse Dell NSeries syslog |
| 14671 | Enhancement | Data | Squid Parser needs enhancements for RHEL 7 and squid 3.3 |
| 14694 | Enhancement | Data | AccelOps Windows Agent generated DHCP logs must also populated Identity location table |
| 14699 | Enhancement | Data | Add 11 more Windows Security event types |