530-025618-01
12
STRM Release Notes
Offense Manager
An IP Address Previously Identified as a Remote Attacker Can Not Be
Created as an Offense When Creating a New Network
Even if your network hierarchy is not defined, STRM can start generating offenses.
However, STRM records all generated offenses as remote offenses since no local
systems are defined in your network hierarchy. If this occurs, any IP address that
has been previously defined as a remote attacker can not be created as an offense
when defining your network.
Workaround
: You must restart the Event Correlation System (ECS). From the
command prompt, type
service ecs restart
. Also, make sure your network
hierarchy is defined.
Overlapping CIDR(s) in Network Hierarchy Configuration Allows Users to
View Assets to Which They Have No Access
If your network hierarchy configuration includes overlapping CIDR ranges, a STRM
non-administrative user is able to view assets for which they have no access. They
can view a list of the restricted assets by clicking
Search
or
Show All
in the Asset
Profile window of the Offense Manager. However, an error appears if the user
attempts the edit the asset or view detailed information.
Workaround
: None.
Viewing a List of Attackers May Display Blank Pages
The Offense Manager allows you to view a list of attackers for a network. If your
system includes closed offenses that have been removed from the database, the
list of attackers may not return the same number of results as the attacker count. If
the list of attacker results are returned over multiple pages, there may be several
blank pages at the end of the results. All results are included in the output.
Workaround
: Click on the previous page to view information.
Event Viewer
Events Are Marked "Unknown" in Event Viewer
Events that arrive from a device that has not yet been auto-discovered are marked
"Unknown." This is normal behavior.
Workaround
: Wait for auto-discovery to detect the device.
Event Viewer Does not Respond to Searches
After a configuration change, the event query service process restarts and may be
temporarily unable to process event searches.
Workaround
: Wait between 2 and 3 minutes for the Event Viewer to finish
restarting. Then try your search again.
Accessing Right-Click Menu in Event Viewer Causes Java Error
Using the right mouse button (right click) in the Event Viewer allows you to access
additional menu options. If pop-ups are disabled in your web browser, a Java error
occurs.
Workaround
: Enable pop-ups in your web browser.
