FireSIGHT System User Agent Version 2.2 Release Notes
Available Languages
Table of Contents
Major Changes in Previous Releases
Issues Resolved in Version 2.2
Issues Resolved in Previous Releases
User Agent Release Notes
First Published: December 17, 2014
Last Updated: September 17, 2014
These release notes are valid for Version 2.2 of the User Agent. For more information, see the following sections:
- Major Changes in Version 2.2
- Major Changes in Previous Releases
- Issues Resolved in Version 2.2
- Known Issues
- Issues Resolved in Previous Releases
- Assistance
Note
Due to a branding transition, you will see references to both Sourcefire and Cisco in the product interface and the documentation.
Major Changes in Version 2.2
If you are upgrading your User Agent to Version 2.2, please note the following changes:
- When you remove Version 2.0 to Version 2.1.1 of the agent, you must back up the database to preserve your configuration settings. See Backing Up User Agent Configurations in the User Agent Configuration Guide for more information.
However, Version 2.2 of the agent preserves configuration settings for future upgrades automatically. If you uninstall and reinstall Version 2.2 of the agent, you do not need to manually back up the database.
- The agent can detect logins to a configured Active Directory server. When configuring the connection, select an IP address from the Local Login IP Address field.
- Configured Active Directory server connections support user passwords of up to 64 characters.
- The agent now supports an Active Directory Server Max Poll Length of 1 minute and 5 minutes. The shorter maximum poll lengths can improve real-time monitoring performance and logout detection
Major Changes in Previous Releases
Previously introduced major changes are listed by version.
Version 2.1.1
- Polling intervals longer than one minute now retrieve user activity data in smaller increments to reduce the amount of data retrieved in each poll.
- The user agent now notifies you about unsaved changes if you select a polling length from the Active Directory Server Max Poll Length drop-down list or enable the Show Debug Messages in Log option.
- The user agent now fully supports systems using the international date format
dd/mm/yyyy.Version 2.1
Modified the following system requirements:
- Before installing an agent, you must install Microsoft SQL Server Compact (SQL CE) Version 3.5 in addition to Microsoft .NET Framework Version 4.0 Client Profile.
- You can install an agent on systems running Microsoft Windows Vista, Microsoft Windows 8, Microsoft Windows Server 2003, or Microsoft Windows Server 2012, in addition to Microsoft Windows 7 and Microsoft Windows Server 2008.
Improved user activity data collection:
- Added support for an agent retrieving real-time login data from an Active Directory server running Windows Server 2008 or Windows Server 2012.
- Added support for detecting IPv6 address login and logoff data and reporting it to Version 5.2+ Defense Centers.
- Added support for detecting logoff data and reporting that data to Version 5.2+ Defense Centers. The agent detects logoffs when a user previously mapped to an IP address is no longer mapped to an IP address.
Added support for an agent reporting the following to Defense Centers:
- The agent detects whether a Defense Center is running Version 5.0.x or Version 5.1+ and sends login information in the appropriate format.
- The agent reports user names ending in the dollar sign character (
$) as “machine” when reporting to Version 5.1+ Defense Centers.Changed the following in the user interface:
- You can start and stop the agent service in the General tab and view the service status, configure how often the agent checks for logoff data, and set a scheduling priority. You can no longer configure the DC polling interval, as the agent now reports login information to Defense Centers as soon as it is available.
- You can configure the agent to retrieve login data from Active Directory servers real-time when adding an Active Directory server to the Active Directory Servers tab, as well as configure a polling interval and maximum poll length. You can view the Active Directory server status, the last reported login, and whether the agent is retrieving real-time login data from the Active Directory server.
- You can view a Defense Center’s status in the Sourcefire DCs tab.
- You can exclude up to 500 user names from being reported to Defense Centers when the agent retrieves login data from Active Directory servers in the new Excluded Usernames tab. You can export and import lists of user names to comma-separated value files.
- You can exclude up to 100 IP addresses from being reported to Defense Centers when the agent retrieves login data from Active Directory servers in the new Excluded Addresses tab. You can export and import lists of IP addresses to comma-separated value files.
- You can configure logging to the Windows application logs and export the local event logs to a comma-separated value file in the new Logs tab. You can view the local event log status and debug messages, along with severity level.
- With guidance from Support, you can perform various maintenance-related actions in the new Maintenance tab.
Known Issues
The following known issue is reported in Version 2.2:
- If you use the
dd/mm/yyyydate format on your Microsoft Active Directory (AD) server, the system sets the Active Directory server status topendingand fails to generate events. As a workaround, use themm/dd/yyyyformat on your AD server. (137315)The following known issues were reported in a previous version:
- Do not configure a Windows default display text size greater than 100%; this may cause portions of the user interface to be inaccessible. (120593)
- If the agent is behind a NAT router and the Defense Center is not, the agent will not report user activity to the Defense Center. As a workaround, configure two agents on your Defense Center. Include the NAT router IP address for one agent configuration, and the IP address for the host where the agent is installed for the other. Note that you will experience issues with health monitoring as a result of this workaround. (122883)
- You must complete a backup of the database to retain configuration settings from a previous version of the User Agent. For more information, see Backing Up User Agent Configurations in the Version 2.2 User Agent Configuration Guide . (130082)
Issues Resolved in Previous Releases
Previously resolved issues are listed by version.
2.1.1
- Resolved an issue where the user agent did not notify you about unsaved changes after you selected a polling length from the Active Directory Server Max Poll Length drop-down list or enabled the Show Debug Messages in Log option. (124675)
- Improved the performance and stability of the user agent. Polling intervals longer than one minute now retrieve user activity data in smaller increments to reduce the amount of data retrieved in each poll. (124770)
- Improved user agent stability when communicating with the local database. (127506)
- Resolved an issue where the user agent did not function as expected on systems using the international date format
dd/mm/yyyy. (127722)Assistance
Thank you for choosing the FireSIGHT System.
If you are a new customer, please visit https://support.sourcefire.com/ to download the Sourcefire Support Welcome Kit, a document to help you get started with Sourcefire Support and set up your Customer Center account.
If you have any questions, want to download updated documentation, or require assistance with the Sourcefire Defense Center or managed devices, please contact Sourcefire Support:
- Visit the Sourcefire Support site at https://support.sourcefire.com/ .
- Email Sourcefire Support at support@sourcefire.com .
- Call Sourcefire Support at 410.423.1901 or 1.800.917.4134.
For information on obtaining documentation, using the Cisco Bug Search Tool (BST), submitting a service request, and gathering additional information about Cisco ASA devices, see What’s New in Cisco Product Documentation at: http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html .
Subscribe to What’s New in Cisco Product Documentation , which lists all new and revised Cisco technical documentation, as an RSS feed and deliver content directly to your desktop using a reader application. The RSS feeds are a free service.
If you have any questions or require assistance with Cisco ASA devices, please contact Cisco Support:
- Visit the Cisco Support site at http://support.cisco.com/ .
- Email Cisco Support at tac@cisco.com .
- Call Cisco Support at 1.408.526.7209 or 1.800.553.2447.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.
FeedbackContact Cisco
- Open a Support Case
- (Requires a Cisco Service Contract)