Table Of Contents
Release Notes for Cisco Security MARS Appliance 5.3.2
Introduction
Supported Hardware
New Features
Wireless LAN Controller Support
Miscellaneous Changes and Enhancements
New Vendor Signatures
Upgrade Instructions
Important Upgrade Notes
General Notes
Upgrade to 5.3.2
Upgrade to 5.3.1
Upgrade to 5.2.8
Upgrade to 5.2.7
Required Upgrade Path
Documentation Errata
Important Notes
Caveats
Open Caveats - Release 5.3.2
Resolved Caveats - Release 5.3.2
Resolved Caveats - Releases Prior to 5.3.2
Product Documentation
Obtaining Documentation, Obtaining Support, and Security Guidelines
Release Notes for Cisco Security MARS Appliance 5.3.2
Revised: November 7, 2008, OL-15308-01
Note 
We sometimes update the printed and electronic documentation after original publication. Therefore, you should also review the documentation on Cisco.com for any updates.
These release notes are for use with the Cisco Security Monitoring, Analysis, and Response System (MARS), Version 5.3.2 running on any supported Local Controller or Global Controller as defined in Supported Hardware. They provide the following information:
•Introduction
•Supported Hardware
•New Features
•Upgrade Instructions
•Documentation Errata
•Important Notes
•Caveats
•Product Documentation
•Obtaining Documentation, Obtaining Support, and Security Guidelines
Introduction
Version 5.3.2 is now available as an upgrade of 5.3.1 of your software release in support of the second generation MARS Appliance models as identified in Supported Hardware.
Caution Do not attempt to apply 5.3.x versions to MARS 20, 20R, 50, 100, 100e, 200, GC, or GCR models. It is supported exclusively by the models listed in
Supported Hardware.
Registered SMARTnet users under the can obtain version 5.3.2 from the Cisco support website at:
http://www.cisco.com/pcgi-bin/tablebuild.pl/cs-mars
Supported Hardware
Cisco Security MARS Version 5.3.2 supports the following Cisco Security MARS Appliance models:
Local Controller Appliances
•Cisco Security MARS 25R (CS-MARS-25R-K9)
•Cisco Security MARS 25 (CS-MARS-25-K9)
•Cisco Security MARS 55 (CS-MARS-55-K9)
•Cisco Security MARS 110R (CS-MARS-110R-K9)
•Cisco Security MARS 110 (CS-MARS-110-K9)
•Cisco Security MARS 210 (CS-MARS-210-K9)
Global Controller Appliances
•Cisco Security MARS GC2R (CS-MARS-GC2R-K9)
•Cisco Security MARS GC2 (CS-MARS-GC2-K9)
New Features
In addition to resolved caveats, this release includes the following new features:
•Wireless LAN Controller Support
•Miscellaneous Changes and Enhancements
•New Vendor Signatures
Wireless LAN Controller Support
Cisco Secure MARS 5.3. x supports the collection, parsing, and analysis of SNMP security traps generated by Cisco Wireless Controller, version 4.x. devices. In addition, MARS includes this event data in new and existing reports and rules. Support for Cisco Wireless Access Points is enabled via Cisco Wireless LAN Controller, v. 4.1.171.0, which forwards SNMP traps to the MARS Appliance for processing. See important note in Upgrade to 5.3.2.
Miscellaneous Changes and Enhancements
The following changes and enhancements exist in 5.3.2:
•New Activate Button and Activation Scheduler
The Activate button now turns red when a configuration change requires activation. Previously, there was no change in the color of the button. Additionally, a scheduler daemon can be configured from the GUI to automatically execute activations. Further information on the activate button and scheduling daemon are available at the following URL:
http://www.cisco.com/en/US/docs/security/security_management/cs-mars/5.3/user/guide/local_controller/netsum.html#wp1062605
•Support for Custom Signature Definitions in Cisco IPS. Cisco IPS 6.0 enables you to define custom signatures for Cisco IPS devices. In 5.3.2, you can map that signature to a MARS event type so that an inspection rule in MARS fires when that signature is detected. To do so, you must define an XML file that maps between the custom signature and the event type in MARS as well as manually update the Local Controller from the Admin > System Setup > IPS Signature Dynamic Update Settings page.
•Global Controller-to-Local Controller Communication Enhancements. Enhancements include the following:
–Topology-sync performance improvement
–Report Results performance
–Incidents/Firing Events performance
•Enhanced Cisco Device Support:
–IOS 12.3, 12.4(11) T-T4
–PIX and ASA 7.0.7, 7.2.2, 7.2.3, and 8.0.
–Cisco IPS 6.0 (IDSM/2, IPS 4270, and ASA-IPS SSM 10/20 support)
–FWSM 3.1.4, 3.1.6, and 3.2
•Enhanced 3rd-Party Device Support.
–Juniper IDP 3.x via IDP management server (3.0, 3.1)1
–Juniper IDP 4.x via NSM (4.0, 4.1)2
–Symantec AntiVirus 10.x (10.1, 10.2)
•Update to intrusion prevention, and intrusion detection, and vulnerability assessment signature sets. This release includes new vendor signatures, updating the 3rd-party signature support. For more information on the updates, see New Vendor Signatures
•Bug fixes. For the list of resolved issues, see Resolved Caveats - Release 5.3.2.
New Vendor Signatures
The following table describes the most recent signatures supported for each product or technology:
Revised in 5.3.2
|
Product
|
Signature Version Supported
|
Intrusion Prevention and Detection Signatures
|
Yes
|
Cisco IDS 4.0,
Cisco IPS 5.x,
Cisco IOS 12.2
|
Current through S304 signature release.
|
Yes
|
Snort NIDS 2.6.1
|
Current through the September 4, 2007 signature release
Latest signature mapped: 12360.
|
Yes
|
ISS RealSecure Network Sensor 6.5 and 7.0, and ISS RealSecure Server Sensor 6.5 and 7.0
|
XPU 27.090
Release date: October 9, 2007
|
No
|
McAfee IntruShield NIDS 1.8
McAfee Network Intruvert v 2.1.9.104
|
2.1.68.5
Release date: June 12, 2007
|
No
|
McAfee Entercept HIDS 6.x
|
Current through the August 21, 2007 signature release.
|
No
|
CheckPoint Application Intelligence
(VPN-1 NG with Application Intelligence R55)
|
Current through the September 6, 2007 signature release
|
No
|
Netscreen IDP 2.1
|
Signature version: 2.1 r7.
Release date: March 10, 2007
|
Yes
|
Enterasys Dragon 6.x, 7.x
|
Current through the October 12, 2007 signature release.
|
Yes
|
Symantec NIDS, v 4.0
|
Signature package: 88
Release date: October 7, 2007
|
No. EOS.
|
Symantec Manhunt 3.x
(See Symantec NIDS, v 4.0.)
|
3.4.3 Update 59
Current through the May 24, 2007 signature release.
|
Vulnerability Scanner Signatures
|
Yes
|
Qualys QualysGuard 3.x, 4.7.161-1
|
Current through the October 16, 2007 signature release.
|
Yes
|
E-Eye, Retina Scanner Vulnerability Software, version 5.61
|
Current through the October 15, 2007 signature release.
|
Yes
|
Foundstone, version 4.x
|
Current through the October 15, 2007 signature release.
|
Yes
|
Common Vulnerabilities and Exposures (CVE) Database
|
Current with the October 15, 2007 definition update.
|
Upgrade Instructions
The MARS upgrade packages are the primary vehicle for major, minor, and patch software releases. As administrator of the MARS Appliance, you should check the upgrade site regularly for patch upgrades. In addition to addressing high-priority caveats, patch upgrade packages update system inspection rules, event types, and provide the most recent signature support.
For detailed instructions on planning and performing an upgrade or install, refer to Checklist for Upgrading the Appliance Software in the Install and Setup Guide for Cisco Security MARS 5.x.
Important Upgrade Notes
To ensure that the upgrade from earlier versions is trouble free, this section contains the notes provided in previous releases according the release number. Please refer to the notes that pertain to the release you are upgrading from and any releases following that one.
General Notes
The MARS Appliance performs a file system consistency check (fsck) on all disks when either of the following conditions is met:
•If the system has not been rebooted during the past 180 days.
•If the system has been rebooted 30 times.
The fsck operation takes a long time to complete, which can result in significant unplanned downtime when rebooting the system after meeting a condition above. For example, a MARS 50 appliance can take up to 90 minutes to perform the operation.
Upgrade to 5.3.2
The upgrade is from 5.3.1 to 5.3.2. The following important notes exist for this upgrade:
•Release-Note for CSCsk19730/CSCsk12130
If you've edited a system rule on a Global Controller, you may enounter one of two conditions where the rules on the Global Controller are out of sync with those on the Local Controller.
Symptom: The edited rule in the Global Controller disappears from the list of rules on the Local Controller. (CSCsk12130)
Condition: The user edited a rule on the Global Controller and then upgraded to a different version of the MARS system software and then added of a new Local Controller to the Global Controller.
Symptom: A rule that was edited in the Global Controller looks as if it is an empty rule in the Local Controller and be inactive. (CSCsk19730)
Condition: This occurs under in some cases where a Local Controller is added to a newly upgraded Global Controller.
Work Arounds: If the Local Controller is deleted from and re-added to the Global Controller under x.3.2, the issue should resolve itself. However, in conditions with a large topology or many custom rules, we recommend contacting technical support for a work around that avoids the need to delete and re-add the Local Controller.
Another possible work around if the number of edited rules are small is to edit and make further changes to the rule and activate. In this case, the issue should be resolved for that rule.
•Upgrade of IOS 12.3 and 12.4 devices. In previous releases, these devices were supported under the IOS 12.2 release when defining the device type in theMARS web interface. After you upgrade to 5.3.2, the next discovery of such a device will automatically upgrade the version to its correct value.
For example, an IOS 12.4 device is added to MARS 5.3.1 as 12.2 and after the upgrade to 5.3.2, when the discovery occurs for that device, the device type is automatically updated to IOS 12.4. The same is true for devices that are running IOS 12.3. However, if you have not enabled device discovery, use the Change Version feature to change between IOS 12.2, 12.3, and 12.4.
•Wireless LAN Controller Support is restricted to the 5.3.x train. To enable support for wireless access points via the Cisco Wireless LAN Controller, you must use the 5.3.2 or later software, which also restricts the appliance models that can be used.
•Juniper/NetScreen IDP 3.x and 4.x Support is incomplete. While device support has been added, the signature/data work portion of these devices will be provided in a future release of MARS software.
•Renaming of QualysGuard 3.x device type. During the upgrade, any QualysGuard devices defined under Security and Monitoring Devices will changed their device type from QualysGuard 3.x to QualysGuard ANY.
Upgrade to 5.3.1
Beginning with the 4.3.1 and 5.3.1 releases, the dynamic IPS signature updates (if enabled) is an aspect of the version of software running on a MARS Appliance. Therefore, in addition to running the same MARS software versions on the Global Controller and Local Controller, the IPS signature version must match or the communications fail.
In a Global Controller-Local Controller deployment, configure the dynamic signature URL and all relevant settings on the Global Controller. When the Global Controller pulls the new signatures from CCO, all managed Local Controllers download the new signatures from the Global Controller.
In addition, CSCsk90015 states that any reporting device representing a Cisco ACS 3.x device that exists prior to the 5.3.1 upgrade is deleted during the upgrade. To resolve the issue after upgrade, you must the remove the reporting device from the host and re-add that device again as Cisco Secure ACS 3.x.
An example process is as follows:
1. Click Admin > Security and Monitor Devices, select the host with Cisco ACS 3.x as a reporting application and click Edit.
2. Select the Reporting Applications tab, and then blank link and click Remove.
3. After removing the blank link, re-add Cisco Secure ACS 3.x application to that host and click Activate.
Upgrade to 5.2.8
The upgrade is from 5.2.7 to 5.2.8. No important notes exist for this release.
Upgrade to 5.2.7
The upgrade is from 5.2.4 to 5.2.7; no 5.2.5 or 5.2.6 releases exist.
Required Upgrade Path
When upgrading from one software version to another, a prerequisite version is always required. This prerequisite version is the minimum level required to be running on the appliance before you can upgrade to the most recent version. Table 1 identifies the upgrade path that you must follow to reach the minimum level required to upgrade to current version.
Table 1 Upgrade Path Matrix
From Version
|
Upgrade To
|
Upgrade Package
|
5.2.4
|
5.2.7
|
csmars-5.2.7.pkg
|
5.2.7
|
5.2.8
|
csmars-5.2.8.pkg
|
5.2.8
|
5.3.1
|
csmars-5.3.1.pkg
|
5.3.1
|
5.3.2
|
csmars-5.3.2.pkg
|
Documentation Errata
•CSCsl14244. User guide does not discuss role of Nessus in the MARS system.
To determine whether specific incidents are false positives, MARS uses Nessus 2.x GPL plug-ins and custom scripts mapped to specific MARS event types. MARS does not use Nessus to perform vulnerability assessments or related reporting.
•CSCsk77546. Discovery Device with SSH 512 module not supported.
The OpenSSH client used by MARS does not support modulus sizes smaller than 768. For example, you cannot discover a device using a SSH login that has 512-byte key.
Important Notes
The following notes apply to the MARS 5.2.4 and later releases:
•To enable monitoring support of Cisco Secure ACS, you must use pnLog Agent version 1.1 or later. Earlier versions of pnLog Agent will not work with the MARS 5.2.4 and later releases.
•Interfaces ethernet3 and ethernet4 are always down.
•USB keyboard does not work while re-imaging with DVD. Use the PS/2 port for keyboard support.
The following notes apply to the MARS 4.x and later releases:
•The performance of the Summary Page degrades when too many reports are added under My Reports. The smaller the number of reports under My Reports, the faster the Summary page loads. To ensure adequate performance, limit the number of reports to 6. This issue is partially described in CSCse18865.
•Do not to use DISTINCT or SAME in queries, and do not run multi-line queries. If you run such a query, the system time outs after 20 minutes without returning any results. The message "Timeout Occurred" appears instead. You can use DISTINCT and SAME in a Query to create a rule with the Query interface.
•For Symantec AntiVirus, the Symantec agent hostname (AV client computer name) appears in the "Reported User" column of the event data. Therefore, you can define a query, report or rule related to this agent based on the "Reported User" value.
•The False Positive and Query pages (multi-column result format) have changed. You can now query on firing events that triggered false positives within a time interval. Such queries will render events that did not appear on the False Positive page. To ensure performance, the False Positive page only displays false positives from the most recent 10,000 firing events. To view additional false positives, you must perform a query.
The following notes describe new behavior based on the resolution of specific caveats. Be sure to check the upgrade notes for each release for important notes on data migration.
Reference Number
|
Description
|
CSCsc50636, CSCsc50652
|
Issues: Backend IPS process runs at 99% CPU when pulling large IP Logs
The backend IPS process reaches 1GB in memory used when pulling IP Logs. The process names depending on the version on MARS that is running:
•In version 4.2.1 and earlier, the process names are pnids50_srv and pnids40_srv.
•In version 4.2.2 and later, the process is named csips.
These related issues, are specific to pulling IP logs from Cisco IDS/ IPS devices. The symptom is that the backend IPS service consumes the system resources on the MARS Appliance. As an improper configuration of the sensor can significantly degrade the sensor performance as well as that of MARS.
Workaround: Ensure that settings for IP log creation on the sensor limit the size of the IP log (in terms of number of bytes or number of packets captured). Also, verify that IP packet logging is enabled only for signatures of interest and not for all signatures.
In addition, the following release-specific maximums are enforced:
•In 4.2.1, a 100 file maximum is enforced for the log file queue when the MARS is configured to pull IP log files. Therefore, it may not pull every IP log file. In addition, the complete IP Log file may not be pulled, instead, data is pulled from the file starting 5 minutes before the alert was generated through the end of the file.
•In 4.2.2, a 1,000 file maximum (up from 100 in 4.2.1) is enforced for the log file queue when the MARS is configured to pull IP log files. The complete IP Log file may not be pulled, instead, data is pulled from the file starting 1 minute (down from 5 minutes in 4.2.1) before the alert was generated through the end of the file. And last, 100KB is the maximum IP log size that can be pulled from a MARS Appliance.
|
CSCpn02175
|
Issue: Data computed or stored on a standalone MARS while in standalone mode will not be transferred to a Global Controller. Only data computed on an Local Controller that is currently monitored by a Global Controller will be pushed up.
|
CSCpn02073
|
Issue: After renaming a cloud, clicking the cloud again causes an error.
Workaround: Refresh the page before clicking a renamed cloud.
|
CSCpn01270
|
Issue: The free-form search may not work for the following devices:
•Check Point Opsec NG FP3
•Cisco CSA, 4.0
•Cisco, IDS, 3.1 and 4.0
•ISS, RealSecure, 6.5 and 7.0
•Entercept Entercept, 2.5 and 4.0
•IntruVert IntruShield, 1.5
|
CSCpn00247
|
Issue: The automatic time-out feature built into the GUI does not work when the Summary page is left open with automatic refresh selected.
Resolution: Please log out of the system when you are no longer using it.
|
Caveats
This section describes the open and resolved caveats with respect to this release.
•Open Caveats - Release 5.3.2
•Resolved Caveats - Release 5.3.2
•Resolved Caveats - Releases Prior to 5.3.2
For your convenience in locating caveats in Cisco's Bug Toolkit, the caveat titles listed in this section are drawn directly from the Bug Toolkit database. These caveat titles are not intended to be read as complete sentences because the title field length is limited. In the caveat titles, some truncation of wording or punctuation may be necessary to provide the most complete and concise description. The only modifications made to these titles are as follows:
•Commands are in boldface type.
•Product names and acronyms may be standardized.
•Spelling errors and typos may be corrected.
Note If you are a registered cisco.com user, view Bug Toolkit on cisco.com at the following website:
http://www.cisco.com/support/bugtools
To become a registered cisco.com user, go to the following website:
http://tools.cisco.com/RPF/register/register.do
Open Caveats - Release 5.3.2
The following caveats affect this release and are part of supported devices or compatible products:
Reference Number
|
Description
|
CSCsf31401
|
MARS query does not highlight rules inside any policy group named Local
|
CSCsl27574
|
FWSM Syslog message FWSM-6-302013 with wrong Real and Mapped IP
|
The following caveats affect this release and are part of MARS.
Reference Number
|
Description
|
CSCsl55201
|
java.lang.ArrayIndexOutOfBoundsException on LC x.3.2
|
CSCsl49809
|
Generated XML Email alert is missing ReportedUser element
|
CSCsl41494
|
Network_group object with DB ID of 0 (zero) causes system error in GUI
|
CSCsl31143
|
MARS restore process fails on 4.3.1
|
CSCsl20820
|
Summary page can take a long time to load/rebuild
|
CSCsl20087
|
Pink box error due to finding null interface as next hop address
|
CSCsl14244
|
The User guide is not talking anything about the Nessus version
|
CSCsl11647
|
Pnupgrade hanging at the last step - Updating database schema
|
CSCsl04692
|
Reported user is not parsed for windows event id: 680
|
CSCsk98498
|
CS-MARS: Web Agent 1.1 Not Functional
|
CSCsk92543
|
CS-MARS: Custom Column Report Device Column Blank .
|
CSCsk88570
|
MARS: received email reports contain blank chart
|
CSCsk85267
|
pnparser crashes related to CheckPoint Opsec library
|
CSCsk85174
|
MARS - 5 tuple information missing from raw IDS events from NFS archive
|
CSCsk80647
|
pnupgrade is not displaying next fsck scenario
|
CSCsk79362
|
MARS: GC doesn't populate Case field for incidents
|
CSCsk71762
|
XML Parsing in SVG topology reference without authentication
|
CSCsk70744
|
Upgrade OpenSSL version
|
CSCsk59030
|
MARS OpenSSH GSSAPIDelegateCredentials vulnerability
|
CSCsk51397
|
Adding many incidents to the case slows down the MARS gui performance
|
CSCsk49710
|
User Guide - NetScreen device configuring syslog screenshot incorrect
|
CSCsk39645
|
GUI doesn't check duplicate agent ip address when adding application
|
CSCsk27999
|
Java error when clicking on Configuration Information page
|
CSCsk27276
|
MARS: Isolated Networks in Topology due to 'ip unnumbered' Interface
|
CSCsk26308
|
pink error when listing devices while scalability script running
|
CSCsk21865
|
LC/GC comm broken due to java io stream header corruption exception
|
CSCsk12489
|
operator role can not resubmit report
|
CSCsk11592
|
ids didn't get monitored networks from msfc if discover ids first
|
CSCsk08028
|
Real time multi column query is not working.
|
CSCsk04282
|
MARS failed to import 1000 hosts vulnerablilty information
|
CSCsk03186
|
Error during discovery of Netscreen SSG5 w/ ScreenOS 5.0
|
CSCsk03022
|
After LC was deleted from GC, GC-LC communication goes on forever
|
CSCsk02989
|
GC is not usable when LC has lots of deleted devices
|
CSCsk02261
|
XPATH is change to find open ports information from QG 5.0 xml file
|
CSCsj96747
|
Networks and Groups propogated 2 LC are deleted after its removed fr GC
|
CSCsj96592
|
Adding LC with version lower than 4.3.1 should version mismatch err
|
CSCsj90875
|
Inline/Batch query: result mismatch on Matched Rule Ranking
|
CSCsj90505
|
Inline/Batch query not match on NAT connection report
|
CSCsj89299
|
MARS unable to discover ASA through ssh using DES
|
CSCsj87207
|
GUI cannot show the full topology because of constant process crash
|
CSCsj71119
|
Loading devices from seed file didn't populate interface info
|
CSCsj69985
|
Syslogrelay is accepting same IP for both source and collector
|
CSCsj68087
|
MARS Discovery fails to take the context information of ASA from 7.2-7.0
|
CSCsj67626
|
Raw message query type schedule report missing some raw message events
|
CSCsj67037
|
pnparser / postfire / process_event_srv crashed in func test
|
CSCsj66955
|
scheduled discovery is scheduled at wrong time
|
CSCsj63552
|
PN log agent should check ACS config before allowing user to App name
|
CSCsj60272
|
Special characters should not be allowed in device name(MARS)
|
CSCsj57812
|
Mars unable to parse CP R61 Hide NAT behind gateway config
|
CSCsj57315
|
Mars doesn't parse and store CP R61 User/Client/Session auth rules
|
CSCsj51240
|
Paging does not work for report right after adding it to a case.
|
CSCsj42467
|
LC not showing up on certificate page
|
CSCsj41168
|
Error when trying to accept new sensor certificate
|
CSCsj31990
|
pnparser: to avoid flooding log file
|
CSCsj29441
|
rpcclient2 abnormal uder 1050 windows devices env
|
CSCsj28376
|
Box may not be able to reboot after recovery, under certain conditions
|
CSCsj23845
|
CS-MARS Action filter doesn't work if not associated with incidents
|
CSCsj20697
|
LC did not get added to GC so unable to generate syslogs.
|
CSCsj15512
|
Update reports when handling deletion of hosts
|
CSCsi96921
|
IPSDynamicSigUpdate attempts to connect to CCO with no credentials
|
CSCsi93594
|
Pnparser stops processing each time it tries to load the topology
|
CSCsi93283
|
Mismatch between query and report results for source port ranking.
|
CSCsi91734
|
Mismatch in results between query and report for All Matching Events
|
CSCsi89837
|
MARS does not recognize SNMP traps from IPS device
|
CSCsi86420
|
with 60% event rate capacity, query events ranked by time takes 20 min
|
CSCsi76255
|
Custom log template pattern messed up when add a LC to GC
|
CSCsi69310
|
security hole happens if users close browsers without click logout
|
CSCsi68126
|
For multiple context mode, inbound/outbound error reports are incorrect.
|
CSCsi65960
|
L2 mitigation has problem finding path
|
CSCsi65713
|
Index needs to be removed for the pn_report_result table
|
CSCsi62384
|
The performace test kills all the process during the weekend run
|
CSCsi52731
|
mars reboots w/o asking for confirmation after user clicked cfg update
|
CSCsi51999
|
Edit SW based Application device need submit twice
|
CSCsi50024
|
IPS is not visible in Global Zone Hot Spor Graph
|
CSCsi49474
|
Mismatch results between query and report (custom column)
|
CSCsi49419
|
The application hangs, while getting the results for a query.
|
CSCsi49396
|
Mismatch in results between query & report when query based on desti. IP
|
CSCsi49330
|
Mismatch in results between query and report when query is based on user
|
CSCsi49285
|
Mismatch in results between query and report.
|
CSCsi44427
|
Enh: Make HTML report output the same as CSV output
|
CSCsi29398
|
CS-Mars does mitigate to the proper endpoint
|
CSCsi18757
|
CS-MARS - Request to have the "ssldump" command in the MARS CLI.
|
CSCsi15769
|
NLS_LANG variable should be updated in environment
|
CSCsi13100
|
gui.sh dev build makes different JBOSS web.xml than make release
|
CSCsi11312
|
pn_incident_log and pn_report_log should be archived
|
CSCsi07186
|
User can input unsupported characters in AAA device name
|
CSCsi03658
|
CS-MARS - IOS Discovery via Telnet/SSH fails with $hostname in banner
|
CSCsh97060
|
MARs says it can delete up to 500 at a time but only lets you delete 50.
|
CSCsh94361
|
Events with port 0 cannot be filtered using port in query/reports/rules
|
CSCsh89445
|
GUI allow users create rule without putting rule name
|
CSCsh73553
|
USB Keyboard does not work while re-imaging with DVD
|
CSCsh58754
|
Lots of oracle files on HD can cause upgrade failure, succeeds on retry
|
CSCsh57236
|
Unknown Reporting Device was missing on GC's DB pn_device table
|
CSCsh52537
|
Repeated upgrades of oracle fills hard drive
|
CSCsh44351
|
CSM multiple hostname matches failed to return multiple hosts
|
CSCsh41920
|
No warning for Invalid entry to Query maximum number of rows returned.
|
CSCsh35953
|
MARS unable to add similar named contexts from different fwsm
|
CSCsh14454
|
server.log can grow unbounded with in a single day
|
CSCsh00013
|
Case Management: history does indicate change of ownership
|
CSCsg98026
|
pnlogagent causes acs log files to add (01) to file name
|
CSCsg91816
|
Query for ICMP port 0 shows UDP/TCP results
|
CSCsg82600
|
some syslog results in unknownDET with 'Activate
|
CSCsg80475
|
All incidents purged if event-session partition table is corrupted.
|
CSCsg79246
|
Getting a blank window when adding a device in IE 7
|
CSCsg76958
|
FR: Recognize either CIPS network variables or have CSMARS net variables
|
CSCsg75303
|
GC: If chose LC specific device in rule, it doesn't pass to LC correctly
|
CSCsg73786
|
Devices should not be added to MARS if Discovery is unsuccessful
|
CSCsg70386
|
SSL uses key less than 1024
|
CSCsg64119
|
rule's keyword editor treats NOT as binary rather than unary
|
CSCsg54313
|
ORA-01654: unable to extend index .
|
CSCsg47022
|
CS-MARS - Incorrect Start Times on Retrieved Raw Message Files
|
CSCsg38029
|
high CPU usage in pnparser due to checkpoint NAT rules
|
CSCsg26352
|
Getting a internal server error when trying to access a incident on GC
|
CSCsg20987
|
CSMARS DTM sdf files are sent with invalid format
|
CSCsg14082
|
Default query Changed in system defined report
|
CSCsg13767
|
SuperV doesn't detect/restart processes
|
CSCsg08166
|
Unable to discover ASA 7.0 Error:There is no Error Log for this Device
|
CSCsf99844
|
wrong values for current connections using CLI "show resource usage
|
CSCsf99767
|
provide encoding selection for adding agent to device/host
|
CSCsf96634
|
MARS cannot discover new route added to a router
|
CSCsf31228
|
Unknown device events for FWSM 3.1 FWSM-3-717001 till FWSM-4-717031
|
CSCsf31207
|
Mars doesn't support new/changed FWSM 3.1.3 maintenance release syslogs
|
CSCsf31121
|
Exception in Case Management code when deleting a report
|
CSCsf27568
|
keyword search query can't display big-5 encoding raw msg
|
CSCsf26715
|
Inaccuracy in per-context memory utilization for multi-context devices
|
CSCsf15781
|
Database table columns do not match with the archive file columns
|
CSCsf12825
|
GUI should prevent edit/delete of system-context PIX/ASA 7.0 devices
|
CSCsf11651
|
Device resource monitor incorrectly samples 5 sec CPU instead of 5 min
|
CSCsf06141
|
high CPU usage in pnparser sessionization
|
CSCsf06019
|
Generic Router UI must support multiple reporting applications
|
CSCse99039
|
Redundant tab add available module under Device type Cisco IOS 12.2
|
CSCse98029
|
Occasionally corrupted event data enters into MARS database
|
CSCse91636
|
MARS - not all columns seen in CSV reports generated using custom column
|
CSCse85972
|
Unresolved symbol in Java build (though didnot stop building)
|
CSCse82042
|
Change the Device Type Version for FWSM
|
CSCse82022
|
Unable to view reports starting with #sign in csv format
|
CSCse78738
|
FWSM ifspeed incorrectly reported as 0 for per-context vlan interfaces
|
CSCse78089
|
Unable to upgrade CS-Mars via GUI
|
CSCse54808
|
The time stamp shown by the pndbusage command is incorrect.
|
CSCse51642
|
IPlanet Unknown Device Event Type Parsing Error
|
CSCse45884
|
LLV query causes client CPU to go to 100%
|
CSCse42953
|
CS-Mars - unable to show L2 path when source and destination in same net
|
CSCse38565
|
CSV-Re-importing Symantec AV client CSV doesn't work
|
CSCse38356
|
Windows pulling gets stuck for one IP due to invalid content in evt log
|
CSCse34600
|
configurable SNMP timeout support
|
CSCse34407
|
Query Tab -> Multi column query returns wrong results.
|
CSCse33688
|
No Event Types listed under Cisco Switch-IOS 12.2
|
CSCse33172
|
Invalid id used in DbClient::retrieve() 0
|
CSCse31722
|
Cloud toggle only works on first page of reporting devices
|
CSCse27948
|
pink box when do query - ORA-01555: snapshot too old exception
|
CSCse18816
|
UI takes 99% CPU, hanging browser and slowing system while expanding all
|
CSCse17936
|
5K Lines Custom Query fails
|
CSCse13038
|
CS-Mars - learning of McAfee agents with invalid names
|
CSCse10945
|
Summary Page Graphs Spontaneously Change Displayed Size (w/ multi-head)
|
CSCse09127
|
Failed load from csv returns incorrect status
|
CSCse03237
|
Changes made to GC network groups are not propagated to active LC rules
|
CSCse03097
|
CheckPoint LEA record comes to MARS later and later
|
CSCse00626
|
IP Management -> device group displays hosts only.
|
CSCsd95582
|
Both successful/failed mitigation reports show same results
|
CSCsd92916
|
CS MARS - Raw Ip Addresses in Custom Query email have incomplete URL
|
CSCsd89457
|
Incorrect handling of time range for rules that fire periodically.
|
CSCsd86896
|
Clicking the clear button when editing the query type doesn't work.
|
CSCsd84350
|
CS-MARS/CSM: Credentials change on CSM side not checked.
|
CSCsd74681
|
OS 4.0: FlexLM License
|
CSCsd61749
|
pnrestore doesn't restore all of the system config
|
CSCsd06302
|
device name with single quote causes pink box
|
CSCsc97963
|
Netscreen logical interfaces (vlan intf) not discovered
|
CSCsc95831
|
log messages of MARS processes stopped being written into backend log
|
CSCsc90480
|
MARS Incident notification options are not configurable
|
CSCsc78878
|
snort signature 2570 incorrectly mapped
|
CSCsc59363
|
Need improvement to GUI for multi-line rules
|
CSCsc15590
|
MARS not including all events in a report, query returns events fine
|
CSCsc04484
|
LC Rule/Report list shows empty after deletion of GC group
|
CSCsb80082
|
Deleting a LC w/o exchanging certificates doesn't set mode to Standalone
|
CSCsb77550
|
CSV-re import of CSA and Symantec agents unsuccessful
|
CSCsb67871
|
Got System Error In GC After Re-installed New Version In LC
|
CSCpn03057
|
Copied rules have shortened year in front, which is confusing (ex. 0
|
CSCpn03052
|
JBoss 'OutOfMemoryError ' when accessing Management/Event Management
|
CSCpn02976
|
GC:LC - Communication issues after time zone change
|
CSCpn02973
|
Not able to downgrade a security analyst to Notification only user
|
CSCpn02968
|
Network group search is not working for "All IP addresses
|
CSCpn02901
|
GC/LC, rule does not display user <cxu> but allows such cfg
|
CSCpn02869
|
Rules editing: changing entry for select window pulldown after error
|
CSCpn02804
|
Replay History feature not working correctly
|
CSCpn02688
|
GC/LC: gc lc displayed diff time rage for the same global report
|
CSCpn02666
|
Batch Query Results with one item returned -> no data in graph in em
|
CSCpn02656
|
System error occurs when # of java connections runs out
|
CSCpn02653
|
No way to specify "!Keyword" without a good "keyword
|
CSCpn02574
|
Time change on system causes GC/LC communication problem
|
CSCpn02566
|
rebooting mars while it is upgrading cause the box not accessible
|
CSCpn02558
|
"Agent" didn't be removed correctly
|
CSCpn02549
|
JavaScript Error from ViewReport when clicking Edit/Clear
|
CSCpn02511
|
need to fix errors in affected os
|
CSCpn02470
|
Server csv function could not handle special characters in password
|
CSCpn02414
|
GC/LC user rule is too long to fit into a page if keyword is long
|
CSCpn02410
|
rule was not fired because Oracle log used upper case for user
|
CSCpn02398
|
XML escaping errors in Keyword Search in Rule
|
CSCpn02385
|
Applied $TARGET01 for GC Query Source IP resulted in "resultCounter
|
CSCpn02383
|
IIS parsing must be separated from Windows log
|
CSCpn02251
|
License: Upon entry of 100 license onto 100e, need to restart pnpars
|
CSCpn02177
|
Docs: Filesystem Check after 22 reboots
|
CSCpn02061
|
Saving .csv files under WinXP SP2 results in .htm extension
|
CSCpn02011
|
discovery for special passwd 1"1 failed
|
CSCpn01438
|
Batch Query: Under high load, some batch queries may not complete
|
CSCpn01398
|
Unable to shutdown an interface
|
CSCpn01382
|
Security device type hosts don't show up in IP management
|
CSCpn01319
|
pnreset command does not cause reboot
|
CSCpn01219
|
Cleanup script for invalid /etc/qpage.conf entries
|
CSCpn01134
|
Cloud name input box accepts invalid characters
|
CSCpn01045
|
Archiving: Need better error message
|
CSCpn00908
|
"Domain" in Configuration page - no use
|
CSCpn00586
|
nasl message text needs to be changed
|
CSCpn00455
|
Graph doesn't refresh when a cloud is renamed
|
CSCpn00293
|
using TAB in editing fields
|
CSCpn00212
|
Graphgen crashes when there are many non-existent devices
|
CSCpn00183
|
Adding devices w/o "Activate" can cause "messy" graph
|
CSCpn00173
|
Nessus should check pre-NAT address instead of Post-NAT address
|
CSCpn00166
|
Inconsistent behavior for "ANY" in Rules and Queries
|
Resolved Caveats - Release 5.3.2
The following customer found or previously release noted caveats have been resolved in this release.
Reference Number
|
Description
|
CSCsl48979
|
MARS : Need Documentation stating that only snmp v1 is supported
|
CSCsl39524
|
jboss memory sizing per platform missing .
|
CSCsl35398
|
LC report result data referencing incidents is never sent to GC
|
CSCsl32835
|
DOC: Add explicit statement for IPS sig update config with GC-LC
|
CSCsl24378
|
MARS - Clicking on "reported user" criteria in query causes System error
|
CSCsl11773
|
MARS IPS Dynamic Updates Documentation needs link to zip file downloads
|
CSCsl10993
|
Parsing errors for three IOS 12.2 Events
|
CSCsl08765
|
WLAN: Description for "Info/WLAN/RogueFound" is incomplete
|
CSCsl08727
|
LLV stop unexpectly
|
CSCsl08704
|
GC on-demand report failed to submit on LC automatically
|
CSCsl07983
|
Need to support old version of IOS NAT Syslogs as well.
|
CSCsl07577
|
MARS: IPS Dynamic Update 'Test Connectivity' does not test tcp port 80
|
CSCsl06821
|
pnreset doesn't clear ips custom signatures downloaded on the mars
|
CSCsl03810
|
ASA Syslog 313004 not being parsed properly
|
CSCsl01412
|
GUI license page not updated when Gen-2 LC is added to GC
|
CSCsl00314
|
Backward compatibility to be supported for CSM3.1/3.0.1
|
CSCsk98605
|
CS-MARS: Webagent 1.1 Documentation is Inconsistent
|
CSCsk96714
|
GC query/reports with WLAN data couldn't be finished
|
CSCsk96622
|
IPS events not displayed correctly
|
CSCsk94852
|
Stack trace info needed when Topo Sync terminates abnormally
|
CSCsk93773
|
Various Configuration Sync issues related to rule
|
CSCsk93622
|
25R janus.conf unchange after license upgrade
|
CSCsk91536
|
LC stuck in Synchronizing state due to ArrayIndexOutOfBoundsException
|
CSCsk90015
|
Cisco ACS 3.x not accessible after upgrade to MARS x.3.1
|
CSCsk89973
|
Incorrect oracle.tgz being used in install image packaging
|
CSCsk86450
|
Unknown Device Event type for IPACCESSLOGRL
|
CSCsk85643
|
port 1590 is open .
|
CSCsk83600
|
javascript error when discovering IOS devices
|
CSCsk83003
|
Memory Leak when CSM icon is displayed in the LLV
|
CSCsk80770
|
patch - syslog related to the custom signature insert/update is not gen
|
CSCsk80633
|
MARS device is performing fsck after x reboots or x amount of days
|
CSCsk78925
|
Do not highlight activate button on Report Re-Submit.
|
CSCsk78881
|
IPS Custom Sigs not sync'd from LC to GC
|
CSCsk76848
|
WLAN: Add System Rule for Rogue WLAN AP Detected
|
CSCsk76693
|
MARS: IPS signature 1225.0 has incorrectly named event type
|
CSCsk76309
|
Activate Button doesn't light for LC case mngt related actions
|
CSCsk75568
|
hotswap list command accepts all arguments
|
CSCsk75542
|
Activate Btn - Activate_LCAuditLog_MyReportsRemove fails
|
CSCsk75366
|
Traffic anomaly memory pool size vars inconsistent between M50 and M55
|
CSCsk74029
|
Timeout mechanism is missing in the /usr/bin/tzselect script
|
CSCsk73185
|
global:pnadmin warning for password remains default on standalone LC .
|
CSCsk72843
|
Agent db table LC-GC sync takes too long, eventually renders LC inop
|
CSCsk72117
|
HOTSWAP ADD command does not initiate rebuilding process
|
CSCsk70315
|
4.3.2/5.3.2 data package issue breaks migration
|
CSCsk70269
|
WLAN: MARS reported local host 127.0.0.1 as unknow rep device
|
CSCsk68277
|
ASA ICMP ping shows 0 in src/dest/ports but raw message has data
|
CSCsk68189
|
need new pn_sys_param CUSTOM_IPS_SIG_VERSION
|
CSCsk67129
|
Deleting LC from GC takes too long
|
CSCsk66332
|
mars25r allows more than 1 LLV
|
CSCsk66006
|
Datawork for 4.3.2/5.3.2
|
CSCsk65187
|
Bad error message if device SSH is not configured
|
CSCsk64944
|
"show inventory" descr field does not match vendor
|
CSCsk64703
|
When deleting LC from GC, GC sometimes keeps LC's certificate
|
CSCsk63747
|
CS-MARS Static Routes are not persistent across reboots in 5.2.x .
|
CSCsk62893
|
DOC: No support for multiple instances of same app for one device
|
CSCsk62618
|
CheckCPU terminat1es discover during huge router discovery
|
CSCsk61145
|
raid email alert contains invalid model name
|
CSCsk58189
|
Symantec10.x:unable to add agent thru seed file
|
CSCsk57521
|
Test Connectivity to CSM fails when CSM password contains special chars
|
CSCsk54941
|
Adding new Event produces 404 Page Not Found
|
CSCsk53426
|
Parsing of few IOS events not happening
|
CSCsk52262
|
Test Connectivity to CSM should not be done, when Edit operation is done
|
CSCsk51253
|
ADMIN > > Auth Config completion message misspelling
|
CSCsk51242
|
Misleading JS error msg in ADMIN > > Authentication Configuration
|
CSCsk49989
|
PIX8.0:showing additional device type for common context
|
CSCsk49311
|
GUI Memory leak in IE when adding device
|
CSCsk46865
|
User password less than 6 digits allowed to be input, on edit password
|
CSCsk46559
|
NAT 0 related information is not getting logged in janus_log
|
CSCsk45754
|
Maximum Login Failures field should be validated before being submitted
|
CSCsk45704
|
User account always display locked
|
CSCsk45447
|
LLV backend code floods janus_log with a bogus error
|
CSCsk45351
|
LLV broken, Query page problems after 9/11 Activate changes
|
CSCsk44951
|
IOSIPS not working under IOS 12.4
|
CSCsk43710
|
Gen2 GC miss Genl LC's info on the license page
|
CSCsk43376
|
JBOSS Log gets CSM-related exceptions doing LLV
|
CSCsk43353
|
MARS Java compilation gets deprecation warnings
|
CSCsk43299
|
Unable to add a 25R LC to GC2R.
|
CSCsk43157
|
LLV the default scrolling speed is fast, need to change to medium
|
CSCsk42894
|
Parsing error in Discovering the ASA/PIX80 config with service object
|
CSCsk42883
|
Timeout may happen too soon if only click Pause, Resume
|
CSCsk42805
|
Statistics backlog creates high CPU condition
|
CSCsk41641
|
5 nasl scripts' references need to be removed from bigfiles
|
CSCsk41585
|
Pop up message needs to improve for 25/55.
|
CSCsk39353
|
Cannot load license on mars-25
|
CSCsk39250
|
Datawork merge from 4.3.1/5.3.1 to 432-int-sj/ 532-int-sj respectively
|
CSCsk39028
|
MARS need keep full McAfee raw message
|
CSCsk38866
|
Need to update compatible versions for x.3.2 release
|
CSCsk37063
|
LLV Query Resume button does nothing
|
CSCsk36566
|
Symantec AV10.x: Discovery is not happening for agents
|
CSCsk35748
|
Activate button not highlighted when changes are made
|
CSCsk35414
|
WLAN: AP created dynamically with name AP-<mac> instead of real name
|
CSCsk34334
|
'Administrator' word is repeated while clicking on Activate Button
|
CSCsk33510
|
source ip, dest ip not being displayed on syslog events from IOSIPS
|
CSCsk31615
|
Should not increase the number of failure for AAA server unaccessible
|
CSCsk29507
|
IPS process uses too much memory per IPS device
|
CSCsk29300
|
Custom Signatures Support
|
CSCsk27325
|
KeywordQuerySrv crashed because of thread safety issue of posix regex
|
CSCsk26202
|
pnparser crashed in scala. test involv. CSA agent creation & db change
|
CSCsk20052
|
Enh:Jboss's ssl implementation need to disable the weak encryptions
|
CSCsk20047
|
Enh: Linux kernel level, need to disable icmp timestamp request, reply .
|
CSCsk19730
|
Null XML_KEY_VALUE XML causes rule to go inactive on LC/GC sync
|
CSCsk18348
|
mars does not sort pnexp, pnimp with other CLIs
|
CSCsk17861
|
Mars released DVD contains GUI management source codes
|
CSCsk17406
|
No proper Error message on the Mars when CSM is not running.
|
CSCsk14988
|
WLAN: All the IPSec event types should be removed
|
CSCsk14974
|
WLAN: ET Rogue WLAN AP Removed shd belong to Info/Misc/WLAN grp
|
CSCsk14364
|
RAIDInsertSingleDisk case shows "Failed" instead of "Rebuild" HDD status
|
CSCsk12413
|
mars25/55 disk partitions are different from the document
|
CSCsk12355
|
hotswap remove/add commands produce error message
|
CSCsk12156
|
Configuration Sync (GC --> LC) can have parallel threads doing dupe work
|
CSCsk12130
|
Editing system rules before upgrading can cause LC/GC sync problems
|
CSCsk11794
|
Version Compatibility:-4.3.2 mars with 3.0.1 csm
|
CSCsk11384
|
New Zealand Daylight Savings Time need to be patched for mars .
|
CSCsk10494
|
Enhance pnarchiver to better handle NFS errors
|
CSCsk07550
|
upgrading through GUI is failing for GC when proxy is configured
|
CSCsk07461
|
show inventory cmd indicates drive is present when removed
|
CSCsk07147
|
"raidstatus" output has no boundary between Model and Serial#
|
CSCsk06363
|
System Rule: Resource Issue: CS-MARS should include drop counts events
|
CSCsk04589
|
CSM icon should be displayed irrespective of "Test connectivity" is done
|
CSCsk03722
|
CS-MARS - Test Connectivity to IDS sensors returns error
|
CSCsk03040
|
Cancelling CSM device addition to CS-MARS opens a blank page
|
CSCsk02544
|
CSM icon is displayed, when CSM device is not in MARS
|
CSCsk02326
|
Error msg is not shown on clicking icon,when CSM is not added properly
|
CSCsj98713
|
ASA72 Parsing Error and Missing Incident
|
CSCsj98613
|
FWSM 2.3.5 device support.
|
CSCsj97638
|
invalid javascript pointer when deleting 500 devices
|
CSCsj97516
|
25R installation fails - continues to install 25 image
|
CSCsj94090
|
customer parser sets wrong destination port for port string
|
CSCsj90148
|
WLAN: more descrip. for WLAN related System Rules
|
CSCsj90137
|
WLAN: more descrip. for WLAN related System Report
|
CSCsj87482
|
FWSM 3.1.6, safe harbor and 3.2 device support.
|
CSCsj77485
|
Merge Wireless code to final Integration branch
|
CSCsj77473
|
Switching LC between GCs or pnreset in GC causes synchronization error
|
CSCsj75209
|
WLAN: msg obsolete setsockopt SO_BSDCOMPAT pop up console
|
CSCsj73926
|
Merging Wireless device support code from Private to Integration Branch
|
CSCsj73189
|
IOS and IPS certificates aren't deleted when the device is deleted
|
CSCsj66838
|
ASA-6-113015 event prints error msg to janus_log
|
CSCsj62712
|
Unknown Device Event Type for some of the ASA 7.2 syslog Messages
|
CSCsj59006
|
WLAN: Incorrect Severity for the "Rogue WLAN AP No Longer on Wired n/w
|
CSCsj58983
|
WLAN: Incorrect description for Generic/3.3.0 Netstumbler Event Types
|
CSCsj58925
|
WLAN:In the event type details,<p> is showing
|
CSCsj54623
|
Negative tests for SSL cert storing failing
|
CSCsj53807
|
Wrong results for event filter != 'ET group' in scheduled reports/LLV
|
CSCsj53725
|
Scheduled Report: Max row returned doesn't work well
|
CSCsj52332
|
Support PIX/ASA 7.2.3
|
CSCsj52322
|
Support PIX/ASA 7.2.2
|
CSCsj52313
|
Support PIX/ASA 7.0.7
|
CSCsj51858
|
GC: scheduled user report of RuleGroup return empty result
|
CSCsj51255
|
Adding a report to a case does not give the pop up.
|
CSCsj48774
|
Db Schema Changes required for MARS and CSM integration
|
CSCsj44383
|
WLAN: Interface Information is now showing correct
|
CSCsj42811
|
WLAN: AP name mistakenly attach to Domain Name under Case
|
CSCsj40830
|
WLAN: Device type should be AP at Mitigation pop up
|
CSCsj39353
|
25/55 changes check in
|
CSCsj39300
|
WLAN:Severity showing green for "IPSEC Suite Negotiation Failed" event
|
CSCsj33614
|
MARS SSH discovery of ASA fails if login banner is set
|
CSCsj33127
|
FWSM UDP teardown events are not sessionized properly
|
CSCsj31276
|
WLAN: AP type should be shown at Agents
|
CSCsj31202
|
WLAN: INCIDENTS> Inactive device shown as Unknown Device
|
CSCsj25873
|
WLAN: typo found at Rogue WLAN AP detected.
|
CSCsj25782
|
GC changes following LC sync do not auto propagate to other LCs
|
CSCsj25720
|
WLAN: 60+ traps shown as "Unknown Device Event Type
|
CSCsj25656
|
Support for ASA & PIX for version 8.0
|
CSCsj20814
|
WLAN: successful Device Discoery shown Unknown Device
|
CSCsj20618
|
WLAN: Path/Mitigation info missing
|
CSCsj20311
|
WLAN: inactive reporting device show at Attack Diagram
|
CSCsj20295
|
WLAN: no AP name displayed at Reporting Device
|
CSCsj19164
|
GC: A Security Analyst cannot add Notification user
|
CSCsj18990
|
WLAN: CS-MARS not able to discover re-joined AP
|
CSCsj12025
|
Error in PIX/ASA Datawork
|
CSCsj09557
|
Improve shared buffer instrumentation and error reporting
|
CSCsi95074
|
low-traffic bytes ranking report causes process_inlinerep_srv to restart
|
CSCsi91594
|
Maximum report name is limited to 64 characters in the GUI, 255 in DB
|
CSCsi91545
|
Changes not saved when editing a rule with maximum length name
|
CSCsi88055
|
Case Management simple performance improvements possible
|
CSCsi77258
|
failed to delete multiple devices at one shot
|
CSCsi74756
|
Supporting AIP SSM-10/-20 6.0
|
CSCsi74161
|
Supporting IOS IPS 5.x siganture - 12.4(11)T
|
CSCsi72821
|
IDSM 6.0 support
|
CSCsi70698
|
LC incorrectly attempting to replicate event based reports to GC
|
CSCsi70076
|
Discovery fails when 'password' is part of the login banner
|
CSCsi54079
|
Bootes: only one interface is passed from mars to csm server
|
CSCsi53831
|
performace test causes all the process restarted .
|
CSCsi49975
|
Real-Time (raw events) query limit reached if browser killed or crashes
|
CSCsi41701
|
device name becomes null when going back to the General host info tab
|
CSCsi39792
|
new IPS 4270 support
|
CSCsi32553
|
MARS Client CPU hits 95-100% during Real-Time (raw events) query
|
CSCsi31357
|
The functionality of deleting a LC from GC is not working as expected.
|
CSCsi11963
|
MARS 4.2.4 not parsing IOS Router NAT properly
|
CSCsi09350
|
GC not synching or getting all devices from LC
|
CSCsi03807
|
Make DB Changes for IPS Signature Autoupdate
|
CSCsh82791
|
LC Database not cleaned correctly if LC reboots during deletion from GC
|
CSCsh81150
|
Scalability LC-GC synch prevents GC from communicating with LCs
|
CSCsh77109
|
Only LCs in standalone mode can be added to a GC
|
CSCsh40156
|
page not found when clicking test connectivity on CSM edit page
|
CSCsh15701
|
unable to exchange certificates between LC and GC
|
CSCsg99820
|
QueryReportMatch_ProtocolRanking - mismatch on 1 hour reslts
|
CSCsg80437
|
GC: Performance very slow when loading Local Controller Management page
|
CSCsg75434
|
If global user deleted while logged into LC, not logged out of LC
|
CSCsg66824
|
GC report shows as 'In progress
|
CSCsg64653
|
csips does not pull all ipLogs from the sensor
|
CSCsg57694
|
system context can be deleted/edited in asa/pix7.0 & 7.2 device
|
CSCsg56582
|
Custom parser does not properly parse preNAT / postNAT IP addresses
|
CSCsg20408
|
FW-6-SESS_AUDIT_TRAIL Parsing Error
|
CSCsg04715
|
GC-LC data not consistent after Topo Sync
|
CSCsg02045
|
39 parsing errors for fwsm3.1 syslog
|
CSCse82017
|
View HTML option for reports turns back to default report format - csv
|
CSCse23117
|
The secret community string is exposed at the DB
|
CSCse20301
|
Ciscoization - the self-signed certificate is not updated to a Cisco one
|
CSCsd53364
|
CS-Mars - NGX R60A version for Check Point not compatible
|
CSCsc66295
|
Got a browser Runtime Error when tried to delete devices in batch
|
CSCsc30890
|
CSM query for 'Deny connection-no xlate' SHOULDN'T highlight permit rule
|
CSCsc22114
|
ENH - Activate button needs to change color after config change is made
|
CSCpn03072
|
GC, incidents from deleted LC still showed up in GC
|
CSCpn03067
|
Snort signatures need fixing as they use a non-unique signature ID r
|
CSCpn02975
|
Minor problem with "Deleting a user group" screen
|
CSCpn02972
|
Deleting Group from IP Management Tab causes only headers to be disp
|
CSCpn02883
|
Event management search works only for event description
|
CSCpn01976
|
GC:it took too long to push pn_route info from LC to GC
|
CSCpn01859
|
LC / GC communication should be limited to times when there is actua
|
CSCpn01317
|
More data expected when populating pn_application table
|
Resolved Caveats - Releases Prior to 5.3.2
For the list of caveats resolved in releases prior to this one, see the following documents:
http://www.cisco.com/en/US/products/ps6241/prod_release_notes_list.html
Product Documentation
For the complete list of documents supporting this release, see the release-specific document roadmap:
•Cisco Secure MARS Documentation Guide and Warranty
http://www.cisco.com/en/US/products/ps6241/products_documentation_roadmaps_list.html
Lists document set that supports the MARS release and summarizes contents of each document.
For general product information, see:
http://www.cisco.com/go/mars
Obtaining Documentation, Obtaining Support, and Security Guidelines
For information on obtaining documentation, obtaining support, providing documentation feedback, security guidelines, and also recommended aliases and general Cisco documents, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:
http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html
CCVP, the Cisco Logo, and the Cisco Square Bridge logo are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn is a service mark of Cisco Systems, Inc.; and Access Registrar, Aironet, BPX, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Enterprise/Solver, EtherChannel, EtherFast, EtherSwitch, Fast Step, Follow Me Browsing, FormShare, GigaDrive, GigaStack, HomeLink, Internet Quotient, IOS, iPhone, IP/TV, iQ Expertise, the iQ logo, iQ Net Readiness Scorecard, iQuick Study, LightStream, Linksys, MeetingPlace, MGX, Networking Academy, Network Registrar, Packet, PIX, ProConnect, RateMUX, ScriptShare, SlideCast, SMARTnet, StackWise, The Fastest Way to Increase Your Internet Quotient, and TransPath are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0612R)
© 2007 Cisco Systems, Inc. All rights reserved.
Feedback
