TIBCO LogLogic® NERC Compliance Suite Release Notes

Software Release 3.7.0 August 2014

Two-Second Advantage® Important Information SOME TIBCO EMBEDS OR BUNDLES OTHER TIBCO SOFTWARE. USE OF SUCH EMBEDDED OR BUNDLED TIBCO SOFTWARE IS SOLELY TO ENABLE THE FUNCTIONALITY (OR PROVIDE LIMITED ADD-ON FUNCTIONALITY) OF THE LICENSED TIBCO SOFTWARE. THE EMBEDDED OR BUNDLED SOFTWARE IS NOT LICENSED TO BE USED OR ACCESSED BY ANY OTHER TIBCO SOFTWARE OR FOR ANY OTHER PURPOSE. USE OF TIBCO SOFTWARE AND THIS DOCUMENT IS SUBJECT TO THE TERMS AND CONDITIONS OF A LICENSE AGREEMENT FOUND IN EITHER A SEPARATELY EXECUTED SOFTWARE LICENSE AGREEMENT, OR, IF THERE IS NO SUCH SEPARATE AGREEMENT, THE CLICKWRAP END USER LICENSE AGREEMENT WHICH IS DISPLAYED DURING DOWNLOAD OR INSTALLATION OF THE SOFTWARE (AND WHICH IS DUPLICATED IN THE LICENSE FILE) OR IF THERE IS NO SUCH SOFTWARE LICENSE AGREEMENT OR CLICKWRAP END USER LICENSE AGREEMENT, THE LICENSE(S) LOCATED IN THE “LICENSE” FILE(S) OF THE SOFTWARE. USE OF THIS DOCUMENT IS SUBJECT TO THOSE TERMS AND CONDITIONS, AND YOUR USE HEREOF SHALL CONSTITUTE ACCEPTANCE OF AND AN AGREEMENT TO BE BOUND BY THE SAME. This document contains confidential information that is subject to U.S. and international copyright laws and treaties. No part of this document may be reproduced in any form without the written authorization of TIBCO Software Inc. TIBCO, Two-Second Advantage and LogLogic are either registered trademarks or trademarks of TIBCO Software Inc. and/or subsidiaries of TIBCO Software Inc. in the United States and/or other countries. All other product and company names and marks mentioned in this document are the property of their respective owners and are mentioned for identification purposes only. THIS SOFTWARE MAY BE AVAILABLE ON MULTIPLE OPERATING SYSTEMS. HOWEVER, NOT ALL OPERATING SYSTEM PLATFORMS FOR A SPECIFIC SOFTWARE VERSION ARE RELEASED AT THE SAME TIME. PLEASE SEE THE README.TXT FILE FOR THE AVAILABILITY OF THIS SOFTWARE VERSION ON A SPECIFIC OPERATING SYSTEM PLATFORM. THIS DOCUMENT IS PROVIDED “AS IS” WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. THIS DOCUMENT COULD INCLUDE TECHNICAL INACCURACIES OR TYPOGRAPHICAL ERRORS. CHANGES ARE PERIODICALLY ADDED TO THE INFORMATION HEREIN; THESE CHANGES WILL BE INCORPORATED IN NEW EDITIONS OF THIS DOCUMENT. TIBCO SOFTWARE INC. MAY MAKE IMPROVEMENTS AND/OR CHANGES IN THE PRODUCT(S) AND/OR THE PROGRAM(S) DESCRIBED IN THIS DOCUMENT AT ANY TIME. THE CONTENTS OF THIS DOCUMENT MAY BE MODIFIED AND/OR QUALIFIED, DIRECTLY OR INDIRECTLY, BY OTHER DOCUMENTATION WHICH ACCOMPANIES THIS SOFTWARE, INCLUDING BUT NOT LIMITED TO ANY RELEASE NOTES AND "READ ME" FILES. Copyright © 2002-2014 TIBCO Software Inc. ALL RIGHTS RESERVED. TIBCO Software Inc. Confidential Information | 3 Contents

Release Notes ...... 5 What’s New in this Release ...... 6 Resolved Issues...... 7 Known Issues...... 8 Technical Support Information ...... 10 Documentation Support Information ...... 11

TIBCO LogLogic NERC Compliance Suite Release Notes 4 | Contents

TIBCO LogLogic NERC Compliance Suite Release Notes | 5

Release Notes

TIBCO LogLogic Compliance Suite: NERC Edition version 3.7.0 is a maintenance update to the compliance reporting and alerting capabilities in the NERC compliance package. The Compliance Suite extends the value of the TIBCO LogLogic EVA, LX and MX Appliances by providing out-of-the-box Compliance Reports and Alerts on log data the Appliances collect. Working together, the TIBCO LogLogic NERC Compliance Suite and the TIBCO LogLogic Appliance: • Automate compliance activities and dramatically improve audit accuracy. • Provide risk assessment data and accelerate time to risk mitigation. • Allow organizations to use infrastructure data to provide evidence of and enforce IT controls. • Provide industry-leading reporting depth and breadth, including real-time reporting and alerting on NERC compliance. • Deliver 344 out-of-the-box Compliance Reports and 149 out-of-the-box Alerts with executive-level views. • Enable customization of any Compliance Report to map reports against your company’s policies. Support is provided for 5.5.x or higher, plus LSP 27.1 or above.

If no Symantec Endpoint Protection devices are present during import, they will need to be added manually to the Symantec Endpoint Protection reports before running.

For more information about the TIBCO LogLogic Compliance Suite: NERC Edition v3.7.0, see the TIBCO LogLogic Compliance Suite: NERC Compliance Suite Guidebook.

TIBCO LogLogic NERC Compliance Suite Release Notes 6 |

What’s New in this Release

TIBCO LogLogic Compliance Suite: NERC Edition version 3.7.0 contains the following noteworthy improvements and updates since the previous major release: • Added Reports and Alerts for the following new devices: — Sidewinder 8.x — Control Manager v6.0 — IBM AIX General OS v7.1 —AIX Audit v7.1 — PanOS v5.0 — Windows 2008 R2 (ENG) — Active Directory Services (ADS) 2008R2 (ENG) — FWSM 4.1(7) — Windows Server 2012: Phase I — Windows 2008 R2 Server French Language support: Phase I — MS DNS 2012 — VMware vCenter 5.1 — Windows 2003 Japanese: Phase I — Windows 2008/R2 Japanese: Phase I — FortiOS v5.0

TIBCO LogLogic NERC Compliance Suite Release Notes Resolved Issues | 7

Resolved Issues

• Resolved issue where some Alerts did not have all devices selected. [LLCS-7 (31517)] • Resolved issue where successful logins returned both Logins and Logoff events when run on LMI 5.3. [LLCS-24 (31473), LLCS-25 (31608)]

TIBCO LogLogic NERC Compliance Suite Release Notes 8 |

Known Issues

• UNIX Failed Logins reports address only devices identified as "Other UNIX". Workaround: To include all UNIX types (Linux, HP/UX, etc.), create a new device Group and include all required UNIX types. Then edit the report and use the new device Group to return results. (22428) • Juniper Firewall reports by default return only results for "Juniper Firewall" devices. Workaround: To return results for Juniper RT_Flow devices, edit the report and either select the RT_Flow device manually from the pull-down menu or create a device group to include the Juniper Firewall and RT_Flow devices and use the new device group in the report. (22438) • After importing the Compliance Suites in LMI 5.x, the Symantec Endpoint Protection device will be missing when editing reports. (29134) • Some devices are missing when editing the custom reports or alerts. Workaround: Issue is caused by the device not being present in LMI prior to the importing of the suite. You can manually add the device to the report to resolve this issue. (31429, 31431) • No results are shown from the "DNS Server Error" report. Solution: Issue is resolved in LMI 5.2 or above. (31554) • A Java exception is seen when running the "Windows Software Update" reports. Solution: Issue is resolved in LMI 5.2 and above. (31580) • A Java exception might be seen when exporting custom reports on LMI 5.2. Solution: Issue is resolved on LMI 5.3. (31655) • Alert History is truncated when the message is too long. [LLLM-764] • After importing CS 3.6.0 on LMI 5.4, reports for Blue Coat devices will return no results. (LLLM-918) Workaround: Edit Report and add Blue Coat device into log sources. • “Windows Programs Accessed” does not return results. (LLCS-512) Solution: Upgrade to 5.4.0 or above plus CS 3.6.0. • ESX Logins Succeeded reports return no results on LMI 5.3.x or prior. (LLCS-490) Solution: Upgrade to LMI 5.4.0 or above.

TIBCO LogLogic NERC Compliance Suite Release Notes Known Issues | 9

• "vCenter Successful Logins" and "vCenter Failed Logins" do not not return results. (LLCS-484) Solution: Upgrade to 5.4.0 or above plus CS 3.6.0. • "Failed Logins" and "Successful Logins" Reports return incorrect results. (LLCS-479) Solution: Solution: Upgrade to 5.4.0 or above plus CS 3.6.0. • Triggered alert messages are truncated and Search filters and High Thresholds are lost. (LLLM-1994)

TIBCO LogLogic NERC Compliance Suite Release Notes 10 |

Technical Support Information

TIBCO LogLogic is committed to the success of our customers and to ensuring our products improve customers' ability to maintain secure, reliable networks. Although TIBCO LogLogic products are easy to use and maintain, occasional assistance might be necessary. TIBCO LogLogic provides timely and comprehensive customer support and technical assistance from highly knowledgeable, experienced engineers who can help you maximize the performance of your TIBCO LogLogic Compliance Suites.

To reach the LogLogic Support team by telephone: Toll Free — 1-800-957-LOGS Local —1-408-834-7480 EMEA — +44 1480 479391 Email: [email protected] Support Website: https://support.tibco.com/loglogic.htm When contacting LogLogic Support, be prepared to provide the following information: • Your name, email address, phone number, and fax number • Your company name and company address • Your release version • Serial number located on the back of the Log Appliance or the eth0 MAC address • A description of the problem and the content of pertinent error messages (if any)

TIBCO LogLogic NERC Compliance Suite Release Notes Documentation Support Information | 11

Documentation Support Information

The TIBCO LogLogic documentation includes Portable Document Format (PDF) files. To read the PDF documentation, you need a PDF file viewer such as Adobe Acrobat Reader. You can download the Adobe Acrobat Reader at http://www.adobe.com.

TIBCO LogLogic NERC Compliance Suite Release Notes 12 |

TIBCO LogLogic NERC Compliance Suite Release Notes