Symantec ICA Release Notes
Symantec ICA Release Notes
About These Release Notes
These release notes provide information about the new features, capabilities, and fixes in version
6.5.4(184.108.40.2060) and version
Maintenance Pack 1 (220.127.116.11100). These notes provide an overview of the new features including, where appropriate, details to help you understand how the feature is used in
Symantec ICA(Symantec Information Centric Analytics). These notes do not contain implementation or configuration details for the new features.
What's New in Symantec ICA Version 6.5.4 Maintenance Pack 1 (MP1)
6.5.4Maintenance Pack 1 (MP1)
The following improvements are new in
- Added support in global search for the following elements:
- Event identifiers for authentication events, web activity, and endpoints
- Vulnerabilities for computer endpoints, web applications, code, and configuration issues
- Risk model instance identifiers
- Improved performance when using filters in the analyzer.
- Made the ability to load and save column layout independent of the Can Administer Settings privileges.
- Added the ability to delete data integrations, import rules, and data sources in the integration wizard.
- The Microsoft AD importer now removes users from theSymantec ICAgroup member table when the user is removed from the group. The importer must be upgraded to use this feature. A new version of the importer is included with this maintenance pack.
Symantec ICAenvironment must be at version 18.104.22.168 or later to upgrade to 6.5.4 and 6.5.4. MP1. If the environment is not at 22.214.171.124, then upgrade to 126.96.36.199 and ensure that the 188.8.131.52 Post Deploy job running in the SQL server agent has completed before starting the upgrade to 6.5.4 or 6.5.4 MP1.
The following documentation features were added to
- Documentation is now in HTML format, providing easier navigation and access to information than PDF guides.
- You can now do a full-text search across allSymantec ICAcontent.
- PDFs are not available for this release; however, you can access PDFs for earlier versions ofSymantec ICAfrom the version menu on theSymantec ICATech Docs page.
Key new dashboard feature is:
- Ability to preview an exported dashboard.Preview is not available with Microsoft Internet Explorer 11.
Action Plan Features
Key new action plan features are:
- Deleted action plans can be restored by theSymantec ICAadministrator.
- Notifications are sent to the users in the Created By, Queue, and Assigned To fields when an action plan is deleted.
- Ability to include attachments with action plans.
Event Response Features
Key new features of event responses are:
- Ability to search for DIM incidents assigned to "Me." Setting this filter shows the DIM incidents for the logged-in user. The search can be saved, and used with an aging view widget on a dashboard.
- Source, Destination, and Action Taken columns added to event details pages.
- Masked PII fields appear in exported Microsoft Excel spreadsheets.
- Ability to use rich-text format in Comments, such as carriage returns. Previously, only plain text was allowed, which caused readability issues.
Assets and Identities Features
Key new features of
Symantec ICAassets and identities are:
- More details, such as Environment and Tier, are shown on the Application Details pages.
- Region and country information added to User and Person pages.
Key new features of
Symantec ICAadministration are:
- Ability to delete data integrations, import rules, and data sources in the integration wizard.
- The following user and role privileges have been added toSymantec ICA:
- Privilege to designate aSymantec ICAuser as aSymantec ICAadministrator.
- Privileges for viewing entity collections and risk models added to Events Scoping.
- Privileges for who can view and export dashboards and pages.
- Ability to set the number of days to retain event scenario instances in the General Event Scenarios section. The default is 90 days.
- Ability to set requirements for action plan fields, such as Comment and Status. Requirements are Before Saving, Before Closing, and Never. These settings do not affect draft action plans.
- Ability to restore deleted actions plans.
- Setting to keep data in motion incidents in action plans after the incidents are removed from the source system. Previously, the data at rest incidents were marked as archived.
- Ability to disable import from a Microsoft Directory server. The Servers table has an IsEnabled column. The importer does not pull from servers that have setIsEnabled=0. Refer to the Microsoft Active Directory import utility readme file for additional information.
- Updated the Symantec DLP watermarking process to bypass any dynamic SQL calls that useIncidentIDorIncidentDateas a watermark when the following conditions are true:
- When the linked server hasIsPolicyEnabled="false"in the DetailXml column of the LinkedServers table.
- There are no enabled policies for the linked server.
- Ability to convert date and time values when creating a mapping from a source data field to destination data field using the integration wizard. The new formulas are as follows:
- Convert epoch time (in s) to server TZ offset date
- Convert epoch time (in s) to server TZ offset time
- Convert epoch time (in s) to server TZ offset datetime
- Ability to integrate Elasticsearch data using the integration wizard.
- The following import utilities were updated. If your environment uses them, then you should upgrade your environment with the latest import utilities.
- Microsoft Active Directory
- Symantec CloudSOC
- Symantec WSS
- Oracle Database Client 19chas been tested and verified to work withSymantec ICAusing Oracle Database 12cserver.
Symantec ICA Fixed Issues
Symantec ICAFixed Issues
The following fixes were made in
OpenQuery string length limitation affecting event scenario set view
Data source Job Start time shifts on query save when there is a timezone mismatch between console user and ICA server
Update spUpdateStg_AD to use NULL for Stg_AD_Computer.DistinguishedName
Users are unable to access a public saved search
fnLDW_GetDIMIncidentStatusMappings sets incident mitigation value to 0 when incident status IsEventMitigated value is NULL
Event Scenario: Users e-mailing themselves fails to export
Risk Fabric Health dashboard: Health Summary tab returns errors
The following fixes were made in
Viewing multiple DIM Incidents and payloads, get blank page
Scheduled email export of PDF comes out truncated
Web Activity: Date Issues (Server Time vs Local Time)
Risk Models: Cannot Save Changes to Risk Model Column Display
Analyzer: Drill through set doesn't allow you to drill through to Dim Incidents
Scheduled Emails: Reports are blank
RF Health Dashboard>RF-SQLJob Status Detail Dashboard Not Displaying Data
Data Integration: Dim Incidents does not associate Files
Comments Made in Action Plans are Not Visible on Refresh or When viewing on a separate client
When there are multiple destination domains only the first is masked in 6.5.3 environment
spUpdateStg_SymantecDAR is not populating DAR Stg_SymantecDAR_Incident
The data in analyzer is showing less data than when we look at it in the Database
spNormality_UpdateNormalityScores is deadlocking
Incident ID Search Does Not Return Results Initially
Subject field missing from DIM Event Search Export
Intermittent SQL blocking involving the LDW_Users table
DIM Incident 'Changed By' field does not update when an incident's status is updated with changes from DLP
Lost export functionality after upgrade to 653
Agent Coverage dashboard (out of the box) is not displaying similar information to what DLP is showing
Mapping Symantec DLP Agent Response names to DIM Incident Action Name
DIM incidents with matching source IDs from different linked servers
Leave MeasureValue null for entity collection that do not have an Event Count measure
MeasureValue for Risk Model entity collection not defined on an incident count does not update during processing
Privileges assigned to new portal user do not reflect inherited privileges of portal role via portal group association
Drillthrough incident from Analyzer is very slow for Entity Collections
The mitigation filter for the Risk Model Instances view does not filter Mitigated instances when set to 'No'
Cube Processing Bottleneck
Troubleshooting index data type mismatch errors