SIEM Flash End of Life and Enterprise Security Manager Administrator Thin-Client FAQs
Last Modified: 2022-08-22 08:48:21 Etc/GMT
Languages:
This article is available in the following languages:
Trellix CEO, Bryan Palma, explains the critical need for security that’s always learning.
As per Gartner, "XDR is an emerging technology that can offer improved threat prevention, detection and response."
Trellix announced the establishment of the Trellix Advanced Research Center to advance global threat intelligence.
Trellix Advanced Research Center analyzes threat data on ransomware, nation-states, sectors, vectors, LotL, MITRE ATT&CK techniques, and emails.
As of May 14, 2024, Knowledge Base (KB) articles will only be published and updated in our new Trellix Thrive Knowledge space.
Log in to the Thrive Portal using your OKTA credentials and start searching the new space. Legacy KB IDs are indexed and you will be able to find them easily just by typing the legacy KB ID.
SIEM Flash End of Life and Enterprise Security Manager Administrator Thin-Client FAQs
Technical Articles ID:
KB93413
Last Modified: 2022-08-22 08:48:21 Etc/GMT Environment
SIEM Enterprise Security Manager (ESM) 11.x
Summary
This article covers common questions about the ESM Administrator thin client on the SIEM ESM, and how to migrate from Flash to this new tool. For Flash End of Life (EOL) details, see KB93257 - SIEM Flash Mitigation (you are unable to access the SIEM ESM UI). What are the minimum versions of SIEM that support the ESM Administrator thin client? SIEM 10.4, 11.3.0, and 11.3.2 support the hotfixes that contain this fix. Can I log on to multiple SIEMs using the same client? Yes. Can I use the ESM Administrator thin client with multiple versions of SIEM? Yes. Does the ESM Administrator thin client require any special permissions during installation? You must run the executable as administrator, and it requires 64-bit Windows. I installed the latest hotfix that contains the new ESM Administrator thin client. But, I don’t see how to download it in the GUI. After the hotfix is applied, you must disable the Flash function in your browser to receive a prompt to download. Can I use the same installer on multiple systems? You can download the executable one time, and then copy it to other systems to install. Is there a client for Linux? You can now download a client for Linux from the Downloads site using a relevant grant number. Can I access non-flash components of the SIEM using the ESM Administrator thin client? Yes. The entire GUI for the SIEM is accessible in the thin client. How does the ESM Administrator thin client get around the Flash EOL? The thin client is built using Chromium. Is the ESM Administrator thin client susceptible to the same Flash vulnerabilities? No. The Flash vulnerabilities that led to the EOL decision require exploits to be present in a website that uses Flash. SIEM doesn't contain any Flash vulnerabilities and the ESM Administrator is based on a patched version of Chromium. Where does this app install to? The app installs to Will the ESM Administrator thin-client work with a proxy? Yes. The thin client uses Windows internet Options. How do I connect to an SIEM configured to use a custom port? After you start the thin client, type For example: 192.168.100:8443 Why do I see the error "This ESM is not valid when trying to connect to the SIEM"? Make sure that the IP address is accurate. Also, add the port to the end of the address if you're using a custom port. Make sure that you can connect to the SIEM through a regular browser. I'm using other Trellix security products such as Endpoint Security or Application control (Solidcore). Is there any special configuration that I need to be aware of? Trellix Endpoint products validate programs in several ways, including the use of certificates. The ESM Administrator (thin client) is a Trellix-signed application and is allowed using recommended policies for those products. Can I get this thin client in the form of MSI installer? No. The thin client is available only as an To submit a new product idea, go to the Enterprise Customer Product Ideas page.
Click Sign In and enter your ServicePortal User ID and password. If you do not yet have a ServicePortal or Community account, click Register to register for a new account on either website. For more information about product ideas, see KB60021 - How to submit a Product Idea. Languages:This article is available in the following languages: |
|