String Alias support to be retired in SIEM 11.5.1
Last Modified: 2021-11-22 15:59:37 Etc/GMT
Affected Products
Languages:
This article is available in the following languages:
Trellix CEO, Bryan Palma, explains the critical need for security that’s always learning.
As per Gartner, "XDR is an emerging technology that can offer improved threat prevention, detection and response."
Trellix announced the establishment of the Trellix Advanced Research Center to advance global threat intelligence.
Trellix Advanced Research Center analyzes threat data on ransomware, nation-states, sectors, vectors, LotL, MITRE ATT&CK techniques, and emails.
As of May 14, 2024, Knowledge Base (KB) articles will only be published and updated in our new Trellix Thrive Knowledge space.
Log in to the Thrive Portal using your OKTA credentials and start searching the new space. Legacy KB IDs are indexed and you will be able to find them easily just by typing the legacy KB ID.
String Alias support to be retired in SIEM 11.5.1
Technical Articles ID:
KB94797
Last Modified: 2021-11-22 15:59:37 Etc/GMT Environment
SIEM Enterprise Security Manager (ESM) 11.5.x
Problem
Support is discontinued for string aliases as part of the upcoming improvements to random string management within the SIEM software. The upgrade pre-check tool begins to verify for the use of string aliases before the removal of support so that customers can be notified if they’re currently using string aliases.
System ChangeString Aliasing is a filter feature that allows users to specify an alias such as "domain controllers" and then a list of every string that must be matched against the filter "domain controllers."
It allows the users to import and export these lists, which makes it easy to manage large alias lists for user names, host names, and other filter variables.
Workaround
String Normalization Filters and String Aliases were a useful way of filtering dashboard views, but it’s possible to achieve similar function by using filter sets. The main disadvantage is the inability to import or export filter sets such as string aliases allowed:
Affected ProductsLanguages:This article is available in the following languages: |
|