Security Manager 5.5
Hotfix 52734: Alert suppression is not working correctly for some rules.
Security Manager rules configured with alert suppression are generating multiple alerts.
Two Security Manager modules contain invalid alert suppression configuration.
Hotfix 52734 corrects a duplicate alert suppression issue. Certain rules, such as Agent Heartbeat Failed and Security Detect and Correct Windows Red Button Vulnerability, generate multiple identical alerts even though alert suppression is enabled.
To resolve this alert suppression issue, install the following updated modules:
- Intrusion Manager for Windows, version 126.96.36.199 or higher
- Security Manager Self-monitoring, version 188.8.131.52 or higher
This hotfix requires Security Manager version 5.5.
This hotfix modifies your installation in the following ways:
- Updates the rules in the database server for the two updated modules.
- After the central computer discovers new processing rules and the agent heartbeat occurs, the central computer sends the new processing rules to the agent computer.
- Although this hotfix does not modify the content of the data provider, Security Manager still requires managed agents to be upgraded. After Security Manager places managed agents in the Pending Agents Installation list, approve the upgrade of these agents. For more information about upgrading managed Windows agents, see the User Guide for Security Manager.
- If you manually install this Security Manager Self-monitoring module to unmanaged agents, you can safely ignore the message to upgrade the providers on the agent.
You can download and install updated modules that NetIQ Corporation publishes with the Module Installer. When you install an update to an existing module, the Module Installer merges the new module data with any existing customizations you may have made to rules or to the knowledge base. If you want to overwrite some or all of your customizations with the new module data, see the Programming Guide for Security Manager.
For more information about updating modules, please see the following KB: NETIQKB52718 - "How do I check for updates to modules?"