Hotfix 52734: Alert suppression is not working correctly for some rules. (NETIQKB52734)

  • Document ID:7752734
  • Creation Date:02-Feb-2007
  • Modified Date:28-Apr-2008
    • Micro Focus Products:
      Security Manager

Resolution

fact
Security Manager 5.5

symptom
Hotfix 52734: Alert suppression is not working correctly for some rules.

symptom
Security Manager rules configured with alert suppression are generating multiple alerts.

cause
Two Security Manager modules contain invalid alert suppression configuration.

fix

Hotfix 52734 corrects a duplicate alert suppression issue. Certain rules, such as Agent Heartbeat Failed and Security Detect and Correct Windows Red Button Vulnerability, generate multiple identical alerts even though alert suppression is enabled.

To resolve this alert suppression issue, install the following updated modules:

  • Intrusion Manager for Windows, version 5.50.0.160 or higher
  • Security Manager Self-monitoring, version 5.50.0.160 or higher

This hotfix requires Security Manager version 5.5.

This hotfix modifies your installation in the following ways:

  • Updates the rules in the database server for the two updated modules.
  • After the central computer discovers new processing rules and the agent heartbeat occurs, the central computer sends the new processing rules to the agent computer.

Notes

  • Although this hotfix does not modify the content of the data provider, Security Manager still requires managed agents to be upgraded. After Security Manager places managed agents in the Pending Agents Installation list, approve the upgrade of these agents. For more information about upgrading managed Windows agents, see the User Guide for Security Manager.
  • If you manually install this Security Manager Self-monitoring module to unmanaged agents, you can safely ignore the message to upgrade the providers on the agent.

You can download and install updated modules that NetIQ Corporation publishes with the Module Installer. When you install an update to an existing module, the Module Installer merges the new module data with any existing customizations you may have made to rules or to the knowledge base. If you want to overwrite some or all of your customizations with the new module data, see the Programming Guide for Security Manager.

For more information about updating modules, please see the following KB: NETIQKB52718 - "How do I check for updates to modules?"



Additional Information

Formerly known as NETIQKB52734