iSecurity Audit Release News
Version 15.04 (May 2024)
New Features
- SIEM 6V entry type with entries for Antivirus and Anti-Ransomware.
- New report: $R IFS objects.
Improvements
- Enhanced PDF print definitions to adjust width of reports automatically or for fixed font sizes.
- Adjusted From Date keywords to go back by a period before the To Date.
- The DSPISA command, which shows installed licenses and product versions, now can show what module option is licensed. Pressing F11 leads to the installed PTFs.
Fixes
- AU#MNT had looped when the first receiver was on the same LPAR.
Version 15.02 (January 2024)
New Features
- The SIEM interface parser now uses -QUOTE or -DBLQUOTE to pack values in quotes. The special characters = * ( and ) that SPLUNK had misinterpreted are now changed to underscores “_”.
Fixes
- The DSPISA command now returns the correct machine data, even if no license code has been added.
Version 14.29 (September 2023)
New Features
- In the Display/Check Authorization Status menu (STRAUD > 89 > 22), a sub-menu with new options, including product status from the local system and (if you have a Multi-System license) across systems.
- Cumulative PTFs from earlier versions.
Version 14.28 (April 2023)
New Features
- A watchdog for jobs in subsystem ZAUDIT.
- Previously, due to restrictions in subfiles, we had to skip log records when scrolling down and then up again. We added the function to jump to the beginning using F17.
- The watchdog send alert to Admin Email in 89>59.
- Option to decide to which OUTQ to run the watchdog.
Improvements
- In the screen of user management, we changed “Select-User enabled” to “Select-User disabled”
- In the Native Object Compliance module, the parameter “Maximum generic* length” can now have values from 0 to 10. If set to “0” no asterisks (*) appear.
- Multi system query number of systems were enhanced from 30 to 100
- When sending EMail by option IBM, the address is now between quotation marks (“).
Fixes
- Scheduled firewall reports had failed with (MSGW) CPD0013 A matching parenthesis was not found.
- Group Reports with ZIP file across systems had only gotten the *CURRENT system results.
Version 14.27 (February 2023)
New Features
- Borders on PDF documents to make them easier to read and print.
Improvements
- To avoid problems with jobq QBATCH, RLSNDM now is SBMJOB to QUSRNOMAX.
Fixes
- CHKISA now removes CSV files that had been left in /TEMP.
Version 14.26 (November 2022)
New Features
- You can now place your own logo on reports. In the product, as shipped, the file /iSecurity/LOGO/LOGO.JPG contains the Raz-Lee logo. Rename this file to LOGO-RAZLEE.JPG. Place your own logo in the LOGO.JPG file. It must be no more than 110 pixels wide by 60 pixels tall, at 120 DPI.
- Assessment can now be run by STRAUD, Option 89, 53 at any time without the need for a license code.
Improvements
- SIEM enhancement for JR now send more fields.
Fixes
- Problem in DSPFWLOG F11 – F8 that resulted in an error due to missing library SMZ4
- We removed a message saying that a library SMZE/T was not found in the license screen.
Version 14.25 (October 2022)
New Features
- LOGOs were added to customize PDF user reports.
Fixes
- Items in MFA that failed to send E Mail.
Version 14.24 (June 2022)
Improvements
- We customized the name of the zip file attached to the email when scheduling Audit Reports.
- The mail client in situations where we need Java 8 to send emails (because of new TLS versions supported in SMTP servers) but the customer uses Java 7 by default.
Fixes
- Queries run now correctly in Password Reset PWDRST – 6Y 6X AOD – 6I 6Y
Version 14.22 (December 2021)
New Features
- In (STRAUD > 89 > 59). the first day of work week: 1=Monday, 2=Sunday, 3=Saturday. For backward compatibility, blank is considered Sunday.
Fixes
- Problem in RUNAUQRY, in saving CSV to IFS Folder when F9=Email
- Audit $R report in German Language
- License screen was not clear for some customers.
- QGPL was being replicated and caused conflict when AV process created RLDUMPF file in QGPL The setting will now be taken from 89>59>1.
- The iSecurity Email client now works under smtp.office365.com servers that require TLSv1.2
- Password protection for the Queries ZIP file. The password is now masked. The ZIP file now has password protection.
Version 14.21 (July 2021)
Improvements
- Improved Performance of Internal Queries in AOD
- Reports now always contain “END OF DETAIL REPORT” and the total number of lines.
- Maintenance jobs now use the CHKISA program (i.e. AU#MNT, GS#MNT, OD#MNT) that shows the number of days before products expire.
Fixes
- Description text for Entry CP/A, which had shown type AF in the newest Audit version
Version 14.18 (March 2021)
Improvements
- Report Generator now supports multiple system name and groups:
- The product, which previously supported a single system name or single group of system names, now can also support up to 30 system names or groups of system names, to provide more convenient multi system support.
Version 14.17 (January 2021)
New Features
- Easier copying of selection items: In Audit Real Time Rules as well as in Query selection rules, when pressing F6=Insert, the current selection – field, test and values – is displayed, enabling the copying of a set of conditions with their values.
- Enhanced information source #S (List of Server Share Information): Information source #S has been enhanced to provide all occurrences of users and their shares.
- Repairing damaged Data Queues: Data Queues are used throughout iSecurity. They tend to get damaged more frequently than other object types. A new command, Re-create Damaged Data Queues (RECRTDTAQ), has been added to check for damaged Data Queues in all iSecurity products and to re-create them if needed.
- The command SMZ4/RECRTDTAQ LIB(*ALL) SCOPE(*DAMAGED) is run daily over all iSecurity Data Queues during the Audit Maintenance Scheduled job.
This command has now been added to the Base Support menu (SCRAUD > 89).
- iSecurity/System Control (packaged with iSecurity/Audit)
- System control enhanced to check Output Queues (*OUTQ) and Job Queues (*JOBQ):
System control can now react to situations found in Output Queues (*OUTQ) and Job Queues (*JOBQ). In addition to enabling alerting by email, messages, SIEM, and other methods, Action can provide a proactive response via a CL script (similar to a CL program, without a need to compile). Each command parameter can be a field from the event.
To use this feature, select Status of Job, Sys, JobQ, OutQ, and press F19 for more information. You can provide unlimited controls for each queue or for the total of all queues. You can also set Action so that it doesn’t react to situations that are static.
Job description SMZ4DTA/AUACTQUEOP has been added to installation. - System control jobs keep running only when relevant rules exist: When all components of System Control start, they check whether relevant rules exist. If there are no relevant rules, the component ends. System Configuration (STRAUD > 81) enables setting the cycle time for this option.
- iSecurity/*BASE (packaged with iSecurity/Audit)
- Start Security (STRSEC) Command: The command has been improved to enable subsets of the displayed subjects and to provide information about products and components in several languages.
- Enhanced Email Text: You can use the special words *SUBJECT (to set the message subject) and *BODY (to set the message body). Each part can have replacement values from the event. Each replacement value can include *AUTO multiple times. These are replaced by automatic messages with replacement values for their type.
New replacement fields include:- &ACTION (Action ID)
- &SEQID (Sequence ID)
- &REASON (User text entered for this case).
Improvements
- Use F9 (Add ACTION details) to add these on a green screen.
*AUTO text for C@ has also been improved, reflecting the changes that were done to user profiles by the Change User Profile command. - Enhanced Run Query Commands: The Run AU Query (RUNAUQRY) command, and the Run FW Query (RUNFWQRY) command have been enhanced. In all places where a Query name or System name can be entered in a command, pressing F4=Names on these fields lists all the currently defined items. To denote this support, the text F4=Names is displayed in the prompt text of the command parameter.
- Report Generator now includes a log of Queries Run: A log of all runs of queries is now available in Queries and Reports as option 15 – Display Query Runs. The log keeps information about the command parameters used for the run, the number of records that were in the query result set, and the output objects that were created and are still on the system.
- Sending email from Query Results: Once you have generated the results that you need from a query or in report output, you can email the results or report directly from that output, rather than needing to run the report again to specify email as the destination.
- Global Installation Defaults: Option STRAUD > 89 > 59 now enables attaching empty reports. This may help auditors to ensure that, even when a report is empty, the selection rules of the report did not change.