Juniper STRM 2008.2 - RELEASE NOTES, STRM 2008.2 Release Note

STRM Overview 1

STRM RELEASE NOTES

RELEASE 2008.2

JUNE 2008

Juniper Networks is pleased to introduce STRM 2008.2. This release provides you
with several resolved issues and enhanced functionality.

This document includes:

• STRM Overview

• New and Updated Functionality

• Related Documentation

• Contacting Customer Support

• Supported Devices and OS Versions

• Supported Java and Browser Software

• Resolved Issues

• Known Issues and Limitations

Note: If your current deployment includes ISS SiteProtector, contact Juniper
Networks Customer Support before you install STRM.

STRM Overview Juniper Networks STRM is a network security management platform that provides

situational awareness and compliance support to organizations that need to
tighten security and improve policy monitoring with a modest investment in time
and resources. STRM goes beyond traditional security information/event
management (SIEM) products and network behavior analysis (NBA) products to
create a command-and-control center that delivers:

• Threat Management: STRM detects threats that would otherwise be

missed by product or operational silos.

• Log Management: STRM responds to the right threats at the right time

through effective analysis of log files.

• Compliance: STRM implements a compliance and reporting safety net with

New and Updated
Functionality

comprehensive event storage and reporting.

STRM 2008.2 provides you with the following new and updated functionality:

• Activation and License Key Enhancement - STRM 2008.2 includes several

enhancements to activation and license keys including:

- Activation Keys - During installation of STRM, you must now enter an
activation key to complete the installation. This activation key is available on

530-025618-01

2 STRM Release Notes

the license CD. See the instructions that came with the license CD to install
the activation key.

- License Keys - The License key functionality is now enhanced in the STRM
interface to include individual license keys for each system in your
deployment.

• New Device Extensions Functionality - You can now modify how a DSM

parses logs. For example, you can use a device extension to detect an event
that has missing or incorrect fields. A device extension can also parse an event
when the DSM to which it is attached fails to produce a result.

• Universal DSM Enhancement - With STRM 2008.2, the Universal DSM

includes the following enhancements:

- Device Extensions - Allows you to use the new device extensions
functionality to enhance the DSM parsing of your logs.

- Multiple Universal DSMs - Allows you to support multiple Universal DSMs.

- Integration with Asset Profiles - Using STRM 2008.2, the Universal DSM
is associated with an asset profile allowing you to track user identity data
and associate that information to an asset profile.

• User Roles Enhancement - Administrative users can now be assigned

additional controls including:

Related
Documentation

- View Administrator - Allows Administrative users to modify STRM Views.

- Administrator Management - Allows Administrative users to create and
edit other administrative accounts.

- System Administrator - Allows Administrative users to access all areas of
STRM except Views. Also, users with this access are not able to edit other
administrator accounts.

• User Account Enhancement - You can now disable a user account without

deleting the account. A user with a disabled account is no longer able to access
the STRM interface.

For more information on Release 2008.2, refer to the on-line documentation:

• Hardware Installation Guide

• STRM Software Installation Guide

• STRM Administration Guide

• STRM Users Guide

• Getting Started with STRM Appliances

• Event Category Correlation Reference Guide

• Category Offense Investig at io n Guid e

• STRM Application Configuration Guide

• Configuring DSMs Guide

530-025618-01

• Adaptive Log Exporter Users Guide

• Managing Sensor Devices Guide

• Managing Vulnerability Assessment

• AQL Flow and Event Query CLI Guide

• SNMP Agent

• Upgrading to STRM 2008.2

Related Documentation 3

530-025618-01

4 STRM Release Notes

Contacting
Customer Support

Supported Devices
and OS Versions

To help you resolve any issues that you may encounter when installing or
maintaining STRM, you can contact Customer Support as follows:

• Open a support case using the Case Management link at

http://www.juniper.net/support

• Call 1-888-314-JTAC (from the United States, Canada, or Mexico)

or1-408-745-9500 (from elsewhere)

STRM 2008.2 supports platforms from multiple vendors. Table 1-1 lists Juniper
Networks device families and operating systems that support NSM. The table
shows whether a device requires STRM to forward logs through NSM.

Table 1-1 Supported Juniper Networks Devices and OS Versions

Logs Sent

Logs Sent Directly to

Device Family OS

ISG with IDP 6.0, 6.1.0r1b No Yes
Firewall/VPN 6.0, 6.1.0r1 Yes Yes
Standalone IDP 4.1 Yes Yes
J-series 8.5, 9.0, 9.1 Yes No
Secure Access (SA) 6.1 Yes No
Infranet Controller

(IC)

2.1 Yes No

STRM from Device

Through NSM to
STRM

Note: For STRM to correctly process logs from SA and IC, the logs should be sent
from the devices in WELF format. To enable WELF format on the device: Under
System > Logs > Events > Settings, select the WELF filter for the syslog (STRM)
server entry in this table.

Supported Java

STRM supports the following versions of Java and browsers:

and Browser
Software

• Java version 1.5 and later

• Internet Explorer version 7

• Firefox version 2.0

Resolved Issues This section describes the resolved issues in STRM 2008.2:

Changing Network Settings No Longer Causes System Failure

Previously, if you changed your network settings (for more information, see the
Changing Network Settings Technical Note), a failure occurred when you
attempted to access the system. This no longer occurs.

530-025618-01

Resolved Issues 5

During Installation Process, Error No Longer Occurs When Root Password is
Not Changed

During the installation process, a message appears indicating that you are able to
use the default root password. However, if you attempted to use the default
password, a message appeared indicating that you must enter a new password.
This no longer occurs.

Hostname that Includes Underscores and Special Characters No Longer
Causes Error

Previously, if the hostname of your STRM system included underscores and/or
special characters (except dashes), the Host Context component failed to start.
Once this occurred, STRM failed to collect data. This no longer occurs.

Now Able to Deploy License Key Once Current Key Expires

Previously , if your license key expired and you uploaded a new license key , STRM
did not provide the option to deploy the new license key.

Changing the Authentication to STRM Authentication No Longer Requires
Edits to Passwords

Previously, if you changed your authentication from TACACS, RADIUS, or LDAP/
Active Directory to STRM Authentication, you were required configure access for
users on the system before they are able to login to STRM. No message appeared
in STRM stating this requirements. In STRM 2008.2, you must define passwords
for all users that do not have a password defined.

Updating License Key When Using Internet Explorer 6 No Longer Causes
Error

Previously, when you updated your license key using an Internet Explorer 6
browser, a window appeared stating “The page cannot be displayed” when you
click Save. This no longer occurs.

New Administrative User Now Able to Access Deployment Editor

An STRM administrative (admin) user can create multiple admin accounts for a
STRM system. A administrative user should have unrestricted access to all
components of your deployment. Previously, when a new administrative user
attempted to access the deployment editor, an error message appeared and
access was denied.

Deleting a False Positive Building Block Value No Longer Causes Error

Previously , if you attempted to edit the User-BB-FalsePositive: User De fined False
Positive Tunings Building Block to edit any of the configured values within the
Building Block, the following error message appeared

Invalid category id.

This no longer occurs.

530-025618-01