Event Manager

NOTE: Event Manager was formerly called Powertech Event Manager.

May 2020

Version 6.4.0.30000

May 11, 2020

New Features
  • Event Manager now provides event notification on a wide range of popular business applications. You can now create a ticket in servicenow or JIRA, an alert on Opsgenie or send a message to Microsoft Teams, Slack, and Telegram.
  • Powertech Antivirus for IBM i events integration is now available using Powertech SIEM Agent for IBM i (only from version 4.0+).
  • This version of Event Manager allows the provision of your own names to the custom variables used in the product in order to map your real business concepts on the views and reports.
  • Event Manager now provides the ability to be notified that an event has occurred on which a user must act. Security Analysts are then able to react rapidly whenever a security alert is triggered, to remove the potential threat as soon as possible.
  • To comply with the California Consumer Privacy Act 2018, Event Manager provides 'out-of-the-box' views and reports to help you defend against data breaches, and ensure your customers' personal information remains secure.
Enhancements
  • If a link is configured on the control treatment instructions, it is also now available from the event details screen.
  • Assets with a delayed event collection issue are now detected from within Event Manager.
  • Changing a Security Control name in Event Manager that is not immediately applied, now generates a message which is sent to Events Control Services logs (typically in installation folder \Inspector\bin\logs) with the detailed error.
  • Event Manager notifications now includes Action, SubAction, Object and Application fields as variables.
  • Installation process improvements have been made to improve reliability and resilience.
  • New validation routines have been added during the upgrade process to ensure that the product security administrator is correctly configured.
  • The monitoring configuration database is now optimized, by rebuilding or reorganizing indexes and updating statistics, each day in a nightly batch process.
  • Performance has been improved when collecting "Powertech Database Monitor for IBM i" events as it is now possible to use numeric date and time table columns without special castings on the "Incremental field".
  • Calendars are no longer refreshed if no modifications have been made.
  • SPARE1 and SPARE2 are now retrieved on the Oracle Standard datasource and are mapped to Additional Info 1 and 2 fields.
  • New attributes of Environment, Customer, Facility Name and Facility Type have been added to assets to make categorization easier.
  • Email notifications now use HTML format to make them easier to understand on the initial reading.
Other Fixes
  • Self monitoring assets no longer have false critical errors if the "Select SmartConsole" option is chosen to monitor an 'Application or Connectivity Group' for a self monitoring application.
  • VMWare (vCenter) security events are now stored in local monitoring node time instead of UTC.
  • The timeout for Dynatrace API webservice checks has been modified to 30 seconds instead of 10 seconds.
  • Variables mapping in custom datasources no longer displays false positives in the validation.
  • Filters in Subactions using fields 'Operator Category', 'User Category' or 'Object Category' now work as expected.
  • Event Manager now stores security events created on February 29th with the correct date.
  • Event Manager now has the ability to retrieve Windows event log events from systems having EventRecordNumbers greater than 4,294,967,296.
  • Column values in Forensic Analysis and Event Manager are now displayed correctly when lots of different values exist.
  • Performance metrics database queries have been improved with the addition of a new index.
  • If SmartConsole stops due to an unexpected error, the recovery procedure is now a lot faster than previously, thus reducing the outage time.
  • A fix has been applied to prevent high memory usage on the Events Control Service when a lot of different values exist on the ColumnCacheCapacity.
  • The product can now recover when PMDB encounters "The transaction log for database ... is full due to" and "The server failed to resume the transaction" monitoring errors.
  • Using VAR01 to VAR99 in Security Control filters for Event Manager no longer causes the Events Control Service to crash.
  • The non-existing user in Active Directory error generated when creating a user has been fixed in this release.
  • The daily self-cleaning of metrics data now includes the "Shrinking Transaction Log" step for SQL server database.
  • The Memory usage of the Events Manager T4MonManagerService.exe process has been reduced in this release.
  • The PMDB service accessed from Event Manager and/or Vityl IT and Business Monitoring now recovers from a Microsoft ODBC Driver 13 for SQL Server restart error.
  • Event Manager syslog agent now discards messages if memory increases due to a bottleneck in syslog message handling.
  • The Performance bottleneck that arose when saving Event Manager events to DB has been corrected in this release.
  • T4MonManagerService.exe process memory was too high when viewing the list of assets in Event Manager. This has been fixed in this release.
  • Event Manager DataSources for Windows that do not have proper credentials now report a Monitoring error.
  • A fix has been applied so that Activity calendars are now discovered by ThinkServer following an update.
  • Event Repetition selection rules for Event Manager Security Controls now take into account variables "Variable 01" to "Variable 99" for the "Use a custom set of fields to find repetitions" parameter.
  • Data is now displayed as expected when selecting a Database that is different from ShortTerm in Event Manager Forensic Analysis.
  • When more than one monitor queries the same table, Database Reader Monitors no longer return an error when updating the database cache.
  • In order to reduce the maintenance process time for events data, improvements to queries have been made.
  • Asset credentials, or some of its datasources, can now be used when manually setting credentials at monitor level.
  • Although improved reports generation performance is included in this release, user notification has been added to inform users that the generation of reports that cover a long time range could cause a decrease in performance.
  • Scheduled reports could fail with error "Invalid AccessServer session". This has been fixed in this release.
  • The Chronological Data Changes report display no longer shows an error when no data is returned.
  • The default domain is now correctly saved and displayed on the login screen.
  • Monitors were not working if an invalid datetime format was configured in Database Datasources. This has been fixed in this release.
  • When some User Account Names contained non-English characters, some monitors were reporting encoding errors. This has been fixed in this release.
  • Event Manager now receives events from Cisco Router switches as expected.
  • The problem in DataSource configuration where some fields were not saved has been fixed in this release.
  • The IBM i - User Profiles report now returns the correct information for deleted users.
  • Collection errors on User/Computer account inactivity have been corrected in this release.
  • The Internal error "database disk image is malformed" that could occur in both "ThinkServer" and "Events Control Service" has been fixed in this release.
  • Previous Value and Current value columns on Forensic Analysis now correctly display all changes on audit policy modification for Event ID 4719.
  • If SmartConsole has connections to both an IBM i and PC systems, events from Agent Code AUD are now received once SmartConsole is restarted.
  • When creating a Tenant, the default configuration was not created until the next restart of the Orchestrator service. This has been fixed in this release.
  • Following installation, Security Control events of a particular tenant could be created with events that were actually from other tenants. This has been fixed in this release.
  • Autodiscovery was failing if it was unable to retrieve the model of a specific device. This has been fixed in this release.
  • Event Manager events which should be excluded by SubAction filters are no longer audited in error.
  • .NET connections are now being forced to TLS 1.2 in order to avoid security issues.
  • Processing a large number of events in Vityl IT and Business Monitoring is now run in the correct order within SmartConsole Business View so that the correct asset health status is displayed.
  • User Directory Service (also called YellowPages) had a deadlock, which produced a memory steady rise and eventually the process could crash. This has been fixed in this release.
  • The Complete Message for an Event Pattern Rule in a Security Control is now correct by replacing the variables in the message template as expected.
  • The "Out of Memory" error in Windows service "SmartConsole Publisher" has been fixed in this release.
  • Using characters ' or " within Name or Alias in Vityl Assets, is now allowed.