Page History

ACD Migration Tool

• ACD v3.0 comes with a new easy to use migration tool that works with all newer ES versions (v 6.8.4 and up) via the new ES API
• Massive speed increase for data migration
  • Based on the new API, the migration process will work about 3x faster
• The issue with the migration of more than 500,000 objects has been fixed
• The new migration tool allows the migration of all data as well as the ES index settings and mappings

ACD in general  -  New Features

• TLS 1.2 & 1.3 support for all ACD components
• Support for OpenJDK 12.x
• Added support for latest versions of Linux and SELinux (Security-Enhanced Linux) Red Hat, SLES, Ubuntu, CentOS
• All ACD components configuration files have been switched to user-friendly JSON format (used for configuring/defining audit reports - has not yet UI)
• Encrypted passwords used in all configuration files
• Easy SSL/TLS certificates installation and management
• Added functionality to use Authenticated user LDAP attributes values as a filter for Report and Dashboards
• Backup scripts added, allows you to make a backup of your old ES data to files, and restore them if it will be needed
  • Elastic-Migration or Backup: ES to ES, ES to File (JSON), File to ES
• Option to easily change indexes settings (with UI)
  • g. fix when indexes are blocked after not enough disk space issue *
• Migration Helper
  • Migrate your configuration and data from the old to the new version of ACD
• Install Wizard will guide you through the installation process and check all needed dependencies

ACD in general  -  Bug Fixes

• Several vulnerability bug-fixes and security improvements
• fixed an existing bug in the Default Workflow report - Filters show only 10 records

AuditServer  -  New Features

• New ACD User Interface
• Added option to change the order of the dashboards
  • Different sort modes (alphabetically or by usage)
• Added option to restart the AuditServer from the User Interface
• Dashboard frame now resized dynamically to prevent multiple scrollbars
• Front End User Interface gives much more feedback in case of back-end errors
• Within the workflow reports, you can now use a date & time picker to filter the data.
• Generally improved and more user-friendly User Interface

AuditServer  -  Bug Fixes

...

• This is necessary for large reports

...

• g. a report for 1 year => 365 parameters in URL.
  Hence, HTTP-request would crash, using more than 365 parameters
• New Limit = Length of the URL string definition
  This parameter can be adjusted using the new User Interface (Admin settings)

...

AuditDriver  -  New Features

• Driver prevents passwords to be shown in iManager and traces
• In the Publisher channel now we do not start the event processing by IDV to catch the status.
  We catch the status in the OTP now.
• AJC ECMAScript was removed from all packages
• Base package - GCV-style Driver Parameters.
  Now we use named passwords to stop all passwords instead of clear-text
• Base and Monitor packages are split into several smaller packages.
  Hence, the administrator can choose what exactly he needs/wants to add to the ACD Driver or into the 3-party driver to monitor it.
• Monitor package - all connection parameters were moved into the driver set package.
  Hence, it suffices to configure the ACD server address, credentials, and SSL certificates just once for the whole driver set.
• Audit and event timestamps now have milliseconds and the administrator can choose the time format which will be sent to Elastic Search.
• The fields "new value" and "old value" are limited to 32760 symbols to avoid ES errors
• 2 fields were added: "Channel" (Publisher or Subscriber) and "Place of auditing" (OTP, ITP, CTP, and more)
• Additionally 2 points of auditing for each channel
• New: 2 ways of monitoring 3-party drivers:
  • send audit message directly to Elastic Search
  • send audit events into the main ACD Drivers's queue
• Better handling for Elastic Search errors by the ACD Driver appshim.
  Extended and useful error messages by the appshim to the driver

AuditProxy  -  New Features

• The AuditProxy has been completely redone and its functionality massively enhanced
  • It is now working as the security guard for all ACD functions
• The AuditProxy in ACD v3.0 now supports multiple LDAP servers at the same time
• Any LDAP attributes can be used for a signing in
• It supports the use of signed-in LDAP user attributes as filters and for transformations of the proxied data
  • Any data can be processed based on signed-in LDAP users attributes
• Usage of new and flexible rules to control permissions
• It supports the possible usage of security templates
  • security roles or security templates
• Unlimited amount of proxies supported
  • unlimited amount of proxy server services
  • clustering is possible
• Possible action calls or alarms on Audit Events
  • The AuditProxy can (is) controlling all HTTP traffic
• It allows data filtering and transformation on the fly
• It now features extended debugging options to control and troubleshoot applications
• It supports a proxy-service health check
  • Health status available
• Only 1 SSL/TLS PKC12 Keystore (instead of PEMs) certificate is now used for all ACD components
  • Hence, configuration and installation is now much easier
• Only 1 external network port used for all ACD components (instead of five in the previous ACD version)
• Access control for all ACD components in one place, all inside AuditProxy

AuditProxy  -  Bug Fixes

• fix the issue if login/password containing special symbols or umlauts

AuditReport  -  New Features

...

Debug options added to better control snapshot process

• No possible errors are shown hence, much easier to debug

...

AuditExport  -  New Features

• Various security fixes
• ACD now supports new ES APIs, up to v 6.8.4
  

Object History Browser  -  New Features

...

An option has been added to compare and show only attributes that are different

...

The problem with Object Browser showing incorrect results if objects DNs contains delimiter symbols

• The parser has been updated in order to solve this issue (ES)

A print option has been added (e.g. to print comparison)

Kibana and Elasticsearch Integration  -  New Features

• Elasticsearch (ES) and Kibana have been updated to the current version (v 6.8.4)
• No plain-text credentials anymore for Kibana plugin
• Extending mapping rules for ES data
• Some dashboards optimizations and improvements
  

Audit Proxy:

• Fixed bugs:

• Fixed issue if HTTP document has incorrect content-type or does not exist.
  Audit-Server did sometimes supply not correct content-type.

• Fixed the issue if an empty JSON body received
  Request will not be processed.

• Increased HTTP header limits for huge data sets
  Some customers wanted ALL data for 2 years.
  
  

• New features:

• Demo scripts added
  Example Script in order to show how scripting is working

• Mail on event function

• Run shell script on event

• Call web-URL on event
  
  

...

Audit Export:

• New Features
  • Support unlimited amount of records for Exporting to CSV, XLSX, PDF
  • Less CPU usage
  • Less RAM usage 
  • Exporting works much faster now approximately by a factor 10
• Complete change in ACD's export logic in order to process a big amount of data in parallel from Elasticsearch
  
  

...

Audit Server:

• Fixed bug
• Some User Interface fixes
• Adapted default Resource & Role Assignment reports
  
  
• New Features
  • Select by year
  • Select by quarter
  • Select by months
• Added Aliases logic for existing indices and for newly created.
• It is now possible to process and select all data
  
  

...

Audit Installer:

• Improved installation and upgrade process
  (based on customer feedback)
  
  
• A summary has been added
• After the installation additional information about Elasticsearch is displayed
  (this is useful and important for the Driver installation)