This is the latest release of Trellix Network Security (NX) Solution.
General enhancement
ICAP available on the evidence collector:
You can now use ICAP on the evidence collector. The Web UI option for ICAP will not be available in this release.
ISTag hash value updated:
ISTag field is part of ICAP response header. In earlier releases, the ISTag field value was a string containing appliance ID and NX software version. Now, the ISTAG value is changed to MD5SUM hash.
The new ISTag hash generation syntax:
appliance_id:<appliance_ID>-release_version:<version>-sc_version:<version>-gi_version:<version>
New, modified and deprecated CLI commands:
New CLI to resets credentials of all the existing DTI services to factory setting:
fenet dti credentials reset factory-default
YARA rules supported versions:
YARA rules supported version 4.3.2.
Before you upgrade Network Security (NX) appliance to the 10.0.0 release, modify any custom YARA rules to YARA 4.3.2. For details about YARA 4.3.2, see YARA's Documentation, Release 4.3.2 by Victor Alvarez.
Enabling access to NX Intel Content:
Appliances now need access to the Amazon Web Services (AWS) cloud for ATI communication. The intel context service is hosted in multiple AWS regions and resolves to multiple IP addresses based on geographic location. To determine the IP addresses for your location, go to https://dnschecker.org. See the AWS IP address range documentation for information about adding the IP addresses to the allow list.
Disable SAML in a Helix environment:
SAML and HelixConnect are mutually exclusive. If the HelixConnect client is enabled on the Network Security (NX) appliance, you must disable SAML authentication and authorisation. Otherwise, the appliance will not come up after a system reboot.
Resolved issues
The following issues were resolved in the Trellix Network Security (NX) 10.0.1 release.
|
Tracking number |
Summary |
|
COM-30410 |
Fixes an issue by removing the password present in the API response for CMS appliances. |
|
COM-30687 |
The 10.0.1 appliance has upgraded Apache httpd to 2.4.56 to address a known vulnerability (CVE-2022-36760) for products including Malware Analysis, Central Management SystemEmail Security — Server, File Protect, Network Security, and Intelligent Virtual Execution - Server. |
|
COM-31382 |
Fixes an issue by adding mechanism to clean up outdated triage packages. |
|
COM-31477 |
Fixes an issue where the localsig auto-extend feature was disabled by default, resulting in the removal of localsig rules upon reaching the TTL value. |
|
COM-31481 |
Fixes an issue that, by default, upgraded all the Network Security appliance applications to the high-security factory default cipher-lists. |
|
COM-31650 |
Fixes an issue that prevented the "show alerts type all detail concise timeframe <>" CLI from displaying alert details. |
|
WEBMPS-26697 |
Fixes missing data issue in the dashboard report for file analysis statistics widget. |
|
WEBMPS-26810 |
The bandwidth graph is not appearing in the Monitored Traffic widget on the Web UI dashboard for NX1500 and vNX1500 appliances and the CLI show network stats interface pether is not generating the expected output. |
|
WEBMPS-26904 |
Fixes the issue where commbroker SSL module was not receiving any events. because of handshake failure and unsupported ciphers. |
|
WEBMPS-26910 |
A SSLi connection context leak was observed when the server connection was closed in the SYN_SENT state causing the connection reset on the client. This issue is fixed. |
|
WEBMPS-26926 |
Upgrade to BONA fails when customer has IPS policy exception configured on 8.x or earlier release. This issue is fixed. |
|
WEBMPS-26933 |
Fixes incorrect submission rates in the health status. |
|
WEBMPS-27006 |
Fixes an issue where the "Monitored traffic" widget did not display graph data in sync with the set timezone. |
|
WEBMPS-27020 |
Fixes appearance of health warning even after applying QINQ. |
|
WEBMPS-27063 |
Fixes wrong attacker IP address reported by a Network Security appliance when 3rd party feed is added based on the Source IP address. |