AI Infrastructure, Secure Networking, and Software Solutions - Cisco
Support - Cisco Support, Documentation, and Downloads - CiscoCiscoCiscoCisco Trademarks - Cisco
User Guide for CISCO models including: SWD-14010 Stealthwatch Flow Collector NetFlow, SWD-14010, Stealthwatch Flow Collector NetFlow, Flow Collector NetFlow, Collector NetFlow, NetFlow
Cisco Secure Network Analytics - Release Notes - Cisco
File Info : application/pdf, 6 Pages, 74.90KB
DocumentDocumentStealthwatch Flow Collector NetFlow Update Patch v7.3.1 Stealthwatch Flow Collector NetFlow Update Patch v7.3.1 This document provides a description of the patch and installation procedure for the Stealthwatch Flow Collector NetFlow appliance v7.3.1. There are no prerequisites for this patch. Patch Description This patch, patch-fcnf-ROLLUP008-7.3.1-01.swu, includes the following fix: Defect SWD-16828 Description Fixed an issue where Interface Top Reports were showing incorrect results. Rows (all data) were missing when searching for specific hosts or hostgroups, and client or server. Previous fixes included in this patch are described in a table on the next page. Download and Installation Download To download the patch update file, complete the following steps: 1. Go to Cisco Software Central, https://software.cisco.com. 2. In the Download and Upgrade section, select Access downloads. 3. Type Secure Analytics (Stealthwatch) in the Select a Product field, then press Enter. 4. Select the appliance model. 5. Under Select a Software Type, select Stealthwatch Patches. 6. Select All Release, then select release version. 7. Download the patch update file, patch-fcnf-ROLLUP008-7.3.1-01.swu, and save it to your preferred location. Installation To install the patch update file, complete the following steps: 1. Log in to the SMC. 2. Click the Global Settings icon, then click Central Management. © 2022 Cisco Systems, Inc. and/or its affiliates. All rights reserved. -1- Stealthwatch Flow Collector NetFlow Update Patch v7.3.1 3. Click Update Manager. 4. On the Update Manager page, click Upload, and then open the saved patch update file, patch-fcnf-ROLLUP008-7.3.1-01.swu. 5. Click the Actions menu for the appliance, then click Install Update. The Flow Collector engine is stopped, and the appliance is restarted as part of the patch installation process. Previous Fixes The following items are previous defect fixes included in this patch: Defect SWD-14010 SWD-15136 SWD-15235 SWD-15421 SWD-15443 SWD-15465 SWD-15574 SWD-15592 SWD-15593 SWD-15679 SWD-15712 SWD-15713 Description Fixed an issue with refactor syslog compliance toggling. Fixed issue to prevent database backup from canceling. Fixed an issue to enable reloading snmpd for configuration changes. Fixed an issue with the rotate Chrony log files. Fixed issue with add file check before reading SSL files Fixed an issue with incorrect patch version on installing multiple SWUs. Fixed an issue with the initiator setting on ASA bi-directional flows. (LSQ-5071) Fixed the issue where 50% of Traffic Showing was Unknown on the Dashboard. Fixed an issue where some applications were not being detected. Fixed issue with secret manager being removed after installing the v7.2.1 update patches. Fixed an issue where the SE Query provided incorrect data. Fixed an issue where the v7.2.1 update patch installation failed due to docker not running. © 2022 Cisco Systems, Inc. and/or its affiliates. All rights reserved. -2- Defect SWD-15730 SWD-15732 SWD-15574 SWD-15744 SWD-15779 SWD-15842 SWD-15885 SWD-15947 SWD-15984 SWD-16024 SWD-16025 SWD-16030 SWD-16049 Stealthwatch Flow Collector NetFlow Update Patch v7.3.1 Description Fixed and issue where the NVM Process Hash and Parent Process Hash were missing in Flow Collector. Fixed issue that was preventing osaxsd-server from completing the package upgrade. Fixed an issue with setting the initiator on the second half of an ASA bi-flow. (LSQ-5071) Fixed an issuer where flows without client and server bytes/packets were missing interface information. (LSQ5118) Fixed an issue where the Palo Alto, AppId/UserId, fields seemed to initiate the Flow Collector Oversubscribed alarm. (LSQ-4919 ) Fixed an issue with system alarms not clearing. Fixed an issue support for ASA bi-flows with bytes = 0 and pkts > 0 and Flow Action needs to be set Fixed an issue where TrustSec and user data were missing from active user sessions in new flows after FC reboot or upgrade. Fixed an issue where the eta analysis tool was running when generating diag pack. (LSQ-5308) Fixed an issue to prevent enabling the datastore advance option in System Config unintentionally. Fixed an issue where running a database backup failed. (LSQ5358) Fixed an issue with the Flow Collector engine indexing the groups array with values greater than, or equal to, 65535. Fixed an issue where the swe-detections-worker service on the Flow Collector wasn't registering observations. © 2022 Cisco Systems, Inc. and/or its affiliates. All rights reserved. -3- Stealthwatch Flow Collector NetFlow Update Patch v7.3.1 Defect Description SWD-16054 Fixed a Port Scan Alarm issue where the associated flow table was empty because the client server wasn't following the initiator order. (LSQ-5366) SWD-16068 Fixed an issue where docker images weren't cleaned up during package upgrade. SWD-16087/SWD- Fixed an issue where flow-based Identities were missing on 16437 Users report. SWD-16111/SWD- Fixed an issue with SIGSEGV in the Threat Feed Update. 16114 (LSQ-5437) SWD-16163 Fixed an error with flow duration values calculated by the Flow Collector engine. SWD-16183 Fixed an issue where customized applications were not tagging traffic according to DPI definitions. (LSQ-5456) SWD-16169 / SWD-16210 Fixed an issue where NetFlow data from Checkpoint exporters didn't process properly due to Checkpoint inadvertently using the PEN field. ( LSQ-5470) SWD-16284 Fixed an issue with the range policy_id value. SWD-16333 Enhanced the Flow Data Lost alarm to set limits longer than the hard-coded, 30-minute threshold. (LSQ-5549) SWD-16805 Clones: SWD-16783 SWD-16944 Fixed an issue where Flag counters were not accurate on TCP flows. In addition, some non-TCP flows were displaying TCP flag counters. SWONE-7828 Fixed an issue where the ingest service was falling behind and not catching up. SWONE-12159 Added TrustSec improvements. SWONE-14903 / SWONE-18750 Fixed an issue with three memory-related changes to svc-dbingest. SWOS-206 Enabled the upgrade process to continue when upgrading © 2022 Cisco Systems, Inc. and/or its affiliates. All rights reserved. -4- Stealthwatch Flow Collector NetFlow Update Patch v7.3.1 Defect SWOS-357 Description osaxsd-server. Updated cryptography dependencies to versions built against CiscoSSL. Contacting Support If you need technical support, please do one of the following: l Contact your local Cisco Partner l Contact Cisco Stealthwatch Support o To open a case by web: http://www.cisco.com/c/en/us/support/index.html o To open a case by email: tac@cisco.com o For phone support: 1-800-553-2447 (U.S.) o For worldwide support numbers: www.cisco.com/en/US/partner/support/tsd_cisco_worldwide_ contacts.html © 2022 Cisco Systems, Inc. and/or its affiliates. All rights reserved. -5- Copyright Information Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: https://www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1721R) © 2022 Cisco Systems, Inc. and/or its affiliates. All rights reserved.