Change Guardian 6.0 Release Notes

July 2020

Change Guardian 6.0 includes new features, improves usability and resolves several previous issues. Many of these improvements were made in direct response to suggestions from our customers. We thank you for your time and valuable input. We hope you continue to help us ensure that our products meet all your needs. You can post feedback in the Change Guardian forum in the NetIQ Communities, our online community that also includes product information, blogs, and links to helpful resources.

The documentation for this product is available on the NetIQ website in HTML and PDF formats on a page that does not require you to log in. If you have suggestions for documentation improvements, click comment on this topic at the bottom of any page in the HTML version of the documentation posted at the Change Guardian Documentation page. To download this product, see the NetIQ Downloads website. To download patches for this product, see the Patch Finder website.

1.0 What is New?

The following sections outline the key features and functions provided by this version, as well as issues resolved in this release:

1.1 Agent Health Status

This release introduces a dashboard that allows you to monitor health of agents in your enterprise environment. Based on the heartbeat of agents, the status of agents is displayed as offline, warning, or online. Agents that display warning status contain a diagnostic report that provides the cause of failure and helps you troubleshoot. The dashboard also provides agent details and policies associated with agents. This option is available in the Change Guardian dashboard.

1.2 Agent Health Email Notification

You can now send emails when any agent in your environment goes offline, when selected agents go offline, or send daily health updates about all agents. This option is available in the Change Guardian dashboard.

1.3 Reports on Policies

This release introduces the ability to create reports related to Change Guardian policies from the web console. The reports provide information about policies that are either not assigned to any agent or are associated with various agents and agent groups. This option is available in the Change Guardian dashboard.

1.4 Appliance Installation Allocates Larger Data Partition

Based on the selected disk space the appliance installation allocates maximum space to the event data partition.

1.5 Appliance with IPSec Support

New Change Guardian appliance installations provide more security with IPSec support.

1.6 Deprecating TLS Versions

TLS 1.0 and 1.1 is not supported with Change Guardian on non-FIPS mode.

1.7 Monitoring AWS Identity and Access Management

Ability to monitor the following in AWS IAM:

  • Access Control

  • Groups

  • Identity and Profiling

  • Policies

  • User Accounts

1.8 Monitoring Microsoft Office 365

Ability to monitor the following in Office 365:

  • Exchange Online Settings

  • Mailbox Accounts

  • Mailbox Messages

  • Management Role Groups

1.9 Enhanced Events Dashboard

The Events dashboard provides a seamless experience when you navigate between multiple events in the grid view.

1.10 Updates to Supported Platforms

There are several updates to the list of supported operating systems.

For more information about supported platforms, see System Requirements for Change Guardian.

1.11 Software Fixes

The release includes software fixes that resolves several previous issues.

Active Directory Events are not Generating after Change Guardian Installation

Issue: Change Guardian does not receive Active Directory events after the server is reinstalled. (Defect 170224)

Fix: This issue is fixed.

Cannot Filter Managed and Unmanaged Events Generated on Dell EMC Unity Storage

Issue: The Change Guardian dashboard does not display local user names in Dell EMC Unity storage. Change Guardian is not able to map the SIDs with the local user names of Unity storage. (Defect 172362)

Fix: Change Guardian translates the local user SIDs of Dell EMC Unity storage and, therefore, allows you to filter managed and unmanaged events.

Policy not Assigned After Restarting the Agent

Issue: After assigning a policy in Policy Editor, restarting the agent does not assign the policy successfully. The following error is logged in Change Guardian: TID:276 ERROR cgsmartprovider_task_teardown - Destroyed (CGSmartProvider_Consumer, 21-5): //C=2 (Defect 170316)

Fix: After restarting the agent, policies work as expected.

Incorrect Event Name Showing for File Permission Change

Issue: When file permissions are changed, Change Guardian incorrectly generates Directory permissions were changed event from NetApp. (Bug 1158514)

Fix: When file permissions change in NetApp, Change Guardian correctly generates the File permissions were changed event.

Insufficient Boot Partition

Issue: Upgrading the appliance fails because of less space in the boot partition. (Defect 172253)

Fix: New appliances allocate more than 200 MB for boot partition.

Appliance Upgrade Fails When Using Proxy Settings

Issue: In a secured environment, if you upgrade the appliance using proxy settings, the Appliance Management Console fails to launch. (Defect 188351)

Workaround: The proxy failure issue is resolved and the Appliance Management Console opens correctly.

2.0 System Requirements

For information about hardware requirements, supported operating systems, and browsers, see Change Guardian 6.0 System Requirements.

3.0 Installing Change Guardian 6.0

You can perform installation of Change Guardian 6.0 on supported platforms. For more information about the installation procedure, see Change Guardian Installation and Administration Guide.

4.0 Upgrading to Change Guardian 6.0

You can upgrade to Change Guardian 6.0 from previous versions. For information about the upgrade procedure, see Upgrading Change Guardian in the Change Guardian Installation and Administration Guide.

5.0 Known Issues

Micro Focus strives to ensure our products provide quality solutions for your enterprise software needs. The following issues are currently being researched. If you need further assistance with any issue, please contact Technical Support.

5.1 Appliance Goes to Emergency Mode in Hyper-V Environments

Issue: In a Hyper-V environment, the Change Guardian 6.0 appliance boots in emergency mode. (Defect 238258)

Workaround: Install Change Guardian 5.1 appliance in Hyper-V and then upgrade to Change Guardian 6.0 appliance.

5.2 Internal Audit Events Go Only to Primary Event Destination in FIPS Mode

If you run Change Guardian in FIPS mode, internal audit events go only to the primary event destination. They do not go to any additional event destinations in your environment. (Defect 172321)

5.3 Change Guardian Server Cannot Connect to Data Sources in FIPS Mode

Issue: If the Change Guardian Server is running in FIPS mode, when you browse data source objects while creating a policy, you will receive a Could not connect to Windows Data Source error. (Defect 172322)

Workaround: You can avoid this error by manually entering the file paths in the policy. To find the file paths, log on to the computer you want to monitor, and then use the cd and dir commands.

5.4 Exception After Changing Keystore Password with Specific Special Characters

Issue: When you upgrade Change Guardian to 5.1 or later and change the keystore database password with specific special characters, the following exception are displayed: Failed to initialize Communicator (Defect 172329)

Workaround: None.

5.5 Manually Uninstalling an Agent Does Not Remove the Version Details of an Agent

Issue: If you manually uninstall an agent, Agent Manager continues to display version details for the agent. (Defect 170283)

Workaround: In Agent Manager, select the agent in the 'All Assets' group and delete it.

5.6 Issues with Azure Active Directory

Issue: Change Guardian cannot generate events from Azure Active Directory for the following events and attributes:

  • Create Group Settings

  • Update Group Settings

  • Delete Group Settings

  • Set group managed by

  • Group Attributes

    • Is Membership Rule Locked

NOTE:Change Guardian does not support the following:

  • Consolidating multiple events into a single event for Update user and Update group events

  • Monitoring managed groups

Workaround: None.

5.7 Dell EMC File Events are Not Generated if the Directory Name Has .

Issue: If the directory name has ., events are not generating for the directory or the files within. (Defect 172361)

Workaround: None.

5.8 Pathname Modified Events in AWS IAM Does Not Display the Path Change

Issue: When AWS IAM generates Pathname Modified events for users and groups, Change Guardian displays the change in username and groupname, but does not display the change in path. (Defect 172063)

Workaround: None.

5.9 Failed Events From Some Assets are Categorized with Severity 2

Issue: When authorized users perform actions that fail, such events are categorized with severity 2. This happens for events generated at AWS IAM, Dell EMC, Office 365, and Microsoft Exchange. (Defect 165010)

Workaround: Use appropriate filters to receive alerts from such assets.

5.10 Deleting an Asset with Agent Manager Does Not Delete All Components

Issue: If you use Agent Manager to delete an asset, Agent Manager does not delete the Change Guardian Agent component from the Installed Programs list in Windows. To remove all asset components completely, uninstall the Change Guardian Agent component from the computer, and then use Agent Manager to delete the asset from Change Guardian. (Defect 170281)

5.11 Cannot Install Security Agent for UNIX as a Non-root User

Issue: The installation process does not support installing Security Agent for UNIX as a non-root user. (Bug 1052123)

Workaround: None.

5.12 Directory Delete and Rename Events Might Not Appear in Linux

Issue: When you delete or rename directories on Linux platforms, audit logs show null value for a directory name. Therefore, Change Guardian might not capture the correct directory name in audit logs. (Bug 974273)

Workaround: None.

5.13 The Change Guardian Dashboard Chart View Displays Incorrect Values

Issue: The chart view in the Change Guardian dashboard shows percentage beyond 100. (Bug 1157855)

Workaround: Refresh the dashboard to load correct values, and ensure that the Change Guardian dashboard computer and the agent computer have current time at the respective time zones.

5.14 Cannot View Alerts with IPv6 Data in Alert Views

Issue: Change Guardian alert views do not display alerts that have IPv6 addresses in IP address fields. (Defect 170317)

Workaround: To view alerts with IPV6 addresses, perform the steps mentioned in NetIQ Knowledge base Article 7016555.

5.15 Cannot Expand Grouped Events if Event Name Contains Filter

Issue: In the Change Guardian dashboard, expanding grouped events fails with the following error message: Data Loading Error. The error occurs when the event name contains filter. (Defect 172355)

Workaround: Search events by name if it contains filter.

5.16 Events From UNIX Do Not Display Generation Time

Issue: In the Events dashboard, the Generation Time column is empty for UNIX events. (Defect 254001)

Workaround: Add Event Time column to the grid view to see the time stamp for UNIX events.

5.17 Active Directory Does Not Synchronize New User if the Account Name is the Same as a Deleted User

Issue: If you delete a user from Active Directory, and then create a new user with same account name, Active Directory does not synchronize the new user. (Defect 170282)

Workaround: None.

5.18 Duplicate Alerts are Displayed From Office 365 and Exchange

Issue: When alerts are configured based on event names for Office 365 and Exchange, Change Guardian might raise two alerts for the same event. This happens because user operations are common in Office 365 and Exchange, and they generate matching events. (Defect 173375)

Workaround: If you want to create an alert for Office 365 events or Exchange events, include both policy definitions:

includes events only when event name matches Exchange server/...

includes events only when generated by policies policies, where policies is either Office 365 or Exchange.

6.0 Legal Notice

For information about Micro Focus legal notices, see https://www.microfocus.com/about/legal/

Copyright © 2020 Micro Focus or one of its affiliates.