CounterSnipe APD and Management Console v2.1

• Features added or enhanced in this release
• Bugs fixed in this release
• Upgrade instructions
• Assistance

• Upgraded detection engine to version 2.1.2.
• Configuration is checked for possible errors before attempting deployment to a device.
• Added support for UTC/GMT timezone.
• Learning mode.
• Signatures can now contain regular expressions.
• Live Demonstration CDROM Released.
• SSL encryption has been added to all communications between the APD and Console.
• Improved incident management.
• New low level management menu.

• Large number of events could cause problems with the dashboard.
• Rule upgrades leaves deleted rules in the database.
• Drop now raises an alert rather than logging.
• All logging on all devices now happens in the same timezone (UTC).
• Dashboard error that showed only 1 minute of data under the 5 minute interval.
• Improved input validation on reports.
• Under some circumstances deleting large numbers of events could hang the console.
• User can now view administer then one console from the same web browser instance.
• Fixed incompatibilities with Internet Explorer.
• Forced preprocessor ordering to ensure validity of all configurations.
• Fixed loss of local rule changes during upgrade.
• Resolved reporting problem that returned unlimited UDP entries even when requested to limit.
• Device deletion is now handled more gracefully.
• Resolved bug with downloading reports in Internet Explorer over SSL.
• Fixed bug in reporting that ignored the end date of a report and used the current date instead.
• Fixed corrected package dependencies between cs-apd and cs-apd-harden.
• Fixed copy to local group malfunction.
• Fixed false positive occurrence due to incorrect handling of multiple event generators.

• Access the APD setup menu via SSH, Console, or Serial cable.
• Select upgrade device from the menu.
• Once upgrade has completed, Login to the web interface, open the default device group and press Deploy Configurations.
• Once all of the Configuration Status traffic lights have turned green again, visit each device's summary page in turn, select Reboot Device and press Submit.
• Be aware that the new syslog viewer may be confused by malformed entries in your existing system log. This will show up as some entries being presented in red and lots of unreasonable program names appearing next to checkboxes at the bottom of the page. This problem will disappear once all kernel-generated entries in the syslog have "kernel: " prepended to them, which will be the case within 24 hours of the upgrade being applied. So, if you see this problem, ignore it for 24 hours. In the unlikely event that it persists, call for support.