This applies to ESU #15 (November) and beyond, the information below is from the release notes.
RSA has substantially updated the Check Point FW-1 and Secure Computing Sidewinder G2 event source integration designs. The following areas have been remediated:
- Directionality of gathered data (example : interpretation of source address and destination address)
- Variable Usage
- Event Categorization
One consequence of these repairs is that any customized reports based upon the previous device XML design may no longer work as expected. Therefore, customers can decide when to update this new XML design for Check Point FW-1 and Secure Computing Sidewinder G2.
During installation of the ESU, the menu selection for Check Point and Sidewinder are deselected by default. To install the new design, please select the choice for Check Point or Sidewinder.
Important note : RSA will continue to support the legacy Checkpoint Integration design until May 31st 2010. RSA suggests, however, all customers move to the new design - available in this and future event source update packages - as future content (such as enVision reports or correlation rules) will be based only on the NEW Design.