Pathname Modified Events in AWS IAM Does Not Display the Path Change
Source Name is Not Displayed When AD Events are Generated Using RDP
Change Guardian Receives an Insufficient Access Permission Event
Asset Monitoring Failure Reports are not Captured for All Event Types
Azure AD Monitoring Events are not Captured for All Event and Attribute Types
Change Guardian Server Does not Generate Events After Password Change
Change Guardian Server Does Generate Events When Write Permissions Are Modified
Failed Events From Some Assets are Categorized with Severity 2
Issue: When you create policies specifying managed users, events generated by such users might be wrongly displayed as unmanaged. This happens when a new user is added to AD and AD users are not synchronized with Change Guardian. Events generated by the newly added user is displayed as unmanaged events till the polling interval with AD has passed. (Defect 313058)
Workaround: Allow the polling interval with AD to pass so that events generated by the new users are displayed correctly as managed.
Pathname ModifiedEvents in AWS IAM Does Not Display the Path Change
Issue: When AWS IAM generates Pathname Modified
events for users and groups, Change Guardian displays the change in username and groupname, but does not display the change in path. (Defect 172063)
Workaround: None.
Issue: Change Guardian receives Invalid Configuration event because of the incorrect Domain Name, Authentication Key, or Application ID used to access Azure AD.
Workaround: Use the correct Domain Name, Authentication Key, or Application ID to access Azure AD.
NOTE:Severity of Insufficient Access Permission and Invalid Configuration events vary based on the severity of the first policy assigned.
Issue: Change Guardian is unable to receive events because of the following:
Tenant is not reachable
Invalid remote web application
Workaround:
Enter a valid tenant name in the tenant configuration page
Check if the tenant is accessible from the Change Guardian Agent computer
Issue: Change Guardian Event Dashboard displays the source name as N/A
or is blank when AD events are generated while logged in to the source machine using RDP. (Defect 301102)
Workaround: None.
Issue: Change Guardian receives Insufficient Access Permission event because Read directory data permissions are not assigned to the Azure AD web application for both Application and Delegated permission types.
Workaround: Assign Read directory data permission for both Application and Delegated Permission types to Azure AD web application to receive events.
Change Guardian cannot generate events from Azure Active Directory for the following events and attributes:
Create Group Settings
Update Group Settings
Delete Group Settings
Set group managed by
Group Attributes
Is Membership Rule Locked
Change Guardian also does not support the following:
Consolidating multiple events into a single event for Update user and Update group events
Monitoring managed groups
Issue: The Asset monitoring failure reports are not captured for all event types, such as audit failures, registry failures or system failures.
Workaround: To view the failure reports you must apply the policy where auditing mechanism of the specific event mentioned in the policy has failed.
Issue: When you upgrade Change Guardian 5.0 to Change Guardian 5.1 or later, Change Guardian server is unable to fetch events for the newly added events and attributes. The events are not captured if you have selected “All Events” or “All Attributes” when you created the policy using Change Guardian 5.0.
Workaround: Perform the following procedure to overcome this issue:
. In the left pane of the Policy Editor window, select Azure Active Directory > Azure Active directory Policies.
Expand the Azure Active directory Policies and select the policy where you are monitoring “All Events” or “All Attributes”.
Click Edit and modify the description.
Click Submit.
Enable the policy revision.
Issue: Change Guardian does not receive Dell EMC events if the CEPA server is not running. Accessing the CEPA from a browser shows that the site cannot be reached.
Workaround:
Start the CEPA server:
Open services.mcs and run the EMC CAVA service.
In the Dell EMC web-console, check if the CEPA IP is provided in the following format: http://1.1.1.1:12228/cee
Issue: After you change the Change Guardian password, events are not generated because the REST dispatcher password is not updated in Policy Editor. (Bug 1121890)
Workaround: Enter the new password for the REST dispatcher by using Policy Editor, then restart the Change Guardian server:
rcsentinel restart
Issue: UNIX events are not generated even though all the configuration settings are successful.
Workaround: Verify if the spool file entry is frequently updated in the following directory:
/usr/netiq/vsau/local/spool/<unix_platform>AuditObject__singleton/*.udetect_events
Issue: When you modify the write permission to rule group of a file on a UNIX system, Change Guardian fails to generate events for file monitoring.
Workaround: None.
Issue: When authorized users perform actions that fail, such events are categorized with severity 2. This happens for events generated at AWS IAM, Dell EMC, Office 365, and Microsoft Exchange. (Defect 165010)
Workaround: Use appropriate filters to receive alerts from such assets.