Upgrade the system

Upgrade the ESM and its devices in a specific order, based on your mode. After you upgrade, rewrite the device settings and roll out the policy.

Before you begin

  • Review Preparing to upgrade and Special upgrade situations.
  • Make sure that your system is running version 9.4.2 or later.
  • If you recently upgraded to 9.4.2, verify that the database rebuild is complete.

CAUTION: When upgrading, all active collectors (such as Windows, eStreamer, and Checkpoint) stop collecting data until you rewrite the device settings and roll out the policy.

Task

  1. Upgrade the devices in this order.
    Note: For details about upgrading the ESM and devices, see Upgrade ESM, ESMREC, or ENMELM and Upgrade devices.
    Mode Order
    Non-FIPS
    1. Upgrade the ESM first, then the ESMREC, or ENMELM.
    2. Wait for the database to build.
    3. Upgrade the ELM or ELMERC.
    4. Upgrade Nitro IPS, Event Receiver, ACE, DEM, and ADM.

    If you are upgrading a redundant ESM, see Upgrading a redundant ESM.

    FIPS
    1. Upgrade the ELM or ELMERC.
    2. Upgrade Nitro IPS, Event Receiver, ACE, DEM, and ADM.
    3. Upgrade the ESM, ESMREC, or ENMELM. You can begin when all device upgrades start.
    Important: Failure to upgrade the devices before upgrading the ESM when in FIPS mode can affect ELM log collection.
  2. Verify that you have communication with the devices.
  3. Download the manual rules update to the ESM (see Obtaining offline rule updates).
  4. Apply the updated rules.
    1. On the system navigation tree, select the system, then click the Properties icon .
    2. On the System Information page, click Rules Update, then click Manual Update.
    3. Browse to the update file, click Upload, then click OK.
  5. Follow this process to rewrite device settings for each device, so that all 9.6.0 settings are applied.
    1. On the ESM console, select the device in the system navigation tree, then click the Properties icon.
    2. Follow these steps for each device.
    Device type Process
    Event Receiver or ESM/Event Receiver combo
    • For data sources: Click Data SourcesWrite.
    • For VA sources: Click Vulnerability AssessmentWrite.
    ACE
    • For risk correlation: Click Risk Correlation ManagementWrite.
    • For historical correlation: Click HistoricalEnable Historical CorrelationApply. If it's already selected, deselect it, select it again, then click Apply.
    • For rule correlation: Click Rule Correlation, select Enable Rule Correlation, and click Apply. If it's already selected, deselect it, select it again, then click Apply.
    Nitro IPS, DEM, or ADM
    • For virtual devices (IPS and ADM): Click Virtual DevicesWrite.
    • For database servers: Click Database ServersWrite.
  6. Roll out the policy to all upgraded devices.
  7. Take the device out of bypass mode on Device ConfigurationInterfaces
  8. If you have an ELM or ELMERC collecting logs from a device, sync the ELM (Device PropertiesDevice Configuration Sync ELM).