RN 11.2.1.2: Fixed Issues

Document created by RSA Information Design and Development Employee on Jul 30, 2019Last modified by RSA Information Design and Development Employee on Jul 31, 2019
Version 2Show Document
  • View in full screen mode
 

Fixed Issues

This section lists issues fixed in NetWitness Platform 11.2.1.2.

Server Fixes

                 
Tracking NumberDescription

SACE-10917

Line breaks are not displayed in the Login banner.

ASOC-67123When the Event Source Manage groups have the Idle time condition defined, alarms are not generated.

Investigate Fixes

                                 
Tracking NumberDescription
SACE-9738In the Respond > Alerts view, when you click the Pivot to Investigate option for an IP address, no results are displayed on the Navigate view because the orig_ip meta is given without quotes and the query fails.

SACE-10668

You cannot query using IP address in the Event Analysis view as it is not supported.
SACE-10148When you query for a session in the File view, Unable to create temporary file /tmp/…… error message is displayed and you will not be able to download the file.
SACE-10734

Meta value with escape sequence is truncated.

SACE-11436

ThreatExpert Search link is broken on the Investigation External Lookup.

ASOC-73008When you Pivot to Investigate from the dashboard using an IP address, an error message is displayed due to an improper query.

Core Fixes

Core Services include Broker, Concentrator, Decoder, and Log Decoder.

                                     
Tracking NumberDescription
SACE-10351

Custom index file is not updated when it is pushed from one server to the other.

SACE-11260

Log Decoder service crashes with VALUEMAP and REGEX custom parsers.

ASOC-69957GeoIP parser meta formats are not consistent across Decoder language and Maxmind database.
ASOC-73054When you search any string using msearch, it displays an unexpected error.
ASOC-73238CEF parser removes backslash (\) character.
ASOC-75006Syslog Octet counting protocol logic stops Log Decoder.
ASOC-78912NetWitness appliance service crashes with SIGABRT during service monitoring on the Log Decoder.

Admin Fixes

                               
Tracking NumberDescription
SACE-10992Recurring custom feed is not updating Decoders when you select a Decoder Group List.
SACE-10682On the Event Source Monitoring tab, if you sort by ascending or descending order, the Idle time column is not sorted.
SACE-11478Unable to edit core attributes of an Active Directory user.
ASOC-79402When you change the value of the Schedule Recurrence for the Respond datasource in the ContextHub configuration, it is not saved.
ASOC-76477Unable to log in to the Active Directory using UserPrincipalName.

Windows Collector Fixes

               
Tracking NumberDescription
ASOC-75636Windows Legacy Collector pulls limited logs from certain event sources.

Archiver Fixes

                       
Tracking NumberDescription
SACE-10744Unable to push index-archiver-custom.xml from one Archiver to other Archiver services.
SACE-10835In the Archiver configuration, when you try to include any meta on the Meta Include tab, the default meta key word gets added automatically. If you remove this meta selection and click Apply, the word meta is not removed.
ASOC-75691Unable to view event.time and event.user meta in the Archiver > View > Config > General tab.

Upgrade Fixes

                       
Tracking NumberDescription
ASOC-78279After updating to 11.2.1.1, Reporting Engine restarts multiple times.
ASOC-78205After updating to 11.2.1, Broker service on Malware appliance crashes.
ASOC-75542After updating to 11.2, Active Directory user authentication fails intermittently.

Previous Topic:Release Notes
Next Topic:Build Numbers
You are here
Table of Contents > Release Notes > Fixed Issues

Attachments

    Outcomes