Release Notes 11.4.0.1: Fixed Issues

Document created by RSA Information Design and Development Employee on Feb 18, 2020Last modified by RSA Information Design and Development Employee on Jul 31, 2020
Version 2Show Document
  • View in full screen mode
 

This section lists issues fixed since the last major release.

Core Services (Broker, Concentrator, Decoder, Archiver) Fixes

                 
Tracking NumberDescription
SACE-12827/
ASOC-87857
Not able to extract the email attachment if the Content-disposition header is in upper case.
SACE-12387/
ASOC-87236
Unable to extract files from an SMB2 session due to the recent changes in the SMB2 protocol.

Investigation Fixes

                                       
Tracking NumberDescription
SACE-11659/
ASOC-88050
When investigating an offline Archiver collection, it does not display metadata with events but displays only the events count.
SACE-11706/
ASOC-88025
Event export fails when investigating for a custom time frame and profile with no prequery.
SACE-12803/
ASOC-87643
Unable to export logs in the Investigate view when the user language setting is not English or French.
ASOC-87633

When the NOT operator is used in Event view Free-Form Mode without parenthesis, as in NOT medium = 1 vs NOT(medium = 1), the free-form query fails.

ASOC-87549

Packets are not rendered properly and the expected data is not displayed in the Events view packet reconstruction.

ASOC-87516The packet reconstruction being viewed does not have data loaded after leaving the Events view for the Hosts, Files, or Entities view, and then returns to the Events view using the Events option in the Investigate submenu.

ASOC-87378

After upgrading to Version 11.4, there may be issues in the Navigate view and Legacy Events view because the column groups, meta groups, or profile groups permission is disabled for custom user roles.

Reporting Engine Fixes

               
Tracking NumberDescription
SACE-12723NetWitness Platform Recovery Tool does not clean up the old backup reporting-engine-home.tar.gz files.

Log Collection Fixes

               
Tracking NumberDescription
ASOC-87953Windows Legacy Collector (WLC) certificate renewal script packaged as part of 11.4 and located at /var/netwitness/root-ca- update/wlc/ does not run.

Context Hub Fixes

                   
Tracking NumberDescription
SACE-11272/
ASOC-84841
When STIX data is converted to CSV format, some of the STIX fields are not available in the CSV file.
ASOC-87937Connection for Threat Insights (Live Connect) and File Reputation data source fails as the password gets saved as blank.

Health and Wellness Fixes

               
Tracking NumberDescription
SACE-10378/
ASOC-74763
PSU shows incorrect status on the Health & Wellness view, when one PSU fails on the S5 Hybrid.

Malware Analysis Fixes

                   
Tracking NumberDescription
SACE-12834When forwarding the syslog from Malware, the Source IP and Destination IP is not available in the forwarded events though it is available in the reports.
SACE-10302/
ASOC-88023
AV tab in Admin > Services > Malware > Config, does not display AV Vendor results.

ESA (Event Stream Analysis) Fixes

               
Tracking NumberDescription
ASOC-87859Some ESA Rule Deployments migrated from versions before 11.3 can cause ESA Rule Deployment issues during the 11.4 upgrade.

Previous Topic:What's New
Next Topic:Build Numbers
You are here
Table of Contents > Fixed Issues

Attachments

    Outcomes