Release Notes Fixed Issues

Document created by RSA Information Design and Development Employee on Feb 18, 2020Last modified by RSA Information Design and Development Employee on Jul 31, 2020
Version 2Show Document
  • View in full screen mode

This section lists issues fixed since the last major release.

Core Services (Broker, Concentrator, Decoder, Archiver) Fixes

Tracking NumberDescription
Not able to extract the email attachment if the Content-disposition header is in upper case.
Unable to extract files from an SMB2 session due to the recent changes in the SMB2 protocol.

Investigation Fixes

Tracking NumberDescription
When investigating an offline Archiver collection, it does not display metadata with events but displays only the events count.
Event export fails when investigating for a custom time frame and profile with no prequery.
Unable to export logs in the Investigate view when the user language setting is not English or French.

When the NOT operator is used in Event view Free-Form Mode without parenthesis, as in NOT medium = 1 vs NOT(medium = 1), the free-form query fails.


Packets are not rendered properly and the expected data is not displayed in the Events view packet reconstruction.

ASOC-87516The packet reconstruction being viewed does not have data loaded after leaving the Events view for the Hosts, Files, or Entities view, and then returns to the Events view using the Events option in the Investigate submenu.


After upgrading to Version 11.4, there may be issues in the Navigate view and Legacy Events view because the column groups, meta groups, or profile groups permission is disabled for custom user roles.

Reporting Engine Fixes

Tracking NumberDescription
SACE-12723NetWitness Platform Recovery Tool does not clean up the old backup reporting-engine-home.tar.gz files.

Log Collection Fixes

Tracking NumberDescription
ASOC-87953Windows Legacy Collector (WLC) certificate renewal script packaged as part of 11.4 and located at /var/netwitness/root-ca- update/wlc/ does not run.

Context Hub Fixes

Tracking NumberDescription
When STIX data is converted to CSV format, some of the STIX fields are not available in the CSV file.
ASOC-87937Connection for Threat Insights (Live Connect) and File Reputation data source fails as the password gets saved as blank.

Health and Wellness Fixes

Tracking NumberDescription
PSU shows incorrect status on the Health & Wellness view, when one PSU fails on the S5 Hybrid.

Malware Analysis Fixes

Tracking NumberDescription
SACE-12834When forwarding the syslog from Malware, the Source IP and Destination IP is not available in the forwarded events though it is available in the reports.
AV tab in Admin > Services > Malware > Config, does not display AV Vendor results.

ESA (Event Stream Analysis) Fixes

Tracking NumberDescription
ASOC-87859Some ESA Rule Deployments migrated from versions before 11.3 can cause ESA Rule Deployment issues during the 11.4 upgrade.

Previous Topic:What's New
Next Topic:Build Numbers
You are here
Table of Contents > Fixed Issues