This section lists issues fixed since the last major release.
Core Services (Broker, Concentrator, Decoder, Archiver) Fixes
|Not able to extract the email attachment if the Content-disposition header is in upper case.|
|Unable to extract files from an SMB2 session due to the recent changes in the SMB2 protocol.|
|When investigating an offline Archiver collection, it does not display metadata with events but displays only the events count.|
|Event export fails when investigating for a custom time frame and profile with no prequery.|
|Unable to export logs in the Investigate view when the user language setting is not English or French.|
When the NOT operator is used in Event view Free-Form Mode without parenthesis, as in NOT medium = 1 vs NOT(medium = 1), the free-form query fails.
Packets are not rendered properly and the expected data is not displayed in the Events view packet reconstruction.
|ASOC-87516||The packet reconstruction being viewed does not have data loaded after leaving the Events view for the Hosts, Files, or Entities view, and then returns to the Events view using the Events option in the Investigate submenu.|
After upgrading to Version 11.4, there may be issues in the Navigate view and Legacy Events view because the column groups, meta groups, or profile groups permission is disabled for custom user roles.
Reporting Engine Fixes
|SACE-12723||NetWitness Platform Recovery Tool does not clean up the old backup reporting-engine-home.tar.gz files.|
Log Collection Fixes
|ASOC-87953||Windows Legacy Collector (WLC) certificate renewal script packaged as part of 11.4 and located at /var/netwitness/root-ca- update/wlc/ does not run.|
Context Hub Fixes
|When STIX data is converted to CSV format, some of the STIX fields are not available in the CSV file.|
|ASOC-87937||Connection for Threat Insights (Live Connect) and File Reputation data source fails as the password gets saved as blank.|
Health and Wellness Fixes
|PSU shows incorrect status on the Health & Wellness view, when one PSU fails on the S5 Hybrid.|
Malware Analysis Fixes
|SACE-12834||When forwarding the syslog from Malware, the Source IP and Destination IP is not available in the forwarded events though it is available in the reports.|
|AV tab in Admin > Services > Malware > Config, does not display AV Vendor results.|
ESA (Event Stream Analysis) Fixes
|ASOC-87859||Some ESA Rule Deployments migrated from versions before 11.3 can cause ESA Rule Deployment issues during the 11.4 upgrade.|