This section lists issues fixed since the last major release.
Core Services (Broker, Concentrator, Decoder, Archiver) Fixes
Tracking Number | Description |
SACE-12827/ ASOC-87857 | Not able to extract the email attachment if the Content-disposition header is in upper case. |
SACE-12387/ ASOC-87236 | Unable to extract files from an SMB2 session due to the recent changes in the SMB2 protocol. |
Investigation Fixes
Tracking Number | Description |
---|---|
SACE-11659/ ASOC-88050 | When investigating an offline Archiver collection, it does not display metadata with events but displays only the events count. |
SACE-11706/ ASOC-88025 | Event export fails when investigating for a custom time frame and profile with no prequery. |
SACE-12803/ ASOC-87643 | Unable to export logs in the Investigate view when the user language setting is not English or French. |
ASOC-87633 | When the NOT operator is used in Event view Free-Form Mode without parenthesis, as in NOT medium = 1 vs NOT(medium = 1), the free-form query fails. |
ASOC-87549 | Packets are not rendered properly and the expected data is not displayed in the Events view packet reconstruction. |
ASOC-87516 | The packet reconstruction being viewed does not have data loaded after leaving the Events view for the Hosts, Files, or Entities view, and then returns to the Events view using the Events option in the Investigate submenu. |
ASOC-87378 | After upgrading to Version 11.4, there may be issues in the Navigate view and Legacy Events view because the column groups, meta groups, or profile groups permission is disabled for custom user roles. |
Reporting Engine Fixes
Tracking Number | Description |
---|---|
SACE-12723 | NetWitness Platform Recovery Tool does not clean up the old backup reporting-engine-home.tar.gz files. |
Log Collection Fixes
Tracking Number | Description |
---|---|
ASOC-87953 | Windows Legacy Collector (WLC) certificate renewal script packaged as part of 11.4 and located at /var/netwitness/root-ca- update/wlc/ does not run. |
Context Hub Fixes
Tracking Number | Description |
---|---|
SACE-11272/ ASOC-84841 | When STIX data is converted to CSV format, some of the STIX fields are not available in the CSV file. |
ASOC-87937 | Connection for Threat Insights (Live Connect) and File Reputation data source fails as the password gets saved as blank. |
Health and Wellness Fixes
Tracking Number | Description |
---|---|
SACE-10378/ ASOC-74763 | PSU shows incorrect status on the Health & Wellness view, when one PSU fails on the S5 Hybrid. |
Malware Analysis Fixes
Tracking Number | Description |
---|---|
SACE-12834 | When forwarding the syslog from Malware, the Source IP and Destination IP is not available in the forwarded events though it is available in the reports. |
SACE-10302/ ASOC-88023 | AV tab in Admin > Services > Malware > Config, does not display AV Vendor results. |
ESA (Event Stream Analysis) Fixes
Tracking Number | Description |
---|---|
ASOC-87859 | Some ESA Rule Deployments migrated from versions before 11.3 can cause ESA Rule Deployment issues during the 11.4 upgrade. |
Previous Topic:What's New
Next Topic:Build Numbers
You are here
Table of Contents > Fixed Issues