000038500 - RSA NetWitness Platform 11.4.x Known Issues List

Document created by RSA Customer Support Employee on Mar 16, 2020Last modified by RSA Customer Support Employee on Apr 3, 2020
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000038500
Applies ToRSA Product Set: NetWitness Platform and NetWitness Endpoint
RSA Version/Condition: 11.4
Platform: CentOS
O/S Version: EL7
IssueBelow is a list of known issues in RSA NetWitness Logs & Network and NetWitness Endpoint 11.4.x, including those listed in the Release Notes.  
Click the links to go directly to the articles where applicable.

General Platform
Issue IDIssue TitleFix version or StatusRelated article
ASOC-86055Global Audit Logging Stops after Rabbitmq Service Restart on the Admin Server in RSA NetWitness PlatformUnder development. Targeted for 11.5.x release. 


General UI

Issue IDIssue TitleFix version or StatusRelated article
SACE-12563Feed Selection for Groups does not have previously pushed out groups check marked.11.4.1 
SACE-12964Unable to add the "accessInvestigateUsers" to a role via the GUIUnder testing. Targeted for 11.4.1 
SACE-12753Adding/Editing a recurring feed only validates the hostname in the URL path, not the filename, or path when clicking Verify.11.4.1. 
SACE-13125PAM-based authentication not functioning after upgrade to RSA NetWitness Platform 11.4.0.0 and 11.4.0.1Under development. Targeted for 11.4.1/11.5.x release. 
SACE-13260NW 11.4.0.0 - Not able to deploy recursive feed on Decoders groupUnder testing for 11.4.1 and 11.5. 
SACE-13264NW 11.3.1.1 - credential mismatch - mixing users of different roles between admin and non-admin functionsUnder testing for 11.4.1. 


Installation/Upgrade

Issue IDIssue TitleFix version or StatusRelated article
SACE-13024Rabbitmq service on Endpoint Hybrid fails to start in NetWitness 11.4Contact RSA Support


Security

Issue IDIssue TitleFix version or StatusRelated article


Core Services

Issue IDIssue TitleFix version or StatusRelated article
SACE-12827
   ASOC-87236
Not able to extract the email attachment if the Content-disposition header is in upper case.11.4.0.1 
SACE-12387
   ASOC-87236
Unable to extract files from an SMB2 session due to the recent changes in the SMB2 protocol.11.4.0.1 


Log Collection

Issue IDIssue TitleFix version or StatusRelated article
ASOC-87953
   ASOC-78604
Windows Legacy Collector (WLC) certificate renewal script that is packaged as part of 11.4 and located at /var/netwitness/root-ca- update/wlc/ does not run.11.4.0.1 
SACE-12649issues with proofpoint collection since upgrade from 10.6 to 11.311.4.1 
SACE-12961WinRM bookmarks returning 1 for a certain event channel stops collection across all channels.11.4.1 


ESA

Issue IDIssue TitleFix version or StatusRelated article
ASOC-87859Some ESA Rule Deployments migrated from versions before 11.3 can cause ESA Rule Deployment issues during the 11.4 upgrade.11.4.0.1 
SACE-11831NW 11.3 - Needed API improvements to obtain actual sessions.behind per node (conc/decoder) on ESAs11.4.1 


Respond

Issue IDIssue TitleFix version or StatusRelated article


Health & Wellness

Issue IDIssue TitleFix version or StatusRelated article
SACE-10378
   ASOC-74763
PSU shows incorrect status on the Health & Wellness view, when one PSU fails on the S5 Hybrid.11.4.0.1 
SACE-1291011.3.2.0 - H&W alarm on Endpoint Loghybrid Logcollector - LogCollector Virtual System Resources Exhausted11.4.1 


Investigate

Issue IDIssue TitleFix version or StatusRelated article
SACE-12498Brasil No longer follows Daylight Savings Time - Update Moment Timezone Libraries for investigation.11.4.1
    
 
SACE-13028Wrong closing xml tag when exporting logs from the UI11.4.0.2
    
 
SACE-11659
   ASOC-88050
When investigating an offline Archiver collection, it does not display metadata with events but displays only the events count.11.4.0.1
    
 
SACE-11706
   ASOC-88025
Event export fails when investigating for a custom time frame and profile with no prequery.11.4.0.1
    
 
SACE-12803
   ASOC-87643
Unable to export logs in the Investigate view when the user language setting is not English or French.11.4.0.1
    
 
ASOC-87633When the NOT operator is used in Event view Free-Form Mode without parenthesis, as in NOT medium = 1 vs NOT(medium = 1), the free-form query fails.11.4.0.1
    
 
ASOC-87549Packets are not rendered properly, and the expected data is not displayed in the Events view packet reconstruction.11.4.0.1
    
 
ASOC-87516The packet reconstruction being viewed does not have data loaded after leaving the Events view for the Hosts, Files, or Entities view, and then returns to the Events view using the Events option in the Investigate submenu.11.4.0.1
    
 
ASOC-87378After upgrading to Version 11.4, there may be issues in the Navigate view and Legacy Events view because the column groups, meta groups, or profile groups' permission is disabled for custom user roles.11.4.0.1
    
 
SACE-13119In NetWitness 11.4, it removes pivoting into meta on legacy views11.4.0.1 HF and 11.4.1
    
 


Malware Analysis

Issue IDIssue TitleFix version or StatusRelated article
SACE-10302
   ASOC-88023
AV tab in Admin > Services > Malware > Config, does not display AV Vendor results.11.4.0.1 


ESM

Issue IDIssue TitleFix version or StatusRelated article


Context Hub

Issue IDIssue TitleFix version or StatusRelated article
SACE-11272
   ASOC-84841
When STIX data is converted to CSV format, some of the STIX fields are not available in the CSV file.11.4.0.1 
ASOC-87937Connection for Threat Insights (Live Connect) and File Reputation data source fails as the password gets saved as blank.11.4.0.1 
SACE-12839Enrichment utilizing context hub list does not remove values which no longer exist in the list.11.4.1 


Endpoint

Issue IDIssue TitleFix version or StatusRelated article


Reporting Engine

Issue IDIssue TitleFix version or StatusRelated article
    


UEBA

Issue IDIssue TitleFix version or StatusRelated article
SACE-12843UEBA UI unable to access after installation11.4.0.1 


Licensing

Issue IDIssue TitleFix version or StatusRelated article


Content

Issue IDIssue TitleFix version or StatusRelated article

 

Attachments

    Outcomes