Skip navigation
All Places > Products > RSA NetWitness Platform > RSA NetWitness Platform Online Documentation > Documents
Log in to create and rate content, and to follow, bookmark, and share content with other members.

11.5 RN: Fixed Issues

Document created by RSA Information Design and Development Employee on Jul 29, 2020Last modified by RSA Information Design and Development Employee on Sep 8, 2020
Version 3Show Document
  • View in full screen mode

This section lists issues fixed after the last major release. For additional information on fixed issues, see the Fixed Version column in the RSA NetWitness Platform Known Issues list on RSA Link: 
https://community.rsa.com/community/products/netwitness/documentation/known-issues

Log Collection Fixes

Tracking NumberDescription
ASOC-94276Improved TCP Syslog Performance.

Administration Fixes

Tracking NumberDescription
SACE-13620In version 11.4, unable to deploy recursive feeds on the Decoder group.
SACE-13572When querying using the msearch option, it displays "Year is out of valid range: 1400..9999" error.
SACE-13278After upgrading to 11.4, the Login Banner does not display while logging in to the NetWitness Platform.
SACE-13124Raid Tool Script fails if a disk in a 15 drive Viper Shelf is in a 'UBad' state.
SACE-13060In the Define Email Notifications panel, unable to enter an email address with domain name, if the domain name has letters after (.) symbol. For example, XXX@innotec.security.com

Audit Logging

Tracking NumberDescription
ASOC-85468 / ASOC-86055Logstash does not reconnect to RabbitMQ, if RabbitMQ is reset.
ASOC-77307Audit Logs do not have enough context when an ESA rule is created, duplicated, or deleted on the Rule Builder.
In NetWitness Platform 11.5, in addition to the audit logs available on ESA Correlation-server, new audit logs on the NW Server show when users add, modify, filter, delete, export, and import ESA rules in the Rule Library. The NW Server audit logs also show when users add, modify, and deploy ESA rule deployments. Modifications to an ESA rule deployment include adding, deleting, or updating a rule in a deployment as well as adding a data source or an ESA Correlation service to a deployment.

Investigate Fixes

Tracking NumberDescription
ASOC-92642Refocusing a value that contains the backslash (\) character in the Events view does not return results.
ASOC-92534In the email reconstruction, the Download button for attachments is not enabled due to a filename mismatch.
ASOC-85375Unable to query meta keys with values and meta values are truncated for some characters like .
ASOC-50412When initiating a download, Investigate fails to connect to the browser job tray and the download spinner remains indefinitely.

Respond Fixes

Tracking NumberDescription
ASOC-83210Incident email notifications are missing "Changed by" fields. In NetWitness Platform 11.4, when an automatically generated incident was updated, the email notification failed to display the "Change By" field showing the timestamp and user associated with the update. This is fixed in 11.5.
ASOC-80896Incidents generated by Reporting Engine alerts display cleartext values despite Data Privacy being enabled. Previously, in deployments where data privacy is enabled, incidents aggregated from Reporting Engine alerts were displaying cleartext metadata due to both cleartext and hashed values getting published. Now, when data privacy is enabled, the Reporting Engine only sends hashed / obfuscated values to Respond, which maintains data privacy when analysts view incidents.
ASOC-73173Matching files are not displayed in the Files tab if the file name in the event does not match the global file name. Previously, when you pivoted to the Investigate > Hosts or Files tab from the Nodal Graph to analyze a file, if the file name in the event did not match the case of the global file name, no results were displayed. Now, case sensitivity is no longer an issue when pivoting to the Investigate > Hosts or Files tab.

Core Services (Broker, Concentrator, Decoder, Archiver) Fixes

Tracking NumberDescription
ASOC-90740Log Decoder service was core-dumping at restart.
SACE-13702When querying the Broker through Rest API, it displays incorrect results.
SACE-13597For a TLS session, the meta keys for Ja3/Ja3s and cert.thumbprint are generated.

Event Stream Analysis (ESA) Fixes

Tracking NumberDescription
ASOC-87778An ESA Rule Deployment name with a colon (:) throws a failed to start stream error. If an ESA rule deployment name contains a colon (:), data aggregation fails to start during deployment. This is not an issue in NetWitness Platform 11.5.
ASOC-77307Audit Logs do not have enough context when an ESA rule is created, duplicated, or deleted on the Rule Builder.
In NetWitness Platform 11.5, in addition to the audit logs available on ESA Correlation-server, new audit logs on the NW Server show when users add, modify, filter, delete, export, and import ESA rules in the Rule Library. The NW Server audit logs also show when users add, modify, and deploy ESA rule deployments. Modifications to an ESA rule deployment include adding, deleting, or updating a rule in a deployment as well as adding a data source or an ESA Correlation service to a deployment.
SACE-12736Multiple users can edit an ESA rule deployment at the same time and overwrite changes. If two users modify the same ESA rule deployment by adding or removing rules, whoever clicks Deploy Now first overwrites the changes of the other user.
In NetWitness Platform 11.5, multiple users can edit an ESA rule deployment at the same time and not overwrite changes.

Reporting Engine Fixes

Tracking NumberDescription
SACE-12893Reports > Alert tab, does not display all the alerts when queried for a custom time range.

Endpoint Fixes

Tracking NumberDescription
ASOC-86942Endpoint server is often found in Unhealthy state after a day of deployment.
SACE-13763Unable to install NetWitness Endpoint Agent on Redhat 8.x system.
SACE-13529Test connection fails for Relay Server with Endpoint Log Hybrid.

Upgrade Fixes

Tracking NumberDescription
SACE-12658When running the nwsetup-tui command on the CLI for configuring the static IP address , it fails.
SADOCS-1883Request for pre-upgrade steps to clear out repositories from previous releases. These instructions have been added to the Upgrade Guide for RSA NetWitness Platform 11.5.

 

Previous Topic:What's New
Next Topic:Known Issues
You are here
Table of Contents > Fixed Issues

Attachments

    Outcomes