on Jul 29, 2020This section lists issues fixed after the last major release. For additional information on fixed issues, see the Fixed Version column in the RSA NetWitness
Platform Known Issues list on RSA Link:
https://community.rsa.com/community/products/netwitness/documentation/known-issues
Log Collection Fixes
| Tracking Number | Description |
|---|---|
| ASOC-94276 | Improved TCP Syslog Performance. |
Administration Fixes
| Tracking Number | Description |
|---|---|
| SACE-13620 | In version 11.4, unable to deploy recursive feeds on the Decoder group. |
| SACE-13572 | When querying using the msearch option, it displays "Year is out of valid range: 1400..9999" error. |
| SACE-13278 | After upgrading to 11.4, the Login Banner does not display while logging in to the NetWitness Platform. |
| SACE-13124 | Raid Tool Script fails if a disk in a 15 drive Viper Shelf is in a 'UBad' state. |
| SACE-13060 | In the Define Email Notifications panel, unable to enter an email address with domain name, if the domain name has letters after (.) symbol. For example, XXX@innotec.security.com |
Audit Logging
| Tracking Number | Description |
|---|---|
| ASOC-85468 / ASOC-86055 | Logstash does not reconnect to RabbitMQ, if RabbitMQ is reset. |
| ASOC-77307 | Audit Logs do not have enough context when an ESA rule is created, duplicated, or deleted on the Rule Builder. In NetWitness Platform 11.5, in addition to the audit logs available on ESA Correlation-server, new audit logs on the NW Server show when users add, modify, filter, delete, export, and import ESA rules in the Rule Library. The NW Server audit logs also show when users add, modify, and deploy ESA rule deployments. Modifications to an ESA rule deployment include adding, deleting, or updating a rule in a deployment as well as adding a data source or an ESA Correlation service to a deployment. |
Investigate Fixes
| Tracking Number | Description |
|---|---|
| ASOC-92642 | Refocusing a value that contains the backslash (\) character in the Events view does not return results. |
| ASOC-92534 | In the email reconstruction, the Download button for attachments is not enabled due to a filename mismatch. |
| ASOC-85375 | Unable to query meta keys with values and meta values are truncated for some characters like . |
| ASOC-50412 | When initiating a download, Investigate fails to connect to the browser job tray and the download spinner remains indefinitely. |
Respond Fixes
| Tracking Number | Description |
|---|---|
| ASOC-83210 | Incident email notifications are missing "Changed by" fields. In NetWitness Platform 11.4, when an automatically generated incident was updated, the email notification failed to display the "Change By" field showing the timestamp and user associated with the update. This is fixed in 11.5. |
| ASOC-80896 | Incidents generated by Reporting Engine alerts display cleartext values despite Data Privacy being enabled. Previously, in deployments where data privacy is enabled, incidents aggregated from Reporting Engine alerts were displaying cleartext metadata due to both cleartext and hashed values getting published. Now, when data privacy is enabled, the Reporting Engine only sends hashed / obfuscated values to Respond, which maintains data privacy when analysts view incidents. |
| ASOC-73173 | Matching files are not displayed in the Files tab if the file name in the event does not match the global file name. Previously, when you pivoted to the Investigate > Hosts or Files tab from the Nodal Graph to analyze a file, if the file name in the event did not match the case of the global file name, no results were displayed. Now, case sensitivity is no longer an issue when pivoting to the Investigate > Hosts or Files tab. |
Core Services (Broker, Concentrator, Decoder, Archiver) Fixes
| Tracking Number | Description |
|---|---|
| ASOC-90740 | Log Decoder service was core-dumping at restart. |
| SACE-13702 | When querying the Broker through Rest API, it displays incorrect results. |
| SACE-13597 | For a TLS session, the meta keys for Ja3/Ja3s and cert.thumbprint are generated. |
Event Stream Analysis (ESA) Fixes
| Tracking Number | Description |
|---|---|
| ASOC-87778 | An ESA Rule Deployment name with a colon (:) throws a failed to start stream error. If an ESA rule deployment name contains a colon (:), data aggregation fails to start during deployment. This is not an issue in NetWitness Platform 11.5. |
| ASOC-77307 | Audit Logs do not have enough context when an ESA rule is created, duplicated, or deleted on the Rule Builder. In NetWitness Platform 11.5, in addition to the audit logs available on ESA Correlation-server, new audit logs on the NW Server show when users add, modify, filter, delete, export, and import ESA rules in the Rule Library. The NW Server audit logs also show when users add, modify, and deploy ESA rule deployments. Modifications to an ESA rule deployment include adding, deleting, or updating a rule in a deployment as well as adding a data source or an ESA Correlation service to a deployment. |
| SACE-12736 | Multiple users can edit an ESA rule deployment at the same time and overwrite changes. If two users modify the same ESA rule deployment by adding or removing rules, whoever clicks Deploy Now first overwrites the changes of the other user. In NetWitness Platform 11.5, multiple users can edit an ESA rule deployment at the same time and not overwrite changes. |
Reporting Engine Fixes
| Tracking Number | Description |
|---|---|
| SACE-12893 | Reports > Alert tab, does not display all the alerts when queried for a custom time range. |
Endpoint Fixes
| Tracking Number | Description |
|---|---|
| ASOC-86942 | Endpoint server is often found in Unhealthy state after a day of deployment. |
| SACE-13763 | Unable to install NetWitness Endpoint Agent on Redhat 8.x system. |
| SACE-13529 | Test connection fails for Relay Server with Endpoint Log Hybrid. |
Upgrade Fixes
| Tracking Number | Description |
|---|---|
| SACE-12658 | When running the nwsetup-tui command on the CLI for configuring the static IP address , it fails. |
| SADOCS-1883 | Request for pre-upgrade steps to clear out repositories from previous releases. These instructions have been added to the Upgrade Guide for RSA NetWitness Platform 11.5. |
Previous Topic:What's New
Next Topic:Known Issues
You are here
Table of Contents > Fixed Issues