Skip navigation
All Places > Products > RSA NetWitness Platform > RSA NetWitness Platform Online Documentation > Documents
Log in to create and rate content, and to follow, bookmark, and share content with other members.

Release Notes Introduction

Document created by RSA Information Design and Development Employee on Oct 14, 2020
Version 1Show Document
  • View in full screen mode

This document lists the fixes made to improve NetWitness Platform Read this document before deploying or upgrading to NetWitness Platform

Fixed Issues

This section lists issues fixed since the last major release.

Administration Fixes

Tracking Number Description


Single Sign On (SSO) connection does not work for NetWitness Platform

Core Services (Broker, Concentrator, Decoder, Archiver) Fixes

Tracking NumberDescription
SACE-13985 Index customizations for Retention Log Hybrid  service not reflecting on updating entities from Index definition files on Decoder.
SACE-13977Packet pool depletion due to either large HTTP sessions or newly installed feeds like ThreatStreamIP.
No alarms triggered from ESM test policy even after disabling automatic monitoring and restarting rabbit-mq, collectd and rsa-sms.


Issue with deployment of Non-IP feeds with IPv6 values (non CIDR) on Decoders or Log Decoders. The first entry on the feed fails to load.

SACE-13928When you upgrade to 11.4.x version except, the calculation of the bytes filtered by Apprule has an issue.


SSL Pakcet decryption fails on Investigator Thick Client version as the pem file (Key file) is not recognized in the Investigator logs.

SACE-13706/ ASOC-102996Issue with transferring logs from Log Decoder to external devices as the connection between Log Decoder and destination Server could not be established.

Health and Wellness Fixes

Tracking Number Description
For Hybrids, few statistics on the Health and Wellness are not showing the historical representation of the graph. However, numbers are displayed after hovering the mouse over the white space.

Investigate Fixes

Tracking NumberDescription

SACE-13914/ SACE-13887/

PCAP export fails as the system was cross linking the credentials of two accounts.

SACE-14314/ ASOC-102261Right most column in the Events View is partially visible/ truncated due to incorrect width calculation in NetWitness. After adjusting the size of the columns, the original size gets automatically restored if a column is added or removed.

Malware Analysis Fixes

Tracking NumberDescription


A mismatch between the directory name and MD5 hash value for the files ending with "-" extension in 11.3.2 Malware Analysis. The actual file name was missing under spectrum/repository/files folder.
SACE-13682Malware Analysis appliance license displays as unlicensed on the UI.

Context Hub Fixes

Tracking NumberDescription
ASOC-101486 During the alerts data prefetch process, once the mongo doc size limit exception is hit for any alert entity, processing of other alerts data is skipped, resulting in loss of contextual data from other alerts.

Endpoint Fixes

Tracking NumberDescription
The assigned VPN IP address is not displayed from Endpoint Agents deployed on Mac-OS.
High CPU use by Endpoint agents during scanning.
Unable to identify the process running from drive letter "Z" on Investigate > Hosts > Processes view.


Agent is unable to retrieve a policy due to an error in evaluating IPv4/IPv6 addresses of the host.

After installing NetWitness Endpoint Advanced agent, issue with launching of Windows Pseudo Console apps until you run it as an administrator.


BSOD occurred after the installation of NetWitness Endpoint agent on Windows Server 2008-R2.

NWE Agent Service crash observed in CentOS-8/RHEL-8.x due to RPM verify.
NWEAgent Service crashes when enumerating network interfaces on RHEL-8.x.


Agent enhancement to hash the file to avoid reopening file in user mode. This eliminates any interference of NetWitness agent during third party software updates and installations.

ESA Fixes

Tracking NumberDescription
SACE-14293/ ASOC-103904ESA is giving error and not generating alerts after upgrading to Also, it starts generating older events.
ASOC-103988/ SACE-12773Subqueries with isOneOfIgnoreCase or isNotOneOfIgnoreCase helper functions are not evaluated.

You are here
Table of Contents > Introduction