on Oct 14, 2020This document lists the fixes made to improve NetWitness Platform 11.4.1.0. Read this document before deploying or upgrading to NetWitness Platform 11.4.1.3.
Fixed Issues
This section lists issues fixed since the last major release.
Administration Fixes
| Tracking Number | Description |
|---|---|
| SACE13731/ | Single Sign On (SSO) connection does not work for NetWitness Platform 11.4.0.1. |
Core Services (Broker, Concentrator, Decoder, Archiver) Fixes
| Tracking Number | Description |
|---|---|
| SACE-13985 | Index customizations for Retention Log Hybrid service not reflecting on updating entities from Index definition files on Decoder. |
| SACE-13977 | Packet pool depletion due to either large HTTP sessions or newly installed feeds like ThreatStreamIP. |
| SACE-13812/ ASOC-100351 | No alarms triggered from ESM test policy even after disabling automatic monitoring and restarting rabbit-mq, collectd and rsa-sms. |
| SACE-14051 | Issue with deployment of Non-IP feeds with IPv6 values (non CIDR) on Decoders or Log Decoders. The first entry on the feed fails to load. |
| SACE-13928 | When you upgrade to 11.4.x version except 11.4.1.3, the calculation of the bytes filtered by Apprule has an issue. |
| SACE-14408 | SSL Pakcet decryption fails on Investigator Thick Client version 11.4.0.0.781 as the pem file (Key file) is not recognized in the Investigator logs. |
| SACE-13706/ ASOC-102996 | Issue with transferring logs from Log Decoder to external devices as the connection between Log Decoder and destination Server could not be established. |
Health and Wellness Fixes
| Tracking Number | Description |
|---|---|
| SACE-13666/ ASOC-101606 | For Hybrids, few statistics on the Health and Wellness are not showing the historical representation of the graph. However, numbers are displayed after hovering the mouse over the white space. |
Investigate Fixes
| Tracking Number | Description |
|---|---|
| SACE-13914/ SACE-13887/ | PCAP export fails as the system was cross linking the credentials of two accounts. |
| SACE-14314/ ASOC-102261 | Right most column in the Events View is partially visible/ truncated due to incorrect width calculation in NetWitness. After adjusting the size of the columns, the original size gets automatically restored if a column is added or removed. |
Malware Analysis Fixes
| Tracking Number | Description |
|---|---|
| SACE-14144/ | A mismatch between the directory name and MD5 hash value for the files ending with "-" extension in 11.3.2 Malware Analysis. The actual file name was missing under spectrum/repository/files folder. |
| SACE-13682 | Malware Analysis appliance license displays as unlicensed on the UI. |
Context Hub Fixes
| Tracking Number | Description |
|---|---|
| ASOC-101486 | During the alerts data prefetch process, once the mongo doc size limit exception is hit for any alert entity, processing of other alerts data is skipped, resulting in loss of contextual data from other alerts. |
Endpoint Fixes
| Tracking Number | Description |
|---|---|
| SACE-13963/ ASOC-101948 | The assigned VPN IP address is not displayed from Endpoint Agents deployed on Mac-OS. |
| SACE-13300/ ASOC-101948 | High CPU use by Endpoint agents during scanning. |
| SACE-13721/ ASOC-101948 | Unable to identify the process running from drive letter "Z" on Investigate > Hosts > Processes view. |
| SACE-13670/ | Agent is unable to retrieve a policy due to an error in evaluating IPv4/IPv6 addresses of the host. |
| SACE-13294/ ASOC-101948 | After installing NetWitness Endpoint Advanced agent, issue with launching of Windows Pseudo Console apps until you run it as an administrator. |
| SACE-13584/ | BSOD occurred after the installation of NetWitness Endpoint agent on Windows Server 2008-R2. |
| SACE-13476/ ASOC-101948 | NWE Agent Service crash observed in CentOS-8/RHEL-8.x due to RPM verify. |
| SACE-13763/ ASOC-101948 | NWEAgent Service crashes when enumerating network interfaces on RHEL-8.x. |
| ASOC-87703/ | Agent enhancement to hash the file to avoid reopening file in user mode. This eliminates any interference of NetWitness agent during third party software updates and installations. |
ESA Fixes
| Tracking Number | Description |
|---|---|
| SACE-14293/ ASOC-103904 | ESA is giving error and not generating alerts after upgrading to 11.4.1.1. Also, it starts generating older events. |
| ASOC-103988/ SACE-12773 | Subqueries with isOneOfIgnoreCase or isNotOneOfIgnoreCase helper functions are not evaluated. |
