Skip navigation
All Places > Products > RSA NetWitness Platform > RSA NetWitness Platform Online Documentation > Documents
Log in to create and rate content, and to follow, bookmark, and share content with other members.

Release Notes 11.4.1.3: Introduction

Document created by RSA Information Design and Development Employee on Oct 14, 2020
Version 1Show Document
  • View in full screen mode
 

This document lists the fixes made to improve NetWitness Platform 11.4.1.0. Read this document before deploying or upgrading to NetWitness Platform 11.4.1.3.

Fixed Issues

This section lists issues fixed since the last major release.

Administration Fixes

               
Tracking Number Description

SACE13731/
ASOC-101327

Single Sign On (SSO) connection does not work for NetWitness Platform 11.4.0.1.

Core Services (Broker, Concentrator, Decoder, Archiver) Fixes

                                       
Tracking NumberDescription
SACE-13985 Index customizations for Retention Log Hybrid  service not reflecting on updating entities from Index definition files on Decoder.
SACE-13977Packet pool depletion due to either large HTTP sessions or newly installed feeds like ThreatStreamIP.
SACE-13812/
ASOC-100351
No alarms triggered from ESM test policy even after disabling automatic monitoring and restarting rabbit-mq, collectd and rsa-sms.

SACE-14051

Issue with deployment of Non-IP feeds with IPv6 values (non CIDR) on Decoders or Log Decoders. The first entry on the feed fails to load.

SACE-13928When you upgrade to 11.4.x version except 11.4.1.3, the calculation of the bytes filtered by Apprule has an issue.

SACE-14408

SSL Pakcet decryption fails on Investigator Thick Client version 11.4.0.0.781 as the pem file (Key file) is not recognized in the Investigator logs.

SACE-13706/ ASOC-102996Issue with transferring logs from Log Decoder to external devices as the connection between Log Decoder and destination Server could not be established.

Health and Wellness Fixes

               
Tracking Number Description
SACE-13666/
ASOC-101606
For Hybrids, few statistics on the Health and Wellness are not showing the historical representation of the graph. However, numbers are displayed after hovering the mouse over the white space.

Investigate Fixes

                   
Tracking NumberDescription

SACE-13914/ SACE-13887/
ASOC-101707

PCAP export fails as the system was cross linking the credentials of two accounts.

SACE-14314/ ASOC-102261Right most column in the Events View is partially visible/ truncated due to incorrect width calculation in NetWitness. After adjusting the size of the columns, the original size gets automatically restored if a column is added or removed.

Malware Analysis Fixes

                   
Tracking NumberDescription

SACE-14144/
ASOC-101767

A mismatch between the directory name and MD5 hash value for the files ending with "-" extension in 11.3.2 Malware Analysis. The actual file name was missing under spectrum/repository/files folder.
SACE-13682Malware Analysis appliance license displays as unlicensed on the UI.

Context Hub Fixes

               
Tracking NumberDescription
ASOC-101486 During the alerts data prefetch process, once the mongo doc size limit exception is hit for any alert entity, processing of other alerts data is skipped, resulting in loss of contextual data from other alerts.

Endpoint Fixes

                                               
Tracking NumberDescription
SACE-13963/
ASOC-101948
The assigned VPN IP address is not displayed from Endpoint Agents deployed on Mac-OS.
SACE-13300/
ASOC-101948
High CPU use by Endpoint agents during scanning.
SACE-13721/
ASOC-101948
Unable to identify the process running from drive letter "Z" on Investigate > Hosts > Processes view.

SACE-13670/
ASOC-101948

Agent is unable to retrieve a policy due to an error in evaluating IPv4/IPv6 addresses of the host.

SACE-13294/
ASOC-101948
After installing NetWitness Endpoint Advanced agent, issue with launching of Windows Pseudo Console apps until you run it as an administrator.

SACE-13584/
ASOC-101948

BSOD occurred after the installation of NetWitness Endpoint agent on Windows Server 2008-R2.

SACE-13476/
ASOC-101948
NWE Agent Service crash observed in CentOS-8/RHEL-8.x due to RPM verify.
SACE-13763/
ASOC-101948
NWEAgent Service crashes when enumerating network interfaces on RHEL-8.x.

ASOC-87703/
ASOC-101948

Agent enhancement to hash the file to avoid reopening file in user mode. This eliminates any interference of NetWitness agent during third party software updates and installations.

ESA Fixes

                   
Tracking NumberDescription
SACE-14293/ ASOC-103904ESA is giving error and not generating alerts after upgrading to 11.4.1.1. Also, it starts generating older events.
ASOC-103988/ SACE-12773Subqueries with isOneOfIgnoreCase or isNotOneOfIgnoreCase helper functions are not evaluated.

You are here
Table of Contents > Introduction

Attachments

    Outcomes