AnsweredAssumed Answered

Beacons to pendo.io

Question asked by Richard van den Berg on Jul 3, 2020
Latest reply on Jul 6, 2020 by Richard van den Berg

Like • Show 0 Likes0
Comment • 3

I just upgraded our servers to NetWitness 11.4.1.2 and noticed almost every page sends beacons to pendo.io:

https://cdn.pendo.io/agent/releases/2.58.0/guide.css

https://cdn.pendo.io/agent/static/5573cea1-9980-41fc-5e47-9708e86ba7ad/pendo.js

https://data.pendo.io/data/guide.js/5573cea1-9980-41fc-5e47-9708e86ba7ad?jzb=eJxljj9vszAQxr-[cut]

Did NetWitness always do this? Is this new in 11.4.1.2?

What annoys me most about this is the referer header gives away our NetWitness URL including possible sensitive path (we use deep linking to the investigate module from other applications):

Host: cdn.pendo.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:68.0) Gecko/20100101 Firefox/68.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://netwitness.local/admin/services/139/security
Connection: keep-alive

No one else has this question

Outcomes

Richard van den Berg Jul 3, 2020 12:01 PM

I did some research using NetWitness (it is such a great tool) and it seems the beaconing to pendo.io was introduced (or significantly expanded) in NetWitness 11.4.1.0.

Actions

Rui Ataide

@ Richard van den Berg on Jul 3, 2020 1:42 PM

Hi Richard,

Well spotted and great use of the tool :-)

It's to do with the Customer Experience Improvement Program that can be disabled under Admin > System > Info.

It seems to default *on* instead of *off* but I will let others comment on that.

Hope that helps!

Cheers,

Rui

Actions

Richard van den Berg @ Rui Ataide on Jul 6, 2020 3:48 AM

Hi Rui,

Thanks! I found the CEIP setting and disabled it. I'm pretty sure we disabled this before in 11.3. Was it set to "on" again during the 11.4 upgrade? That's not cool.

Ok, I found in NW Cfg: Configure the Customer Experience Improvement Program that in 11.4.1 the first admin login should receive a pop-up to enable this feature. We have 2 separate environments and there is no way we would have accidentally enabled CEIP in both of them. Seems like the pop-up idea didn't work but CEIP was enabled anyway. I'm glad we caught this now though.

Cheers,

Richard

Actions

3 Replies

Richard van den Berg Jul 3, 2020 12:01 PM
Mark Correct
Correct Answer
I did some research using NetWitness (it is such a great tool) and it seems the beaconing to pendo.io was introduced (or significantly expanded) in NetWitness 11.4.1.0.
Like • Show 0 Likes0
Actions
- Rui Ataide @ Richard van den Berg on Jul 3, 2020 1:42 PM
  Mark Correct
  Correct Answer
  Hi Richard,
  
  Well spotted and great use of the tool :-)
  
  It's to do with the Customer Experience Improvement Program that can be disabled under Admin > System > Info.
  
  It seems to default *on* instead of *off* but I will let others comment on that.
  
  Hope that helps!
  
  Cheers,
  
  Rui
  Like • Show 0 Likes0
  Actions
  - Richard van den Berg @ Rui Ataide on Jul 6, 2020 3:48 AM
    Mark Correct
    Correct Answer
    Hi Rui,
    Thanks! I found the CEIP setting and disabled it. I'm pretty sure we disabled this before in 11.3. Was it set to "on" again during the 11.4 upgrade? That's not cool.
    Ok, I found in NW Cfg: Configure the Customer Experience Improvement Program that in 11.4.1 the first admin login should receive a pop-up to enable this feature. We have 2 separate environments and there is no way we would have accidentally enabled CEIP in both of them. Seems like the pop-up idea didn't work but CEIP was enabled anyway. I'm glad we caught this now though.
    Cheers,
    Richard
    Like • Show 0 Likes0
    Actions

Beacons to pendo.io

Outcomes

Related Content

Recommended Content