AnsweredAssumed Answered

Beacons to pendo.io

Question asked by Richard van den Berg on Jul 3, 2020
Latest reply on Jul 6, 2020 by Richard van den Berg

I just upgraded our servers to NetWitness 11.4.1.2 and noticed almost every page sends beacons to pendo.io:

 

https://cdn.pendo.io/agent/releases/2.58.0/guide.css 

https://cdn.pendo.io/agent/static/5573cea1-9980-41fc-5e47-9708e86ba7ad/pendo.js 

https://data.pendo.io/data/guide.js/5573cea1-9980-41fc-5e47-9708e86ba7ad?jzb=eJxljj9vszAQxr-[cut] 

 

Did NetWitness always do this? Is this new in 11.4.1.2?

What annoys me most about this is the referer header gives away our NetWitness URL including possible sensitive path (we use deep linking to the investigate module from other applications):

Host: cdn.pendo.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:68.0) Gecko/20100101 Firefox/68.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://netwitness.local/admin/services/139/security
Connection: keep-alive

Outcomes