ADR Release Notes 10.1.2

Modified on Fri, 23 Aug at 8:52 AM

TABLE OF CONTENTS

Overview
List of New Features in 10.1.2
List of Improvements in 10.1.2
List of Main Bug fixes in 10.1.2
List of Known Issues in 10.1.2
Breaking Changes in 10.1.2

Overview

Version 10.1.2 introduces several key enhancements:

CCE Remote Upgrade / Remote Patch from UI: Simplified remote upgrade and patching processes directly from the user interface.
MTMT-MSSP Level Alert Analysis and Deep Tracker: Enhanced functionality of new MTMT view to display more useful data, including assignee and tenant name.
EDR: Support for bulk EDR agent installation with multi-use installation tokens. Added support for MSI download on EDR agent installation screen.
HA System: Added HA indicators to the MSSP APE and MTMT APE screens to show HA system health status along with basic statistics. Added Instrumentation for reporting NTP status in the otmdoc container utility.
STIX/TAXII: Introduced a test connection capability.
Bulk Support: Added UDA and TTI support for the MTMT and MSSP screens.
Alert Analysis: Added an alert timeline feature to display the alert lifecycle in chronological order. Timeline includes all events contributing to the Alert status and relevant user actions.
MITRE Refinement: Enhanced, more accurate recognition and alignment with the MITRE framework.

List of New Features in 10.1.2

No	Issue key	Summary
1	SR-3890	Added Ingested devices serial numbers to correlate with IP
2	SR-3813	Added ability to perform UDA TTI Multiple tenant configuration from MSSP APE and MTMT MSSP screens
3	SR-5232	Added anomalies detection in the network by monitoring Flow Stats and Log Stats count
4	SR-4521	Added CCE Remote update support from UI Note: Remote update works ONLY for CCEs running Release 10.1.2 or higher
5	SR-454	Added Remediation support for Google cloud platform , Aria AZT and Gajshield FW
6	SR-2612	Added ability to add an IP/hostname to the allowed list when an EDR endpoint is put into quarantine
7	SR-3506	Added OT/IoT Device discovery
8	SR-3663	Added MSSP Level Search screen and Configuration screen For Deep tracker
9	SR-3246	Added CCE- Nmap capability to scan known exploit port open on CCE subnet
10	SR-4418	Added support for Traffic Analyzer installation in https mode (CCE Control)
11	SR-3725	Added parser: Cyber MDX Device
12	SR-1674	Added parser: Instasafe VPN
13	SR-1641	Added parser: TrendMicro Email Security
14	SR-4741	Added parsers: Epic Hyperspace, LastPass, F5 cloud , ProphazeWAF, SAAS Alerts, Cloudsek
15	SR-3812	Added parser API - Bitdefender GravityZone Cloud
16	SR-3959	Added parser: AZURE SQL logs support
17	SR-3323	Added parsers: Trend Micro XDR, Forti EDR, Liongard CCDR, CTD, Manage Engine, Versa-Analytics
18	SR-3307	Added parser: Nozomi Networks: Industrial IoT & OT Cybersecurity

List of Improvements in 10.1.2

No	Issue key	Summary
1	SR-2487	Add a timeline to alert life cycle.
2	SR-3244	Improvements to the Threat Model alert type recognition
3	SR-4373	Making changes on addOn device script so that it will support both SMB UI interface and addon device
4	SR-4374	Add drill-down to IP flows/Deep tracker screen from alert screen.
5	SR-4479	Security posture Report Page 23 sorting out traffic correction
6	SR-4848	GTB DLP USB events to be added as a threat event.
7	SR-4926	Improvement in MTMT-MSSP deep tracker screen to adding state management after tenant drilldown.
8	SR-4939	Allow to add new tenant only when APE system load avg is below 80%
9	SR-4949	Re-design Host Connections Screen to improve readability
10	SR-4956	Add new additional key for UDA
11	SR-5015	There are few more improvements in MTMT-MSSP Deep-tracker screen.
12	SR-5054	MTMT, M-MSSP, A-MSSP Tenant Creation - Must check for APE resource status before UI allow tenant creation
13	SR-5057	Bulk Edit & Delete Support for UDA and TTIs from MTMT-MSSP
14	SR-5181	Wrong Calculation of megabyte_count and mbps in Data Upload/Download events, may be in another events too
15	SR-5245	aiXDR - Linux rules
16	SR-5247	Add Data Download and Upload events from logs
17	SR-5271	Add a download link for EDR MSI
18	SR-5294	Need to show NTP sync status in otmdoc -x
19	SR-5355	Show HA Status information on MTMT UI
20	SR-5356	Remote CCE upgrade improvements.
21	SR-5411	Show "EDR server public host & port" in EDR host screen
22	SR-5446	aiSecurity Score360 - Data to be show in Report/Dashboard for the latest scan only

List of Main Bug fixes in 10.1.2

No	Issue key	Summary
1	SR-4165	Issue while closing alerts in Bulk - alert are reported as closed multiple times
2	SR-4174	Azure Defender alerts-Coming under 1 alert and appear as Major alert
3	SR-4222	EDR md5sum hash redirected link is not opening
4	SR-4253	Add parameters in TTI list
5	SR-4642	How to differentiate logs received from AWS - s3 Bucket
6	SR-4657	CCE 9.3.2 Hotfix-8 installation issue
7	SR-4778	CCE to LTS log transfer failure issues
8	SR-4784	Duplicate System Alerts
9	SR-4790	Alert Dashboard is not reflecting any data
10	SR-4845	Remediation test status not showing the status of test connection
11	SR-4887	For Trend Micro Vision One generated alerts, no MITRE ID is listed, but in the message section of the event details a MITRE ID.
12	SR-4917	Cannot close System Alert on tenant UI
13	SR-4923	Source Data Type is not Showing any results on all Tenants
14	SR-4942	Mitre not working for any alerts - User Access not working
15	SR-4943	Alerts Excel Export missing data
16	SR-4947	Parser for watchguard in LEEF format
17	SR-4951	CCE: Netskope Issue with policy alert - type=policy is missing in the "cat_types" array
18	SR-4967	OpenVAS Email Notification Issue - VAS email notification is generating only a single host report repeatedly
19	SR-4970	Security certificates do not survive after APE upgrade
20	SR-4972	pm2.log consuming lot of space which is causing disk overcommit on EDR Server
21	SR-5018	Not interpreting log_type="IDP" from Cyberoam (Sophos Firewall)
22	SR-5043	Prophaze logs are there on CCE but yet no threat events are coming on UI
23	SR-5071	Destination IP not showing result in IP Flow - Deep Tracker
24	SR-5072	Remediator is Blocking Private IP
25	SR-5076	LTS Anatomizer is not working after upgrade to the 10.0.2 version
26	SR-5088	Remediation Report is not Showing Complete Details
27	SR-5094	"Top Users with Attachment" is not showing any data
28	SR-5102	MSSP: All tenant alert notifications are not working
29	SR-5170	Add Option "Remove Custom Branding" at MSSP Level
30	SR-5214	APE 10.0.2: Azure Dashboard is showing almost blank while we are getting the data from all azure sources.
31	SR-5340	CCE drops security event (Malware) from LUMU
32	SR-5357	Brute Force Alert Flooding from Azure
33	SR-5396	Darktrace Log is not coming on the UI
34	SR-5498	EDR agent installation failed In Mac
35	SR-5519	Traffic logs are getting flagged as Potential Exploit and creating lot of alerts

List of Known Issues in 10.1.2

No	Issue key	Summary
1	SR-4954	Azure SQL Integration Issue - no logs coming on the UI
2	SR-4962	CCE Token Defunct while data is continuously coming to the APE
3	SR-5019	IST/EDT Time format Difference - which does not match the expected difference.
4	SR-5097	Azure Dashboard not populating after 10.0.2 release
5	SR-5322	After manual remediation, some alerts remain open
6	SR-5369	OpenVAS scanning fails while scanning IP range

Breaking Changes in 10.1.2

No	Issue key	Summary
1	SR-4182	The user notification setup will not work by default on MTMT level. It is disabled for security reasons. If you have MTMT setup, Please contact support to follow additional steps at APE level to enable notifications at MTMT level.
2	SR-4900	On Uploading data in Forensic Analysis Screen, it is sometimes giving Kong Error, sometimes {"statusCode":404, "error": "Not Found", "message": "Not Found"}, sometimes the dashboard is not uploading at all