Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            ADR Release Notes 10.2.2

            Modified on Wed, 6 Nov at 1:22 PM

            TABLE OF CONTENTS


            Overview

            Version 10.2.2 introduces several key enhancements:

            • Dashboarding and Reporting: Customer feedback is incorporated in these features to help our customers in their operations.
              • Alert Dashboard.
              • New Inventory Report PDF.
            • BI 360 and Score 360: This release acknowledges the use of BI360 and Score 360 by ADR partners and executes on their feedback for these.
              • Enhanced BI360 capabilities for sophisticated analytics and more suitable customization.
              • Score360 increases the depth of your security posture reporting.
            • Device Support: As always support for number of existing devices is enhanced to reflect vendor updates while a good number of new device support is added.

            Important Notes

            • If any of UI fixes/ improvements don't work, please clear browser cache and recheck.
            • URGENT - Starting 10.1.2, SSH Tunnel support between CCE and APE is discontinued and is replaced by HTTPS.
            • If APE server has 5 disks mounted for mnt, please contact ADR support for the upgrade.

            List of New Features in 10.2.2

            NoIssue keySummary
            1
            		SR-3262Inventory Report can be downloaded as PDF



            List of Improvements in 10.2.2
            NoIssue keySummary
            1SR-6015Event Processor USER_DB lookup improvement 
            2SR-6006New Perf Improved UDA Does not support UDA where 'having' clause have time range restrict 
            3SR-6003Add Application Port and Protocol along with Application Name on the Host Graph Screen
            4SR-5998CCE - summarize Login event to reduce the load 
            5SR-5994BI Tool - Improvements to enhance usability 
            6SR-5958Support User Activities for all user and all screens 
            7SR-5787EDR Endpoint registration token, perpetual token which never expire 
            8SR-5770New SOC Report and Old SOC Report co-existence or overwrite 
            9SR-5735Deep Tracker / IP Flows - Query builder is not patching the field properly selected form dropdown list
            10SR-5719MTMT-MSSP Deep Tracker - Improvements to enhance usability. 
            11SR-5712CCE: Expanding list of events for ESET Parser.
            12SR-5708LTS - Improvements to CCE logs processor to read the logs from files
            13SR-5695MSSP/MTMT Dashboard - Tiles based dashboard need ability to pin
            14SR-5694Alert Analysis - MITRE Kill chain drill down must show threat indicator associated the alert only
            15SR-5687Hosted site backup improvements
            16SR-5669Improved integration with the Nessus 
            17SR-5646CloudX: Expanded Azure Data Set integration 
            18SR-5641Enhanced BI Tools Drill down - Introduce another layer before Deep Tracker / IP Flow / Alert Screen
            19SR-5638Bulk System Alert Closure at Tenant Level
            20SR-5543 New System Benchmark - Backup/Restore 4 disk setup
            21SR-5532CloudX - Data Pull: Improved scalability for bigger env - Outlook Data Only
            22SR-5503aiPMax Endpoint - Controlled Upgrade, Not auto-upgrade by default
            23SR-5439Box integration and other integrations recognition authentication token creation as a security event
            24SR-5437The Score360 now includes Private/Internal Network data in the final scoring, enhancing the security assessment by factoring in the internal network's vulnerability and configuration. This change aims to provide a more holistic view of the organization's security posture
            25SR-5419Expanded list of events in Nxlog
            26SR-5406For On client side Alert screen---- After export showing client ID it should show client name. 
            27SR-5392Improvement in Tenant Report Screen
            28SR-4519TTI: The Additional Type entity dropdown should contain every additional field that we find in the raw logs.
            29SR-4412Configure Expected Device Type in System Alerts Configuration screen.
            30SR-3748MITRE Tech_ID Refinement 



            List of New Parsers in 10.2.2

            NoIssue keySummary
            1SR-5955Added parser: DDN storage 
            2SR-5952Darktrace parser improvement
            3SR-5927Expanded list of events added for Epic.
            4SR-5875Added parser: Levelle SD-WAN
            5SR-5848Added parser: BeroeEKYs In-house built application
            6SR-5819Added parser: SDC DLP Device
            7SR-5792Added parser: beroe-live-stage (In-house built application)
            8SR-5790Enhanced Nginx parser - access logs 
            9SR-5742Added parser: Netcore Email server
            10SR-5725Added parser: Vicarius Topia API Based 
            11SR-5723Enhanced Prophaze WAF
            12SR-5666Added parser: Cyberoam firewall 
            13SR-5663Added parser: F5 BIG IP LTM
            14SR-5650Added parser: Wazuh
            15SR-5577HUBSPOT Ticketing Tool integration with cGuard
            16SR-5547Resolved Palo Alto Username parsing issue
            17SR-5513Added parser: IPS Checkpoint logs 
            18SR-5510Added parser: database logs hosted on oracle linux server
            19SR-5492Added parser: Abi-bot
            20SR-5438Added parser: Asimily Integration
            21SR-4844Added parser: Huawei SAN switch
            22SR-4713Added parser: Wallix PAM
            23SR-3984Added parser: F5



            List of Main Bug fixes in 10.2.2 

            NoIssue keySummary
            1SR-6072TTI with "Client Country Name" field doesn't work
            2SR-6057Discrepancy in TTI for Data upload events
            3SR-6032As we have observed, the event triggered as ransomware due to alert potential malware infection is a false positive for the process TiWorker.exe.
            4SR-5949Duplicate Events being generate for Microsoft Entra ID
            5SR-5947aiSecurity Score360 Report is giving duplicate results
            6SR-5931Release 10.1.2 uninstaller is not signed
            7SR-5903Tenants not receiving data from SharePoint and OneDrive.
            8SR-5849The message is not correct for Suspicious Account Creation alert
            10SR-5750Potential Malware Infected Host Event Type Details: Script Execution does not show a threat indicators
            11SR-5677An windows event_id 4741 is not being parse by CCE
            12SR-5675Reset Two-Factor Authentication Code is not working on otmcloud.
            13SR-5664Custom SOC Report enhancements
            14SR-5651Assignee names are not coming for the some tenants
            15SR-5636Unable to create SFTP connection between CCE and LTS Server: Authentication failed
            16SR-5607A few of the integrated device details are not showing in the log and flow status if we filter for more than 15 minutes, but we are getting the information in the Deep Tracker.
            17SR-5583Cannot create new Tenant inside MSSP 
            18SR-5582Google Cloud Platform showing 404
            19SR-5580LTS: Getting Error in Visualizing data on Forensic Analysis screen 
            20SR-5576Device Configuration missing after upgrade
            21SR-556110.1.2 ARIA AZT Integration misses new logs that are added
            22SR-5548MSSP page not being loaded correctly on otmcloud 
            23SR-5545APE Installation issue, Error: Failed to Create Docker Images
            24SR-5539UDA Test Search Condition is not working
            25SR-5537Getting error while generating SOC report for one of the tenant of partner AHAT
            26SR-5535Open vas issue with the scan - incorrect time and date publishing
            27SR-5524SentinelOne Issue after Upgrade - not getting logs after the upgrade 10.0.2
            28SR-5486Huge volume of Login & Logout events disrupting data pipeline at APE System and dropping the data
            29 SR-4060Azure Defender alerts-Coming under the same threat indicator instead of properly defined threat indicator types



            List of Known Issues in 10.2.2

            NoIssue keySummary
            1SR-6209Unsigned files in quarantine directory
            2SR-6081Potential issue with EPP uninstall - files being still quarantined 
            3SR-6064TTI is not working temporarily during TTI edits
            4SR-5808Issue with "Batch Action" on Alerts - closes all Alerts vs selected ones
            5SR-5779False positive Ransomware alerts
            6SR-5508EDR related alert - no details for Threat indicator
            7SR-5892EPP - EPP events message need to change so we can differentiate between detection and protection mode.


            Breaking Changes in 10.2.2

            NoIssue keySummary
            1SR-4182The user notification setup will not work by default on MTMT level. It is disabled for security reasons. If you have MTMT setup, Please contact support to follow additional steps at APE level to enable notifications at MTMT level. 
            2SR-4900LTS : Data with device name is not allowed from UI to load in Forensic analysis screen


            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select at least one of the reasons
            CAPTCHA verification is required.

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0