The Cortex XSIAM 2.1 release includes the following known issues:
Issue ID | Description |
---|---|
CRTX-67376 | Users with dataset role-based access control (RBAC) permissions can view already-created correlation rules using the data model on the Correlation Rules page, but can’t create or edit them. When users view the alerts for those rules, they can see neither the relevant pivots, nor the rule itself. |
CRTX-57553 | When setting up the Broker VM on Google Cloud Platform (GCP) and a GCP image is imported using the G Cloud CLI, the following command fails.
Until this is resolved as a workaround, use the following command.
|
CRTX-41336 | A Database Collector applet on a broker VM that is deployed in a Cortex XDR FedRAMP environment cannot connect to MySQL and MSSQL. |
XDR-55313 | When exporting Restriction type profile with custom indicator rules and then importing those back, the rules are no longer available. |
N/A | Currently, the Cortex XSIAM product URL contains the |
CPATR-15036 | Cortex XSIAM only supports stitching login Windows Event Logs into stories for a Windows 8.1 or later machine. |
XDR-30122 | When your XQL query includes a filter with a result that is an exponential number, the filter can sometimes not work as expected, including not returning any results. |
XDR-29691 | Cortex XSIAM calculates CVEs for applications according to the application version, and not according to application build numbers. |
XDR-21780 | Backwards scan is not supported when generating a BIOC from the Native Search. |
CPATR-10766 | After a Microsoft Windows patch (KB) is uninstalled from the endpoint, the Cortex XDR agent continues to report this KB to Cortex XDR. As a result, the CVEs list for the endpoint in Vulnerability Management cannot be updated to include the CVEs addressed by the uninstalled KB. |