Elasticsearch | |
Content Security Policy | |
General | The number of user investigations (My incidents) that were returned from the server was unlimited and it caused the UI to crash. The number of user investigations is now limited to 1000. This number can be changed using the user.max.shell.investigations configuration. |
Engines | The main server that listened to a specific port for engine requests could not connect. The engine could not reach the main server, since the port was not listening. When upgrading the server, the Upgrade Engine button was disabled. Under → → , the Status column did not show any data.
|
Incidents | In the War Room, you could not save custom filters. In the War Room, when an image was added using the markdown input, the image could not be expanded by clicking on it. In some cases, incidents that contained long text caused the page to crash. This occurred more frequently when using the Firefox browser. Resizing of columns for a grid field in a layout wasn't saved. When adding a line graph widget showing incidents over time to a dashboard, if the elasticsearch.aggreations.optimize server configuration was set to true, an error occurred when the graph time resolution was set to weeks. In some cases, hyperlinks contained highlighting in the War Room. When an image was added via the Notes section of an incident layout, you could not expand the image thumbnail to view the full-sized image. When two users were editing a layout at the same time, the second user to save the layout would override the changes made by the first user.
|
Indicators | The indicator timeline did not update indicator relationship changes, when the indicator was not all lower case. If a disabled indicator type and an active indicator type had the same name, a job to expire indicators could, in some cases use the expiration method of the disabled indicator type. In some cases, threat intel feeds did not process indicators due to feed triggered jobs processing indicators.
|
Jobs | Scheduled jobs ran in a loop when the clock changed for daylight savings time. In some cases, when you tried to save a feed based job, an error display that a required field was missing, and the job could not be saved.
|
Marketplace | The welcome page for the Malware Deployment Wizard contained a broken link. In the → → page, content pack validation stopped working. In the Marketplace Deployment Wizard, the Phishing tab did not open. When browsing the Marketplace offline with the marketplace.sync.enabled server configuration set to false, an "Item not found" error was displayed.
|
Playbooks | In the playbook builder, input fields disappeared when the field value was deleted. In Data Collection tasks in a playbook, when creating single select reply options after deselecting First option is default, the reply options were duplicated. After modifying content, such as a playbook, restoring the content to an earlier version failed. In some cases, in the Playbook Debugger, files failed to download. When you clicked in the mini map in the playbook/workplan page, the clicked pane behaved as if you held the mouse button down and dragged the pane around. You had to click again in the pane to stop it from moving.
|
Remote Repositories | In some cases, when there were many differences in the content on the development and production machines, the list of changes could not be generated and content was not pushed to production. When items were added to the Exclusion list in a remote repository, if the items were edited or other items were pushed to production, the original items were dropped from the Exclusion list and had to be added again.
|
System Diagnostics | If you clicked Delete audits on the System Diagnostics page, an error message displayed, even though the audit trail was deleted. On the System Diagnostics page, if you clicked View details for an issue, the table was truncated and not all information was displayed.
|
Widgets | When editing a widget, after changing any value in the Values section (Operations tab), the data returned was initially incorrect. To see the correct data you had to switch back and forth between values. In a chart widget, the wrong value was used to pivot when clicking a None legend item which caused an incorrect filter in the Incidents page. In a widget grouped by time resolution by hours, no data was displayed for a custom time range.
|