Automation | If you uploaded a new version of a script, the new version did not appear in the UI, even though it replaced the original version. When editing a script, if the user's browser was zoomed out, the edit integration window scrolled more than expected.
|
Dashboard | When a text widget was displayed in a dashboard, while trying to copy the text, it could not be selected. When returning to Dashboard view from a filter, the wrong date range was displayed.
|
Elasticsearch | |
Engines | Under → → , the Status column did not show any data. When upgrading the server, the Upgrade Engine button was disabled. The main server that listened to a specific port for engine requests could not connect. The engine could not reach the main since the port was not listening.
|
Incidents | When an image was added via the Notes section of an incident layout, you could not expand the image thumbnail to view the full-sized image. In some cases, incidents that contained long text caused the page to crash. This occurred more frequently when using the Firefox browser. Resizing of columns in a grid wasn't saved. When two users were editing a layout at the same time, the second user to save the layout would override the changes made by the first user. (Elasticsearch) Dropped incident data would sometimes not be updated due to version conflicts. In the incident layout, a pie chart showing Close Reason did not filter correctly for "None". When scrolling to the right on the QRadar Events page, when the page refreshed it reset to the beginning. When changing the order of pre-process rules, sometimes the changes did not take effect, or an error appeared. When batch closing incidents, the name field appeared in the close incident modal, even though renaming is not supported. Users were unable to upload files with the same file name but that had different content, in the attachment field. When creating a new incident field of type grid, if the rows were deleted, "No results" was displayed instead of displaying the table headers. When editing an incident layout, if the scroll-bar was required to view all tabs, the tab name disappeared if you selected Rename from the tab options dropdown. When a file was uploaded from the command line, a closing curly brace } was added to the file extension. For example, uploading a .py file resulted in the file type showing as py} .
|
Indicators | When using indicator field change trigger scripts, in some cases the data in grid fields either did not appear in the indicator layout, or the data appeared and then disappeared and could only be viewed by refreshing the page. The indicator timeline did not update indicator relationship changes, when the indicator was not all lower case. If a disabled indicator type and an active indicator type had the same name, a job to expire indicators could in some cases use the expiration method of the disabled indicator type. In some cases, threat intel feeds did not process indicators due to feed triggered jobs processing indicators. When there were multiple pages of exclusion indicators, only the displayed page was exported to a CSV file when you selected "select all x items". For example, if there were 3 pages of exclusion lists and you were viewing page 2 of 3 and selected "selected all x items", only the 50 items on page 2 of 3 were exported to the CSV file. Indicator grid fields could not be edited. The enrichIndicators command failed if an indicator had leading or trailing whitespaces. Leading and trailing whitespaces are now automatically trimmed when new indicators are added.
|
Integrations | The Welcome Page for the Malware Deployment Wizard contained a broken link. |
Jobs | In some cases, when you tried to save a feed based job, an error displayed that a required field was missing, and the job could not be saved. Scheduled jobs ran in a loop when the clock changed for daylight savings time.
|
Marketplace | In → → , content pack validation stopped working. When browsing the Marketplace offline with the marketplace.sync.enabled server configuration set to false, an "Item not found" error was displayed. In some cases, if a content pack contained a wizard, the content pack could not be updated. When upgrading a content pack, the version number displayed for the currently installed content pack was incorrect
|
Multi-tenant | Under ++, sorting by the Status column showed incorrect sorting. When a SAML integration was pushed from main to host, there were synchronization issues.
|
Playbooks | When editing a playbook task using the Firefox browser, you could not add a filter in the filters and transformers dialog box. In the playbook builder, input fields disappeared when the field value was deleted. In playbook Data Collection tasks, when creating single select reply options after deselecting First option is default, the reply options were duplicated. After modifying content, for example a playbook, restoring the content to an earlier version failed. When you clicked in the preview of the mini map in the playbook/workplan page, the clicked pane behaved as if you held the mouse button down and dragged the pane around. You had to click again in the pane to stop it from moving around. In some cases, files failed to download in the playbook debugger. The message body in a conditional task in a playbook was not displayed when the playbook was run. When running playbooks, the zoom and follow functions did not work correctly. In a Conditional task, when selecting the condition value to as value, and after editing the playbook again, the condition value changed to from the previous tasks. When the Darkula theme was enabled, a white space appeared in the upper right hand corner, when editing playbooks. When editing a playbook task, disabled automations were available for use as transformers. Task alignment lines did not appear when moving tasks within a playbook.
|
Remote Repositories | When items were added to the Exclude list in a development machine, if the items were edited or other items were pushed to production, the original items were dropped from the Exclude list and had to be re-added. In some cases, when there was a large number of differences in the content on the development and production machines, the list of changes could not be generated and content was not pushed to production.
|
Reports | When a PDF was generated of a report, percentages were displayed in pie charts, even if Show also percentage was unchecked in the Visuals tab of the Quick chart definitions for the widget. If you generated a PDF report that included a Grid Field, the columns in the grid did not display in the correct order.
|
System | The number of user investigations (My incidents) that were returned from the server was unlimited and caused the UI to crash. The number of user investigations is now limited to 1000. This number can be changed using the user.max.shell.investigations configuration. The new default Content Security Policy (CSP) server setting rendered the server inaccessible. After a server restart, waiting tasks were re-run, causing emails or other communications to be resent.
|
System diagnostics | On the System Diagnostics page, if you clicked View details for an issue, the table was truncated and not all information was displayed. If you clicked Delete audits on the System Diagnostics page, an error message displayed, even though the audit trail was deleted.
|
Users & Roles | When a user assigned to a role with shared pre-set role queries tried to navigate to the War Room, they got a "Client rendering error." API calls for ++ were performed for users without permissions to Settings. (Multi-tenant) When using Active Directory, there were intermittent delays and inability to add roles in tenants.
|
War Room | In the War Room, you could not save custom filters. In some cases, hyperlinks contained highlighting in the War Room. In the War Room, when an image was added using the markdown input, the image could not be expanded by clicking on it. If a script was executed from the CLI and a sensitive argument was included that contained a double quote (") character, the sensitive argument was displayed in the War Room in clear text, instead of being replaced with asterisks. In some cases, when running automations, if a docker pull command was executed successfully, an error entry was created in the War Room.
|
Widgets | When editing a widget, after changing any value in the Values section (Operations tab), the data returned was initially incorrect. To see the correct data you had to switching back and forth between values. (Elasticsearch) When adding a line graph widget showing incidents over time to a dashboard, in some cases an error occurred when the graph time resolution was set to weeks. (Elasticsearch) The widget builder interpreted decimal values in number fields as 0. In a widget grouped by time resolution by hours, no data was displayed for a custom time range. When creating a new Number widget, if under Operations the Values was changed from Count to Sum, it could not change back to Count. In a chart widget, the wrong value was used to pivot when clicking a None legend item which caused an incorrect filter in the Incidents page.
|