New Features
-
Now supporting endpoint integration with Cisco AMP EDR.
-
Now supporting CIDR notation on whitelists to allow users to whitelist a range of values.
-
Now detecting and checking Ransomware files that have double file extensions.
-
Users can now edit or delete a single entry in the Network Table. They can also delete multiple entries at once.
-
Users can now view more information in the log files of an incident or notable event under the JA3 hash.
-
Users can now enable packet capture (PCAP) in the UI and download PCAP files for specific incidents or cases.
-
Added several detection capabilities. The following detections and alert tags can be viewed on the Hunt Activity page:
Detection
Alert Tag
Description
Clear Text Authentication over HTTP
AlertEvent
When connections in a network use a clear text authentication over HTTP, they are recorded on the Hunt Activity page with the AlertEvent tag.
Expired Certificate
NoticeEvent
When connections in a network use an expired certificate, they are recorded on the Hunt Activity page with the NoticeEvent tag.
Weak Cipher
AlertEvent
When connections in a network use a weak cipher, they are recorded on the Hunt Activity page with the AlertEvent tag.
Improvements
-
Improved UI functionality for several actions so they respond as expected: query behavior and search results, saved configurations, and Rapid7 integrations and queries.
-
Data Transfer visualizations on the Main Dashboard now represent total networking traffic.
Deprecated Features
-
No deprecated features in this release.
Resolved Issues
|
Bug ID |
Salesforce Case ID |
Release Notes |
|---|---|---|
|
DE12869 |
N/A |
After correctly configuring the Rapid7 integration, user now receives confirmation message. |
|
DE13086 |
N/A |
All SMB types now display correctly in Special Investigation SMB results. |
|
DE13283 |
421680 |
Escape characters (\) in a search query are now retained when the query is saved. |
|
DE13340 |
421547 |
Queries run against Rapid7 now return results as expected. |
|
DE13343 |
N/A |
Data Transfer visualizations on the Main Dashboard now represent total networking traffic. |
|
DE13366 |
423300 |
When drilling down on hunt query search results, the original query is now appended with an AND to filter results further. |
|
DE13382 |
423557 |
Slack notification is now disabled by default in configuration, and the services are restricted from sending Slack notifications from customer environments to outside networks unless approved. |
|
DE13385 |
423642 |
IOACount field in incident detail page is now working in Lenovo for MistNet user account. |
|
DE13420 |
N/A |
The geoip pipeline is now installed in all nodes. |
|
DE13483 |
N/A |
The Destination Hostname is now displayed under the Host Menu. |
|
DE13610 |
N/A |
Email notifications edit page now displays the correct email value. |
|
DE13721 |
428050 |
The username is now parsed as User_name and not User_id. |
|
DE13996 |
N/A |
When any network, host, or user is set to critical or watched, the setting is now stored and applied permanently. |
|
DE14209 |
N/A |
Query now works based on NTLMv2 to enable MistNet to use all available authentication methods for active directory integration. |
|
DE14248 |
N/A |
LDAP query now picks only computers and not groups. |
Resolved Issues - Security
Security-related issues resolved with this release are available for customers to view on the Community.
Known Issues
|
Bug ID |
Components |
Description |
Release Notes |
|---|---|---|---|
|
DE14344 |
Firewall Integrations: Palo Alto |
Palo Alto integration only works with PAN OS 10. |
Expected Results: The Palo Alto integration should work with any PAN OS. Workaround: There is currently no workaround for this issue. |