Skip to main content
Skip table of contents

2022.04 Release Notes

New Features

  • Now supporting endpoint integration with Cisco AMP EDR.

  • Now supporting CIDR notation on whitelists to allow users to whitelist a range of values.
  • Now detecting and checking Ransomware files that have double file extensions.
  • Users can now edit or delete a single entry in the Network Table. They can also delete multiple entries at once. 
  • Users can now view more information in the log files of an incident or notable event under the JA3 hash.
  • Users can now enable packet capture (PCAP) in the UI and download PCAP files for specific incidents or cases.
  • Added several detection capabilities. The following detections and alert tags can be viewed on the Hunt Activity page:

    DetectionAlert TagDescription
    Clear Text Authentication over HTTPAlertEventWhen connections in a network use a clear text authentication over HTTP, they are recorded on the Hunt Activity page with the AlertEvent tag.
    Expired CertificateNoticeEventWhen connections in a network use an expired certificate, they are recorded on the Hunt Activity page with the NoticeEvent tag.
    Weak CipherAlertEventWhen connections in a network use a weak cipher, they are recorded on the Hunt Activity page with the AlertEvent tag.


  • Improved UI functionality for several actions so they respond as expected: query behavior and search results, saved configurations, and Rapid7 integrations and queries.

  • Data Transfer visualizations on the Main Dashboard now represent total networking traffic.

Deprecated Features

  • No deprecated features in this release.

Resolved Issues

Bug ID

Salesforce Case ID

Release Notes


After correctly configuring the Rapid7 integration, user now receives confirmation message.

DE13086N/AAll SMB types now display correctly in Special Investigation SMB results.

Escape characters (\) in a search query are now retained when the query is saved.


Queries run against Rapid7 now return results as expected.

DE13343N/AData Transfer visualizations on the Main Dashboard now represent total networking traffic.
DE13366423300When drilling down on hunt query search results, the original query is now appended with an AND to filter results further.
DE13382423557Slack notification is now disabled by default in configuration, and the services are restricted from sending Slack notifications from customer environments to outside networks unless approved.
DE13385423642IOACount field in incident detail page is now working in Lenovo for MistNet user account.
DE13420N/A The geoip pipeline is now installed in all nodes.

The Destination Hostname is now displayed under the Host Menu. 

DE13610N/AEmail notifications edit page now displays the correct email value.

The username is now parsed as User_name and not User_id.

DE13996N/AWhen any network, host, or user is set to critical or watched, the setting is now stored and applied permanently.
DE14209N/AQuery now works based on NTLMv2 to enable MistNet to use all available authentication methods for active directory integration.

LDAP query now picks only computers and not groups.

Resolved Issues - Security

Security-related issues resolved with this release are available for customers to view on the Community.

Known Issues

Bug IDComponentsDescriptionRelease Notes


Firewall Integrations: Palo AltoPalo Alto integration only works with PAN OS 10.

Expected Results: The Palo Alto integration should work with any PAN OS.

Workaround: There is currently no workaround for this issue.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.