2022.07 Release Notes

MistNet NDR has been renamed LogRhythm NDR.

During a transition period, you will see both names referenced in our documentation. In a later release, the user interface (UI) will be updated to include only references to LogRhythm NDR. At that time, our documentation will also be updated to only reference LogRhythm NDR.

New Features

Users can now search for Ransomware events under the AlertEvent Events and differentiate/filter Ransomware AlertEvent instances from other AlertEvent instances.
Users can now deny the creation of incidents for external entities based solely on IDS signatures.
Users can now use a test button to check the credentials of third-party integrations Shodan and Rapid7 into LogRhythm NDR.
Users can now search for BitTorrent-only Connection events and differentiate/filter BitTorrent connection events from other Connection events.
Users can now ingest NetFlow traffic so that it can be analyzed to help build models of normal behavior and identify anomalous and malicious behavior.
Users can now view the IDS signature rule in AlertEvents.
Vulnerability scanning data from Rapid7 and Qualys integrations is now used to help qualify IDS detections and reduce false positives.
Now offering proxy support for security environments that require restrictive network controls. For more information, see Proxy Support.

Improvements

Users can now delete more than one incident at a time, instead of having to do them one at a time.
Customer-facing documentation has been reorganized to better align with the user interface. There is now an analyst guide and an administrator guide.
Upgraded the built-in MITRE ATT&CK framework in LogRhythm NDR for improved classification and description of cyber attacks and intrusions.
Users can now proactively create a new Whitelist from scratch in the Whitelist page and view incidents that are valid and relevant, if they have the relevant information.
Users can now see more verbose error reporting when threat intelligence content fails to upload in the System/Policy Management/Intel Rule. A table shows threat intelligence details such as Username, Provider Indicator, Indicator Type, etc.

Deprecated Features

No deprecated features in this release.

Resolved Issues

Bug ID	Salesforce Case ID	Release Notes
DE14344	431356, 429054	The Palo Alto integration now works with any PAN OS.
DE12726	421680	When searching from the Hunt / Mitre page, the user's selected query is no longer appended with the default query.
DE13272	421549	All NetBios communication is now recognized as NetBios.
DE13392	421751	When set as local, subnets now show as local.
DE13796	428507	Host scores in dashboards now show correct numbers.
DE13802	428048	The Main Dashboard now shows correct scores for users consistently.
DE14239	430591	The Probe Node Status page now shows correct traffic volume for ProbeNodes.
DE14336	433025	When searching from the Hunt Activity page, special characters in historical searches remain exactly what was entered.
DE14413	428792	This field has been filtered to now show only MITRE ATT&CK-related values.
DE14500	432798	When viewing the Hunt Incident / Details page, the blue "i" icon now shows in 4k resolution.
DE14604	435014	When a login request is submitted by local or service account, usernames no longer end with the $ sign.
DE15251	N/A	When downloading incidents (or download hosts) to CSV, total incidents data is now downloaded.
DE16256	440374	When the solar panel is checked, all network compliance policy violations are now shown.

Resolved Issues - Security

Security-related issues resolved with this release are available for customers to view on the Community.

Known Issues

Bug ID

Components

Description

Release Notes

DE14817

NDR

LogRhythm NDR does not connect to AD if hardening is applied on DC.

Expected Results: LogRhythm NDR should integrate with Active Directory (AD) even if AD is hardened.

Workaround: There is currently no workaround for this issue.