Skip to main content
Skip table of contents

2022.07 Release Notes

MistNet NDR has been renamed LogRhythm NDR.

During a transition period, you will see both names referenced in our documentation. In a later release, the user interface (UI) will be updated to include only references to LogRhythm NDR. At that time, our documentation will also be updated to only reference LogRhythm NDR.

New Features

  • Users can now search for Ransomware events under the AlertEvent Events and differentiate/filter Ransomware AlertEvent instances from other AlertEvent instances.
  • Users can now deny the creation of incidents for external entities based solely on IDS signatures.
  • Users can now use a test button to check the credentials of third-party integrations Shodan and Rapid7 into LogRhythm NDR.

  • Users can now search for BitTorrent-only Connection events and differentiate/filter BitTorrent connection events from other Connection events.
  • Users can now ingest NetFlow traffic so that it can be analyzed to help build models of normal behavior and identify anomalous and malicious behavior.
  • Users can now view the IDS signature rule in AlertEvents.
  • Vulnerability scanning data from Rapid7 and Qualys integrations is now used to help qualify IDS detections and reduce false positives.
  • Now offering proxy support for security environments that require restrictive network controls. For more information, see Proxy Support.


  • Users can now delete more than one incident at a time, instead of having to do them one at a time.

  • Customer-facing documentation has been reorganized to better align with the user interface. There is now an analyst guide and an administrator guide.
  • Upgraded the built-in MITRE ATT&CK framework in LogRhythm NDR for improved classification and description of cyber attacks and intrusions.
  • Users can now proactively create a new Whitelist from scratch in the Whitelist page and view incidents that are valid and relevant, if they have the relevant information.
  • Users can now see more verbose error reporting when threat intelligence content fails to upload in the System/Policy Management/Intel Rule. A table shows threat intelligence details such as Username, Provider Indicator, Indicator Type, etc.

Deprecated Features

  • No deprecated features in this release.

Resolved Issues

Bug ID

Salesforce Case ID

Release Notes

DE14344431356, 429054The Palo Alto integration now works with any PAN OS.
DE12726421680When searching from the Hunt / Mitre page, the user's selected query is no longer appended with the default query.

All NetBios communication is now recognized as NetBios.


When set as local, subnets now show as local.


Host scores in dashboards now show correct numbers. 

DE13802428048The Main Dashboard now shows correct scores for users consistently.

The Probe Node Status page now shows correct traffic volume for ProbeNodes.

DE14336433025​​​​​​​When searching from the Hunt Activity page, special characters in historical searches remain exactly what was entered.
DE14413428792This field has been filtered to now show only MITRE ATT&CK-related values.
DE14500432798When viewing the Hunt Incident / Details page, the blue "i" icon now shows in 4k resolution.
DE14604435014When a login request is submitted by local or service account, usernames no longer end with the $ sign.
DE15251N/AWhen downloading incidents (or download hosts) to CSV, total incidents data is now downloaded.
DE16256440374When the solar panel is checked, all network compliance policy violations are now shown.

Resolved Issues - Security

Security-related issues resolved with this release are available for customers to view on the Community.

Known Issues

Bug IDComponentsDescriptionRelease Notes
DE14817NDRLogRhythm NDR does not connect to AD if hardening is applied on DC.

Expected Results: LogRhythm NDR should integrate with Active Directory (AD) even if AD is hardened. 

Workaround: There is currently no workaround for this issue.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.