2022.09 (Rev B) Release Notes
MistNet NDR has been renamed LogRhythm NDR.
During a transition period, you will see both names referenced in our documentation. In a later release, the user interface (UI) will be updated to include only references to LogRhythm NDR. At that time, our documentation will also be updated to only reference LogRhythm NDR.
To view a demo of the Beta version of the new NDR UI, click Log in to the Beta Version of the New NDR UI. This read-only preview, which is not fully functional, is designed only to provide a concept of what the new UI will look like.
New Features
- Users can now automatically identify and label AD servers and see if Kerberos events like Brute Force or Golden Ticket attacks occurred.
- Data masking now provides the ability to mask any sensitive and personally identifiable information in the UI, so that compliance regulations around data security and privacy can be met.
New Features to Preview in the Beta Version
- New LogRhythm-approved branding and logo replaces the MistNet branding and logo, to support the new LogRhythm cloud-native security operations platform.
- Users can contextualize and visualize incident lists in the new UI to help better understand the current condition of their environment.
- Users can drag a column header into the filter bar and the displayed incidents will filter based on that content and can add and remove these filter fields.
- Users can view incidents according to quantity, category, and score, get a historical comparison of incidents, and view the worst offenders.
- Users can see the number of threats in their environment and see a summary of the most critical threats.
- Users can get a quick look at the number of records added Elasticsearch per second.
- Keycloak-based signon has been implemented in the new UI, enabling a more secure and scalable login for NDR.
- React UI framework installed in the Dashboard makes the UI more customer friendly and workflow more efficient.
Improvements
- Users can now record the audit trail of all Whitelisting functions (including creation, modification, and deletion), as an enhancement to the Audit trail feature.
Improvements to Preview in the Beta Version
- Users users can more easily search for specific incidents and cases, building off the limited bookmarking feature in the old UI.
- The Dashboard has been updated to include more context around notable Users and Hosts in the Dashboard, including number of Incidents or Cases involving a User or a Host, and updates to include historical context of the current Score.
- A more intuitive workflow was implemented allowing users to bookmark Incidents and Cases.
- Notable Users and Hosts widgets are featured more prominently in the dashboard.
Deprecated Features
- No deprecated features in this release.
Resolved Issues
Bug ID | Salesforce Case ID | Release Notes |
|---|---|---|
| DE14722 | N/A | Now that this change is done while initializing the Elasticsearch, Service Monitor Scripts no longer produce false positives on UI notification. |
| DE14362 | 433744 | attacker_ip and victim_ip attributes are now successfully displayed in Incident exports. |
| DE14233 | N/A | When a saved query is loaded, special characters are no longer converted to HTML URL encoded values. |
| DE15236 | N/A | When a whitlist is loaded to be edited in /whitelist, it now shows empty results if there is no expiry date. |
| DE15237 | N/A | When host_origin in host table is double-clicked, LDAP vs none LDAP hosts are now properly sorted based on their host_origin value. |
| DE15738 | N/A | When host_origin in host table is double-clicked, LDAP vs none LDAP hosts are now properly sorted based on their host_origin value. |
| DE15250 | N/A | The IOA number in starburst now aligns with the number in the hosts screen. |
| DE15576 | 442875 | Cisco Firepower is no longer presented as an available option in the Connections menu in the UI. |
| DE15753 | 446201 | LDAP and AD no longer produce false positive notifications. |
| DE16272 | N/A | Elastic configuration changed to skip queries of inactive clusters that caused errors. |
| DE16273 | N/A | Report no longer gets downloaded in the wrong format. |
Resolved Issues - Security
Security-related issues resolved with this release are available for customers to view on the Community.
Known Issues
| Bug ID | Components | Description | Release Notes |
|---|---|---|---|
| DE14817 | NDR | LogRhythm NDR does not connect to Active Directory (AD) if AD has been hardened per Microsoft recommendations. | Expected Results: NDR should integrate with Active Directory (AD) even if AD has been hardened. Workaround: There is currently no workaround for this issue. |
Log in to the Beta Version of the New NDR UI
- Log in to the LogRhythm NDR UI.
- In the top right of the page, place your cursor over your profile name and role and click Edit Profile.
The Edit Profile page appears. - To enable the Keycloak login, click the Enable Keycloack Login checkbox.
The Credentials for Keycloak login box appears. - Type a new password in the Password field and in the Confirm Password field and click Create.
The message "Created Successfully" appears. - Click Ok.
- Click the Blue button "Try New Beta UI Tab".
The new UI opens in a new tab. - Enter your username and new password you created and click Sign In.
The Dashboard of the new UI appears.