The Mandiant Advantage Security Validation (MA-SV) team is pleased to announce version 5.11.0.0 of the MA-SV platform.
General Enhancements
- Added the Assessments feature (Private Preview), which simplifies how you get started using content and consistently execute control or compliance assessments across your organization. This feature provides a way to group content together for campaigns, best practices, or quarterly assessments for a compliance audit.
- See the Assessments documentation for more information.
- For more information, please contact your TSC, your CSM, or go to Support.
- Added the Integrations feature (Public Preview), providing a more modern Integrations solution than in previous releases.
- See the Preview Integrations documentation for more information about the feature and how to enable it.
- For more information, please contact your TSC, your CSM, or go to Support.
- Added support for Server Name Indication (SNI) for HTTPS Actions
- Google Cloud Platform (GCP) profiles are now available for Actors to connect to GCP platforms when running CVM Actions
- Added API documentation for audit log endpoint (/audit_logs/table_data.json)
- Added new Director option to verify TLS certificate presented by Push Actor
- Added a new Google Cloud Logging Service integration
- Updated API for deleting Actors
- Product Stability and on-premises MSV to MA-SV migration improvements
Bug Fixes
- Fixed an issue where multi-organization users were unable to log in
- Fixed an issue where the Integrations UI became disabled when Pausing or Restarting a Remote Integration
- Fixed an issue where the Securonix SNYPR integration was producing errors
- Fixed an issue where MA-SV was not pulling correlated events for QRadar offenses
- Fixed and issue where cloning a Evaluation on the Threat Actor page redirected to the wrong page
- Addressed some cosmetic issues with the Content Library
- Fixed an issue where a user could be unable to log into MA-SV if they existed prior to migration.
- Fixed an issue that prevented re-enabling a user when they had no default organization assigned
- Fixed an issue where the Audit log was not capturing user group change information
- Fixed API documentation so users can run actions with a user profile via the API
- Fixed an issue where selecting "Show monitor" of email actions redirected to a full list of monitors instead of the target action monitor
- Fixed an issue that can cause the Heat Map to fail to display properly
- Fixed an issue where the dropdown menu for selecting CVM action cloud profiles intermittently failed
- Fixed an issue where the following API call was not returning any "security_technology": https://app.validation.mandiant.com/v2/jobs/915070.json?only=id,vid,detected,blocked,security_technology
- Fixed an issue that could potentially cause the TAAM integration to Mandiant Threat Intelligence to freeze
- Fixed an issue when running a Network Action where the value of proxy_check was set to true when a proxy was not used. This would have occurred when a source Actor had a default proxy configured but the user overrode the proxy with "None" (value 0).
- Fixed an issue where integration Test query and Operational Status queries would fail due to either a timeout or a buffer overflow caused by too much data
- Fixed an issue where local authentication was still successful after configuring SAML authentication only
- Fixed an issue where the Splunk ES Integration, running on a Remote Integration Actor, would fail when trying to match notable events
- Fixed an issue where Secure Copy Protocol (SCP) file transfer to an appliance Protected Theater would fail
- Fixed an issue where TAAM Evaluations for Host CLI (Windows) included mismatched RunAs tag actions that caused errors during execution
- Fixed an issue where an AEDA Monitor result and Job detail data would conflict