Product Update 5.12.1.0 - November 2, 2023

The Mandiant Advantage Security Validation (MA-SV) team is pleased to announce version 5.12.1.0 of the MA-SV platform. 

General Enhancements

• Added support for MITRE ATT&CK versions 13 and 13.1

Bug Fixes

• Fixed an issue with Crowdstrike LogScale remote integrations that caused an [object object] error in the UI when checking health.
• Fixed an issue where 4.12.0.0 Actors using a proxy configuration did not connect to the Director
• Fixed a logic bug where, in certain cases, Actors might become unresponsive before clearing all their running job status
• Increased the Director relay timeout to help reduce occurrences of Integration Actors timing out while processing large numbers of raw events
• Fixed an issue that prevented security technology detection and discovery for some jobs
• Fixed an issue where some successfully blocked actions were subsequently erroring out due to a missing mimikatz prompt
• Fixed an issue where content for McAfee ESP was incorrectly being mapped as McAfee DLP
• Fixed an issue that prevented proper parsing of a PCAPNG file with an ethernet header

Known Issues

• Local Event Filtering works as expected but is limited to Match Action, Match Integration, and Match Events (when the latter involve Raw Events). If a rule has a Match Event condition for any field other than Raw Event, the rule does not apply to Local Events. It only applies to events from standard local integrations in MSV.
• Remote Integrations require an appliance-based Actor deployment and the Preview Remote Integrations currently retain the same limitation. Support is coming for installer-based Actors with remote integration support prior to full GA of the new Integrations.

Important Installation Notes