The Mandiant Security Validation (MSV) team is pleased to announce version 5.13.0.0 of the MSV platform.
General Enhancements
- Moved Mandiant SecOps Integrations (MSI) Service from Public Preview to General Availability (GA). The Integrations Service streamlines direct and remote integrations setup and configuration. Customers are strongly encouraged to use the MSI Integrations Service as of this release onward. For more information, see the Integrations documentation.Legacy Integrations are still available but will no longer have new features or bug fixes.
- Support for Actor-to-Actor communications through Kerberos proxy over HTTPS
- AEDA Scheduling Enhancement
- Added support for MITRE ATT&CK version 14
Bug Fixes
- Fixed an issue where Email Monitors were using old configuration data
- Fixed an issue where users were unable to create Ransomware Defense Validation reports due to widgets missing from Report Builder
- Fixed an issue where users were unable to configure a timezone other than UTC for MSI integrations to match event information
- Fixed an issue where PAN integration did not query for THREAT logs and cannot be configured
- Fixed a Report Builder issue where clicking on the ellipses for a stacked bar chart would cause the screen to go blank
- Fixed an issue where running the Splunk Correlation Query caused an error
- Fixed an issue where MSI logging was causing errors with generating log bundles
- Fixed an issue where Job notifications could cause an error in the verodin_notifications_log
- Fixed an issue where repeating and scheduled jobs were not honoring their runtime configuration
- Fixed an issue that resulted in Protected Theater Evaluations to fail
- Security Technologies description should not say "detected from MSI events"
Known Issues
- Local Event Filtering works as expected but is limited to Match Action, Match Integration, and Match Events (when the latter involves Raw Events). If a rule has a Match Event condition for any field other than Raw Event, the rule does not apply to Local Events. It only applies to events from standard local integrations in MSV.