The Mandiant Advantage Security Validation (MA-SV) team is pleased to announce version 5.14.0.2 of the MSV platform.
Bug fixes
- Fixed an issue where Threat Intel feeds for Threat Actor Assurance Module (TAAM) Evaluations were not being updated and users received no indication.
- Fixed an issue where menu items were missing in the Director web interface for users belonging to more than one organization under certain circumstances.
- Fixed an issue where a user belonging to multiple orgs signed into Advantage, but when redirected to MA-SV, didn't have any navigation options.
- Fixed an issue where Splunk MSI Remote Integrations were producing 500 errors and events weren't being collected.
Known issues
- After migrating Actors to the Rocky Linux 8-based VM, Remote Integrations may fail. Use the steps in this document as a workaround.
- When you add the first MSI integration on a Remote Integrations Actor, the integration does not get detected. To fix this, reboot the Actor after the first MSI integration is selected for that Actor.
- Local Event Filtering works as expected but is limited to Match Action, Match Integration, and Match Events (when the latter involves Raw Events). If a rule has a Match Event condition for any field other than Raw Event, the rule does not apply to Local Events. It only applies to events from standard local integrations in Security Validation.