Product Update 4.12.0.0 - September 29, 2023

If you're on a Mandiant Security Validation (MSV) release prior to 4.12.1.0, you may notice that a license expired watermark appears on the Network Map page on your Director.

Network Map Page with License Expired Watermark on an MSV Director

This watermark is related to the software that renders the Network Map and does not affect functionality of the product.

Use one of the following options to fix the watermark issue permanently:

  • Update to the latest release (4.12.1.0 or later) or migrate to Mandiant Advantage Security Validation (MA-SV).
  • As an additional option, you can upgrade to release 4.12.0.1, which provides a fix for this issue and if you need more time to complete the update to 4.12.1.0 or later.

The Mandiant Security Validation (MSV) team is pleased to announce version 4.12.0.0 of the MSV platform.

General Enhancements

  • New Integrations Service Preview for streamlining local and remote integrations setup and configuration. Customers are strongly encouraged to use the new Preview Integrations as they are updated most frequently, including nightly builds as part of our security patches. For more information, see the Preview Integrations documentation.
  • Extended Pipelines functionality to support delivering job results to one or more Webhook destinations. For more information, see the Pipelines documentation.
  • Extended Ransomware Defense Validation to all users. For more information, see Using Security Validation for Ransomware.
  • Added Cloud Validation Module (CVM) support to all users. While CVM Actions are available to all on-prem customers, CVM content packs still require a Cloud Validation license. For more information, see the Cloud Validation Module documentation.
  • Content Library Enhancements including changes to viewing and filtering Actions, Evaluations, and Sequences, including the following:
    • The Sequences Library is now the default home page and is sorted by last added.
    • Improved Filtering by Last Run job status and enhanced Filter Dimensions
    • Highlights for content updates, including the "New" status indicator
    • Enhanced sorting options
    • Last Ran date and Status
    • Paginated content list loads in seconds as opposed to minutes
    • Enhanced Preview panel with links to Jobs
    • Actions, Sequences, and Evaluations documentation updated to reflect the Content Library Enhancements
      Example of Sequence Library Changes

Bug Fixes

  • Fixed an issue where Operational Status emails were not being generated and sent
  • Fixed a Content Library issue where sort by "Name" with ascending order was not displaying results in the proper order
  • Fixed a Content Library issue where the last Action description was being truncated
  • Fixed an issue on Actor upgrades that could cause disk space problems and prevent an upgrade
  • Fixed an issue where deleting an action could result in 400-series error
  • Fixed an issue where the Suspicious Events filter was not exporting events correctly
  • Fixed an issue where Protected Theater map and integrations displayed conflicting data
  • Fixed an issue where Protected Theater upgrades stopped with message "Waiting for Protected Actor to come online" and the Protected Actor was not reachable
  • Fixed an issue where the Action Preview was failing to display
  • Fixed an issue in the Content Library where the "New evaluation from selected" or "New sequences from selected" options were not functioning
  • Fixed an issue where the Actions queue was displaying the incorrect total number of Actions
  • Fixed an issue where Jobs were sometimes matching to the incorrect Security Technology on the endpoint
  • Fixed an issue where Network actions would unexpectedly error out with an apparent need for HTTP credentials even though there was not any device expecting the credentials
  • Fixed an issue where the Pull Actor service would eventually stop processing incoming requests from Network and Endpoint Actors
  • Fixed an issue where the Security Technology values did not always populate when creating AEDA monitor from existing Jobs
  • Fixed an issue where modifying a Scheduled or Repeating Job would clear the "Target Domain" field
  • Fixed an issue where email profiles would be deleted when no Actors were assigned

Known Issues

  • Azure Log Analytics and Google Cloud Logging are not yet supported for Preview Integrations but are still available as Classic Integrations.
  • OVA Directors have the ability to update Preview Integrations. Non-OVA Directors will be able to update Preview integrations in a coming release.
  • The Multisite Reporting feature and Preview Integrations service are not working properly with new RHEL8 Directors. We are working to resolve this issue as soon as possible.
  • Local Event Filtering works as expected but is limited to Match Action, Match Integration, and Match Events (when the latter involve Raw Events). If a rule has a Match Event condition for any field other than Raw Event, the rule does not apply to Local Events. It only applies to events from standard local integrations in MSV.

Appliance OS Security Update

The latest platform security update can always be found on the Validation Section of the Docs Portal. This security update applies to all versions of the product and is cumulative.

Important Installation Notes

Minimum Director version 4.10.0.0 or higher is required to upgrade to version 4.12.0.0.

As of Actor version 4.12.0.0, we have ended support for Actors on 32-bit architectures, as well as the following OSes: Windows 7, Windows 8.1, Windows Server 2012 R2, and MacOS 10.14 Mojave. Contact support if you have any questions or concerns. In the meantime, you must take the following actions:

  • Retire any Endpoint Actors on these platforms
    or
  • Replace the Actors with ones on supported platforms

© Copyright Mandiant. All rights reserved
  • First Published: September 29, 2023
  • Last updated: December 11, 2023
In This Article
Related Articles
  • None
Copyright © 2020 – 2021 Your Company, LLC. All rights reserved.