The Mandiant Security Validation (MSV) team is pleased to announce version 4.13.0.0 of the MSV platform.
General Enhancements
- Moved Mandiant SecOps Integrations (MSI) Service from Public Preview to General Availability (GA). The Integrations Service streamlines direct and remote integrations setup and configuration. Customers are strongly encouraged to use the MSI Integrations Service as of this release onward. For more information, see the Integrations documentation. NOTE: Legacy Integrations are still available but will no longer have new features or bug fixes.
- Support for Actor-to-Actor communications through Kerberos proxy over HTTPS
- AEDA Scheduling Enhancement
- Added support for MITRE ATT&CK version 14
Bug Fixes
- Fixed an issue that caused errors for Director upgrades from 4.11.x to newer versions
- Fixed an issue where Email Monitors were using old configuration data
- Fixed an issue where users were unable to create Ransomware Defense Validation reports due to widgets missing from Report Builder
- Fixed an issue where users were unable to configure a timezone other than UTC for MSI integrations to match event information
- Fixed an issue where PAN integration did not query for THREAT logs and cannot be configured
- Fixed a Report Builder issue where clicking on the ellipses for a stacked bar chart would cause the screen to go blank
- Fixed an issue where running the Splunk Correlation Query caused an error
- Fixed an issue where MSI logging was causing errors with generating log bundles
- Fixed an issue where Job notifications could cause an error in the verodin_notifications_log
- Fixed an issue where repeating and scheduled jobs were not honoring their runtime configuration
- Fixed an issue that resulted in Protected Theater Evaluations to fail
- Security Technologies description should not say "detected from MSI events"
Known Issues
- The Multisite Reporting feature and MSI Integrations service are not working properly with RHEL8 Directors. We are working to resolve this issue as soon as possible.
- When you add the first MSI integration on a Remote Integrations Actor, the integration does not get detected. To fix this, reboot the Actor after the first MSI integration is selected for that Actor.
- Local Event Filtering works as expected but is limited to Match Action, Match Integration, and Match Events (when the latter involves Raw Events). If a rule has a Match Event condition for any field other than Raw Event, the rule does not apply to Local Events. It only applies to events from standard local integrations in MSV.
Appliance OS Security Update
The latest platform security update can always be found on the Validation Section of the Docs Portal. This security update applies to all versions of the product and is cumulative.
Important Installation Notes
Minimum Director version 4.11.0.0 or higher is required to upgrade to version 4.13.0.0.
To download documentation and software (appliance images, installers, and update packages) visit the Validation Section of the Docs Portal. For full details on how to upgrade, see Updating Security Validation Components.