Product Update 4.14.1.0 - August 15, 2024

The Mandiant Security Validation (MSV) team is pleased to announce version 4.14.1.0 of the MSV platform. 

Enhancements

  • Added Actor support for macOS Sonoma (14).
  • Added Last Run query for MSI Integrations.
  • Added support for running Host CLI Actions on Windows Endpoint Actors that are Azure AD-joined hosts.

Bug fixes

  • Fixed an issue where users weren't able to rerun Email Actions.
  • Fixed an issue where clicking Events next to an Action title in the Jobs wouldn't auto-expand the Job details and events section.
  • Fixed an issue where events were not suppressed or dropped from the Jobs view.
  • Fixed an issue where a Protected Actor was unresponsive after upgrade.
  • Fixed an issue where operation status checks on a Protected Actor were failing.
  • Fixed an issue where Search Replacements regex for Splunk could not be posted.
  • Fixed an issue where the /etc/chrony.conf pool was enabled by default and clashed with Director NTP settings.
  • Fixed an issue where users were unable to start an SSH connection with Protected Theaters.
  • Fixed an issue where Network Actions with Interactive Sessions couldn't run due to a sign-in timeout.
  • Fixed an issue where Actions weren't running on Protected Theater because of a certificate validation error.
  • Fixed an issue where scheduled Jobs couldn't be edited.
  • Fixed an issue where the vsetnet command did not run without the path being included.
  • Fixed an issue where Amazon Web Service MSI Integrations were not showing the integration name in the suspicious event logs.
  • Fixed an issue where Email Theater was not functional when connected to certain servers.
  • Fixed an issue where test emails were not being sent from a Rocky Linux deployment.

Known issues

  • Installing a 4.14.1.0 software-based Director as a non-root user results in having root in the Director's sudoers file instead of the non-root user. As a workaround:
    1. Connect to the Director through SSH.
    2. Run the following command: 
      sudo sed -i -e "s/root/$(stat -c %U /opt/apps/verodin/planner)/g" /etc/sudoers.d/verodin
  • Local Event Filtering works as expected but is limited to Match Action, Match Integration, and Match Events (when the latter involves Raw Events). If a rule has a Match Event condition for any field other than Raw Event, the rule does not apply to Local Events. It only applies to events from standard local integrations in MSV.
  • When you add the first MSI integration on a Remote Integrations Actor, the integration does not get detected. To fix this, reboot the Actor after the first MSI integration is selected for that Actor.
  • Network configuration may reset unexpectedly. To resolve the issue, run vsetnet after the upgrade with static IP addresses for one or more interfaces.

Appliance OS Security Update

The latest platform security update can always be found on the Validation Section of the Docs Portal. This security update applies to all versions of the product and is cumulative.

Important Installation Notes

Minimum Director version 4.12.0.0 or higher is required to upgrade to version 4.14.1.0.

To download documentation and software (appliance images, installers, and update packages) visit the Validation Section of the Docs Portal. For full details on how to upgrade, see Updating Security Validation Components.

© Copyright Mandiant. All rights reserved
  • First Published: August 15, 2024
  • Last updated: May 8, 2025
In This Article
Related Articles
Copyright © 2020 – 2021 Your Company, LLC. All rights reserved.