The Mandiant Security Validation (MSV) team is pleased to announce version 4.14.2.0 of the MSV platform.
Enhancements
- Added Microsoft Graph SDK for Python to the Cloud Action environment.
- Added disk space checks and automatic lockouts for Protected Theater. This enhancement prevents loss or damage of data due to the Protected Theater running out of space.
- Disabled non-sandbox management commands on Protected Theater. Protected Theater only managed Protected Actors.
Bug fixes
- Fixed an issue in the Director web header.
- Fixed an issue where the Scheduled Jobs time field reverted back to the previous value.
- Fixed an issue where the MSI service log wasn't rotating.
- Fixed an issue where MSI integrations weren't using all IP addresses on an Actor.
- Fixed an issue where Captive DNS Actions weren't running after a successful first run.
- Fixed an issue where AEDA pages weren't opening and returned a 500 error.
- Fixed an issue where the Director couldn't show the current version of the MSI container.
- Fixed an issue with session cookie values.
- Fixed an issue where exporting custom content timed out.
- Fixed an issue where MSI Palo Alto NGFW Suspicious Events had timestamps in the future.
- Fixed an issue where editing a Scheduled Job reverted that advanced options to default.
- Fixed an issue where Protected Theater Evaluations with more than 6-7 Actions were failing.
- Fixed an issue where a 4.14.0.2 Director installation was failing on RHEL 8.9 under certain conditions.
- Fixed an issue where the Protected Theater image path could not be expanded.
- Fixed an issue where Rocky Linux-based Actors could not be reattached to the Director.
- Fixed an issue where a certificate wasn't formatted correctly when MSV was upgraded to a Rocky Linux-based virtual machine.
- Fixed an issue where Protected Theater was unable to connect to a security center domain that is needed for Microsoft Defender for Endpoint functionality.
- Fixed an issue where the Job Action Result window wasn't displaying any data.
- Fixed an issue where filtered events weren't appearing for the Microsoft Azure Sentinel Integration.
- Fixed an issue where Jobs couldn't be scheduled at specific times.
- Fixed an issue where the Protected Theater repository was pointing to a non-existent path.
- Fixed an issue where Job Results pages weren't showing events from Splunk.
- Fixed an issue where disk space couldn't be allocated to the
/imagepartition for Protected Theater. - Fixed an issue where the web interface was only showing one virtual address when there is more than one that can be selected when running an Action.
- Fixed an issue where attempting to upgrade a Director with low disk space would fail.
Known issues
- Local Event Filtering works as expected but is limited to Match Action, Match Integration, and Match Events (when the latter involves Raw Events). If a rule has a Match Event condition for any field other than Raw Event, the rule does not apply to Local Events. It only applies to events from standard local integrations in MSV.
- Network configuration may reset unexpectedly. To resolve the issue, run
vsetnetafter the upgrade with static IP addresses for one or more interfaces.
Appliance OS Security Update
The latest platform security update can always be found on the Validation Section of the Docs Portal. This security update applies to all versions of the product and is cumulative.
Important Installation Notes
Minimum Director version 4.12.0.0 or higher is required to upgrade to version 4.14.2.0.
To download documentation and software (appliance images, installers, and update packages) visit the Validation Section of the Docs Portal. For full details on how to upgrade, see Updating Security Validation Components.