Skip to content
  • There are no suggestions because the search field is empty.

Fixed Issues in 12.2.0.0 Release

Tags: Documentation, Release Notes, Version 12.2

This section lists issues fixed in 12.2.0.0 version.

Reporting Engine Fixes

  • Tracking Number: ASOC- 127373
  • Description: Test chart feature in Reports (Reports > Charts > Add new chart > Test Chart) is unable to load with certain time ranges such as 1hr, 3hr, 6hr, 12hr, and 24hr. This issue occurs because Start and End dates are set as required request parameters.

Health Wellness Fixes

  • Tracking Number: ASOC-122793
  • Description: The Hosts section under Health & Wellness > Monitoring doesn’t display the Physical drive, Logical drive, and adapter details due to an upgrade of the perccli library to the newer version.

  • Tracking Number: ASOC-109837
  • Description: In Multi-server setup, both endpoint servers with a similar name are not populated in the Health & wellness host in the Files drop-down list. As a result, showing only one endpoint server leads to the wrong telemetry data being displayed.

CCM Fixes

  • Tracking Number: ASOC-124432
  • Description: The partial status is missing in policy and group listing under the select policy status (Policy List or Group List > Open filter > Select Policy Status). This effect to filter the partial status for the policies and groups.

  • Tracking Number: ASOC-127302
  • Description: Inappropriate banner message displayed in Group Details panel (Policies > Event Stream Analysis > ESA Deployments ) if the policy is published to ESA group without deployment. As a result, it conveys a wrong message.

SMS Fixes

  • Tracking Number: ASOC-111141
  • Description: After upgrading or installing 11.6, 11.6.1, and 11.7 versions, the logs are not written to sms.log but instead to wrapper.log. This is because multiple libraries were updated in these versions.

ESM Fixes

  • Tracking Number: ASOC-119909
  • Description: In the Event Source Discover tab, the saved parser mappings are reverted when acknowledged. This occurs because the event source data is consolidated from different sources, but acknowledgment data is deleted due to an error.

Context Hub Fixes

  • Tracking Number: ASOC-124629
  • Description: The Context Hub Server Config page (Admin) > Services > select the ContextHub Server > View > Config) keeps loading if the RSA Endpoint (ECAT Data Sources) is not removed from the Context Hub Server before upgrading from 11.7 and older versions to 12.0, 12.1, or 12.1.x.x versions. Therefore, you cannot access the Data Sources.

Core Services (Broker, Concentrator, Decoder, Archiver) Fixes

  • Tracking Number:

    ASOC-123672

  • Description:

    The regex expression in the Snort rule is causing too many recursive calls and causes a Decoder crash.


  • Tracking Number: ASOC-113835
  • Description: When accidentally a log is being sent to the LC service with more than 65535 characters (the standard limit for Syslog messages), the LD service rejects the log. This can block the LD appliance, decreasing the capture rate to 0.

  • Tracking Number:

    ASOC-123806

  • Description:

    Security scanner reported that HSTS Security Header (Strict-Transport-Security parameter) missing from HTTPS Response Header on NextGen Core Service Rest Ports/Pages.


UEBA Fixes

  • Tracking Number: ASOC-127311
  • Description:

    DAG's are failing due to invalid entries in the management_store_metadata collection of the presidio database.

    This causes DAG to clean the invalid store, which does not exist in the local cache, throwing a null pointer.


Risk Scoring Server Fixes

  • Tracking Number: ASOC-127965
  • Description:

    The rsa-nw-logdecoder-analytics-content rpm is removed since it has deprecated content. Due to the removal, fields such as Risk, attack.tactic and attack.technique are unavailable in the events.json file. As a result, the Endpoint Investigation is affected by removing rsa-nw-logdecoder-analytics-content rpm.


Endpoint Fixes

  • Tracking Number: ASOC-127727
  • Description:

    When you select a host and perform the YARA scan, the username associated with the host is not displayed in the Username column.


  • Tracking Number:

    ASOC-125796

  • Description:

    The File Name column is not exported when you export the Files attributes to a CSV file.


  • Tracking Number:

    ASOC-124056

  • Description:

    The Delete filter is not working properly in the Hosts, Files, and Respond pages because the springboard does not trigger an API call request. As a result, you cannot delete already available filters.


  • Tracking Number: ASOC-123536
  • Description: When initiating YARA scan for a bulk agent, a few agents are not getting the correct banner. As a result, instead of getting a green banner, orange banner displays, which is a warning sign.

  • Tracking Number:

    ASOC-124482

  • Description:

    The Cancel and Reset options in the Reset Risk Score window (Files > select a file > More Actions > Reset Risk Score) cannot be accessed. As a result, you can neither cancel the Risk Score reset operation nor reset the Risk Score of the selected file


  • Tracking Number: ASOC-124434
  • Description: The Agent performs the YARA scan only for the YARA Rule files with .yar extension in their filenames and ignores other extensions such as .txt and .yara. As a result, agent YARA scan was not performed. This issue occurs due to rule file extensions validation check.

  • Tracking Number:

    ASOC-122298

  • Description:

    In multi-EPS deployment, when a malicious file is discovered in an agent machine, it gets alerted every time that file does some activity on the agent. This generates the same alert multiple times.


For additional information on fixed issues, see the Fixed Version column in the NetWitness® Platform Known Issues list (https://community.netwitness.com/t5/netwitness-platform-known-issues/netwitness-platform-known-issues/ta-p/571872) on NetWitness Community Portal.