Select Page

RELEASE NOTES 6.0.5.3

RELEASED BUILDS

Build IDs: 6-0-5-3, master-81

BUG FIXES

  • Search results return empty in some occasions
  • Empty Search not returning results
  • InsertTTL calculation causing continuous streamer reboot
  • Geo Heatmap not rendering correctly in production
  • Loading indicator for Incident query
  • FreeForm queries don’t work
  • Artifact Search sort does not honor numbers on bytes
  • Artifact text search bar is broken
  • Loading large Artifact Domain crashes browser
  • Integrations test button isn’t working
  • Clicking on user, file, session and presence does not render right bar details with JSON.
  • Email test button doesn’t work
  • Cannot open saved search
  • Incident Merge can fail to properly merge all incidents
  • Incident facets lack correct information on full text search
  • APT update errors on some deployments
  • Graphs and Relationships do not render on Artifact Search
  • eq/= should pass to API as = (currently passing as LIKE in some fields)
  • IG filters: “Enabled Asset Types” should be “Required Asset Types”
  • When a second artifact query is made, the filters are not flushed/updated
  • Incident Search on Users is not displaying incidents returned by API
  • UI is not showing IGs listed in API response.
  • After updating an incident, incident list needs to be refreshed
  • UI is not showing IGs listed in API response.
  • Clicking on an Incident on the Linkboard causes the loading indicator to start on the right bar an never close.
  • Tooltip missing on True+ Venn

FEATURES

  • Add Artifact search field for messageType
  • Enable details modal of Connection Details (similar to Leads)
  • Provide modal to view node & edge details on incident (same as leads)
  • Provide modal to view Incident JSON (same as leads)
  • On incident filters, allow filtering based on nodes (Host, target, user, file, email)
  • Add infotip or mouseover that uses browser timezone to display local version of timestamp
  • Precinct Supports off-line operation via WitFoo Coordinator
  • Feature for off-line updates
  • Allow filtering of Artifacts using + and – mag icons on Artifact Table and JSON object
  • Allow facet filtering on Product & Users
  • Offline Version of Library
  • Search for an Incident ID
  • Export Incident & other objects to JSON

INTEGRATIONS

  • FireEye AX, NX, HX, EX Integrations
  • Sophos integration not processing

IMPROVEMENTS

  • Prefetch external IP information to improve search data
  • Allow download of Incident JSON of a selected Incident
  • When loading nodes on the right panel of Incidents, add a loading indicator
  • When `artifact_domains` are loading on artifact page, give loading notice
  • On Incident filter hide the status “Unprocessed”
  • Senderhost dead notification and reporting
  • Add “Reset” button to Incident Facets to set search options to default
  • Better handling of timeouts with ThreatHit processing

 

NOTE: Clear Chrome cache using the instructions linked here.

Search (Querying) WitFoo Precinct Data

 

RSS Feed for release notes is: https://community.witfoo.com/category/release-notes/feed/

Email notifications for WitFoo Release Notes can be subscribed to here: http://eepurl.com/dBO0EH

Submit a Comment