Released Builds

  • Production: Precinct-master-10, Precinct-master-19
  • Early Access: Precinct-earlyaccess-13, Precinct-earlyaccess-19

Builds published to WitFoo Library at 2/3/2018 1551 (CST) due for automatic installation at 2/3/2018 1600 (CST)



  • Email notifications are sent when integrations are down or the system disk is fuller than 90%


  • Investigative Engine now uses Elasticsearch Scroll API to improve search times
  • Lead details cache expanded from 255 characters to 2048
  • Appliance Firewall enabled and configured to prevent unauthorized network access to services
  • Upgrade Elasticsearch from 6.1.2 to 6.1.3
  • Upgrade Logstash from 6.1.2 to 6.1.3
  • Upgrade Kibana from 6.1.2 to 6.1.3


  • Carbonblack/Bit9 Protect API integration (Respond already exists)
  • Disruption detection from Infoblox RPZ (sinkhole) action
  • Splunk API connector (see:
  • Additional Cisco ASA messages

An updated list of integrations can be found at


Bug Fixes

  • When product updates are applied and docker images are not downloaded, the update is incorrectly marked as complete
  • STIX/Taxii feeds stop processing when Taxii server provides malformed response
  • Password reset does not send email notification in networks using unauthenticated SMTP
  • Zookeeper loses contact with Kafka in slower virtual appliances
  • Slow processing and high cpu utilization occurs in conditions where connection edges cannot resolve their nodes
  • In making calls to Cisco Stealthwatch 6.9.x the Stealthwatch authentication service may crash causing 500 errors on attempted logins. Handled through session caching and throttling.
  • In the UI, it is possible to see “undefined” or “unprocessed” as a case/incident status type
  • Large API returns can result in truncation of results because of memory limits.
  • Cisco AMP malformed API response disrupts asset inventory.

RSS Feed for release notes is: