|Release Date||Product||Issue ID||Description|
|July 16, 2021||All||DSER-31350||
User information (user name) in the CSV file exported from the Endpoints page properly reflects the current logged user.
|July 16, 2021||All||DSER-32471, DSER-29285||
Live Response command parsing better handles whitespace in file paths and double-quote marks in exec and execfg commands.
|July 16, 2021||All||DSER-28159||
Organization deregistration workflow removes pending admin invite entries so new users cannot be added to deregistered orgs.
|July 16, 2021||All||DSER-33238||
Fixed a bug introduced in 0.67 where a user’s email could only be used to register once. This fix restores the ability to delete a user to re-use the associated email.
|July 16, 2021||All||DSER-26728||
Endpoint registration request allows a new pending invite entry on the Endpoints page for users who already have a registered device.
|July 16, 2021||All||DSER-33198||
If you logout on any page with persistence and then log back in again, the data persists.
|July 16, 2021||All||DSER-32886||
Enforced the 255-character limit in the console for the Alert Notes Text Field.
|July 16, 2021||All||DSER-32956||
VM Workloads - Active Directory Distinguished Name added to the table side panel.
|July 16, 2021||All||DSER-33445||
Fixed an issue on the Process Analysis page where the detailed descriptions of childproc events were occasionally missing.
|July 16, 2021||Workloads||CBC-7688||
Inventory sync from the appliance did not occur due to start-up failure of inventory services.
|June 25, 2021||All||DSER-28547||
Duplicate attributes in search query were returned by the Policy Preventions test rule feature.
|June 25, 2021||All||DSER-25795||
Updated Manage Devices and Download Sensor Kit subroles descriptions in the Carbon Black Cloud Console.
|June 25, 2021||All||DSER-25404||
Fixed presentation of Name/Description in the Carbon Black UI API Access page to properly add a space.
|June 25, 2021||All||DSER-27451||
Fixed the virtualizationProvider field to properly use double quotes when the value contains commas in the .csv file that is exported from the Carbon Black Cloud Console Endpoints page.
|June 25, 2021||All||DSER-29835||
Fixed Carbon Black Access Service to properly handle special characters in Access Level name.
|June 25, 2021||All||DSER-31820||
A race condition sometimes caused an alert to remain undismissed when using the dismissing-for-future command on a single alert.
|June 25, 2021||All||DSER-32679||
The Remediation card in the Alerts sidebar could hang in the loading state for some alerts.
|June 25, 2021||All||DSER-32291||
On the process tree, grouped nodes were not correctly selected on the page load/click of the primary process link.
Sorts sibling nodes alphabetically in the tree.
|June 25, 2021||All||DSER-31795||
Long Search (that is, a Search having 2940 character) caused Endpoint Export to Not Download.
|June 25, 2021||All||DSER-31952||
Fixed the flow of generating new company codes (registration/deregistration) use case, to avoid generation of the codes due to accidental clicking of Generate New Code button. User Confirmation is seeked before generating the new code.
|June 25, 2021||All||DSER-32685||
Double-clicking values in the alert event field closed the expanded event row. Issue was also observed on Endpoints, Enriched Events (Alerts Triage) pages, etc.
|June 25, 2021||All||DSER-32864||
Added specific error message instead of generic message when vulnerabilities API failed to know the reason for failure.
|June 25, 2021||Container Essentials||GRC-625||
The validate-resource command in the cbctl returns the rule name instead of the rule ID.
|June 25, 2021||Container Essentials||GRC-624||
Fixed a bug in policy ordering (enforcement) when the org has a policy with a scope of a cluster group.
|June 25, 2021||Container Essentials||GRC-646||
Fixed the stability with Create Vulnerability exceptions.
|June 25, 2021||Container Essentials||GRC-1084||
Cleaned the images with the delete cluster operation.
|June 25, 2021||Container Essentials||GRC-658||
Fixed the distro version in the image overview page.
|June 25, 2021||Container Essentials||GRC-1117||
Fixed the Add Scope wizard view in Safari.
|June 25, 2021||Container Essentials||GRC-1114||
The description field is now optional in the CLI setup wizard.
|June 25, 2021||Container Essentials||GRC-1116||
Improvements in the tables on the K8s Workloads, K8s Violations, K8s Risks and K8s Images pages.
|June 25, 2021||Container Essentials||GRC-654||
Fixed the org summary numbers in the Vulnerabilities page.
|June 25, 2021||Container Essentials||GRC-1127||
Fixed the Vulnerability API that can return CVSS V3 fields with empty strings.
|June 25, 2021||Container Essentials||GRC-665||
Fixed the inconsistency in workloads count in the K8s images page and the workloads shown in the tab.
|June 25, 2021||Container Essentials||GRC-586||
Deleting a CLI instance will now delete the API token that is associated with it.
|June 8, 2021||Workloads||DSER-32600||
Added hyperlink for kb resource value in Vulnerabilities and Assets view.
|June 8, 2021||Workloads||DSER-32601||
Added hyperlink for CVE name in Vulnerabilities and Assets view.
|May 27, 2021
Audit log generated on sensor uninstall now properly identifies the uninstalling user.
|May 27, 2021||All||DSER-29041||
Users could not delete a pending sensor when the same user had an active sensor.
|May 27, 2021||Enterprise EDR||LC-977||
Watchlist API falsely returns a 200 response when attempting to enable Alerting on these threat intelligence feeds: ATT&CK Framework, Carbon Black Early Access Indicators, Carbon Black Endpoint Visibility, Carbon Black Suspicious Indicators. The change to disable Alerting on these feeds is documented on the VMware Community site here.
|May 27, 2021||Prevention||DSER-32262||
Prevention customers did not have full visibility into the process name, including the full process path, within the Alert Triage page. You can now view the full process name in the right-hand process card in the Alert Triage page.
|May 3, 2021||All||DSER-31506||
Added the Container Security and Cloud Workload Protection products to the product dropdown to show whether they are enabled.
|May 3, 2021||All||DSER-31178||
Detail data now opens when switching to details view for any asset on the VMware workloads tab under Inventory.
|May 3, 2021||All||DSER-31709||
Changed the Assets with Critical Vulnerabilities label to VMs with Critical Vulnerabilities on the Dashboard and changed the Critical Vulnerabilities label to VMs with Critical Vulnerabilities.
|May 3, 2021||All||DSER-31728||
Vulnerability details now display in the full screen under the Inventory tab for Mozilla and Safari browsers.
|April 26, 2021||All||DSER-24211||
In Event Forwarder endpoint.event.moduleload events, added the following fields:
|April 26, 2021||All||DSER-29838||
***Changes went live on 3/22 and were communicated via Developer Network before then.
|April 26, 2021||All||DSER-29634||
Added crossproc_target field to the Event Forwarder schema.
|April 26, 2021||All||DSER-28908||
Added support to Event Forwarder for a new event type: endpoint.event.netconn_proxy.
|April 26, 2021||All||DSER-30773||
Customer was seeing multiple -- in their process_guid for events forwarded by Event Forwarder.
|April 26, 2021||All||DSER-31424||
The Alerts table now shows the grouped alert count in the Device column even when all alerts in the group were from a single device.
|April 26, 2021||All||DSER-30677||
Fixed an issue where notes present:true would sometimes be included in CB Analytics alerts without notes present.
|April 26, 2021||Audit and Remediation||DSER-26891||
A mismatch in timestamps was reported by Live Response dir and execfg cmd /c dir commands.
|April 26, 2021||Container Essentials||GRC-570||
Cluster deletion instructions are provided upon deleting a cluster.
|April 26, 2021||Container Essentials||GRC-559||
Policies no longer have the Draft status. They are Disabled instead.
|April 26, 2021||Container Essentials||GRC-557||
When clicking the violations count in the Policies page, the details will now open in a popup/
|March 18, 2021||All||DSER-27474||
Retrieving audit logs with an API connector key only returned results the first time the connector key was used.
|March 18, 2021||All||DSER-29675||
Console-initiated sensor upgrades targeting all sensors failed to include some sensors after paging through the device list.
|March 18, 2021||All||DSER-30800||
Enhanced Carbon Black Cloud internal user creation API to limit the role of the user invoking the user creation API. This restriction was enforced by the UI but not by the internal API.
|March 18, 2021||Workloads||DSER-29129||
Could not move device to auto-assign when already under manual-assign.
|March 18, 2021||Container Essentials||GRC-530||
K8s Harden > Saved Searches now allows changing the scope for a saved search.
|March 18, 2021||Container Essentials||GRC-350||
Fixed detection of workloads exposed by a service (relevant to the Expose by service rule of a K8s policy).
|March 18, 2021||Container Essentials||GRC-321,
Custom queries now support the kind, group, and version fields.
|March 18, 2021||Container Essentials||GRC-482||
Custom queries now support the namespace resource.
|March 18, 2021||Container Essentials||GRC-356||
After cluster deletion, cluster data reappeared in some cases.
|March 18, 2021||Container Essentials||GRC-533||
Dataplane now supports HTTP proxy.
|March 18, 2021||Container Essentials||GRC-543||
The messageproxy (events ingress) port has changed to 443 to comply with the standard TLS port.
|March 2, 2021||All||DSER-28956||
If a field had a null value, that empty field was not included in the forwarded event.
|March 2, 2021||All||DSER-28952||
Both the crossproc and apicall event types in Event Forwarder include a field that specifically identifies the API call/function.
|March 2, 2021||All||DSER-28953||
Event Forwarder includes a crossproc_guid field.
|March 2, 2021||All||DSER-29826||
Event Forwarder data sometimes had an empty value for event_origin.
|March 2, 2021||All||DSER-29564||
Added Big Sur as an option for OS_MAJOR_VERSION.
|March 2, 2021||All||DSER-29705||
Intermittent issue in which the dashboard widgets showed 0 values.
|March 2, 2021||Endpoint Standard||EA-18149||
Prospect bypassed AMSI Prevention during Evaluation.
|March 2, 2021||Enterprise EDR||LC-673, EA-17797||
The service will now return sorted results even if the sort field is not included in the request.
|March 2, 2021||Enterprise EDR||LC-681, EA-16429||
Some event_ids were not visible through the console or the API.
|March 2, 2021||Enterprise EDR||DSER-30019||
The Investigate page could show events search results on the Processes tab and vice versa.
|March 2, 2021||Enterprise EDR||DSER-26469||
Operators (AND, OR, NOT) were not highlighted when written back-to-back in the Investigate search bar.
|March 2, 2021||Container Essentials||GRC-518||
Fixed the Kubernetes Search page to display saved searches with long names.
|March 2, 2021||Container Essentials||GRC-505||
Fixed the Kubernetes Workloads page to display long cluster names.
|March 2, 2021||Container Essentials||GRC-506||
Fixed the Kubernetes Health > Risks tab to display long cluster names.
|March 2, 2021||Container Essentials||GRC-504||
Added alphabetical order for the rules drop-down in the Kubernetes Search > Search tab.
|March 2, 2021||Container Essentials||GRC-503||
Fixed the table sorting in the Kubernetes Policies > Rules page.
|March 2, 2021||Container Essentials||GRC-502||
Fixed the locale of the table headers in some Kubernetes pages.
|March 2, 2021||Container Essentials||GRC-444||
Added support for the read-only role for the Kubernetes pages.
|January 25, 2021||All||DSER-19110||
Enhanced CBC SSO to protect user information when users login using SSO in a shared workstation. This should force new users to login if previous users do not explicitly logout of SSO.
|January 25, 2021||All||DSER-26231||
Added a new subrole "View Org Information", replacing "View Org Information and Codes" in the standard analyst and view-only roles. This means those roles (Analysts 1, Analyst 2, Analyst 3, View All, and View Only - Legacy) can no longer see sensor install/uninstall codes. API roles built on the existing subroles will continue to function as before.
|January 25, 2021||All||DSER-29137||
Made sure that a 400 HTTP return code is returned when deleting a rule set assignment for an organization that does not have a rule set assigned.
|January 25, 2021||All||DSER-28224||
Improved the performance of persisting the last contact time.
|January 25, 2021||All||DSER-25323||
Added the ability to see signature pack creation dates.
|January 25, 2021||All||LC-689||
The legacy_alert_id field was missing in the Watchlist Alert API data.
|January 25, 2021||All||DSER-29336||
The Triage Alert graph's policy action shield was missing despite the node having a POLICY_DENY or POLICY_TERMINATE TTP.
|January 25, 2021||All||DSER-29317||
Added markdown link support to the Dashboard's TauTin widget.
|January 25, 2021||All||DSER-29222||
Threat-level notes_present and tags_present are now supported for all Alert types.
|January 25, 2021||All||DSER-29194||
The Endpoint Health widget on the Dashboard page only displayed data for Endpoints and not VM Workloads.
|January 25, 2021||All||DSER-29098||
Investigate Alert Details (in the Investigate table side panel) now shows the proper alert id and Process Analysis link for Watchlist Alerts.
|January 25, 2021||All||DSER-29097||
The Triage Alert page no longer appears blank if the alert was not in the scope of the alerts search; this was most commonly seen in alert dismissals on the Triage Alert page.
|January 25, 2021||All||DSER-28597,
Time filter time spans and on-change functionality is aligned between the Alerts, Investigate, and Dashboard pages.
|January 25, 2021||All||DSER-20961||
Triage Alerts links are added to the Investigate Events table for events associated with Alerts for Endpoint Standard customers.
|January 25, 2021||All||DSER-29202||
Correctly display the operating system version when sensors are running on MAC OS 11.
|January 25, 2021||Endpoint Standard||DETECT-2320||
The ThreatCategory wasn't correctly set to KNOWN_MALWARE in some situations, even though analytics was correctly identifying malware.
|January 25, 2021||Audit and Remediation||DSER-28332||
The Live Query Query Asset button disappeared when searching by deviceType or sensorVersion.
|January 12, 2021||Workloads||CWP-3966||
The on-premise appliance relies on an API key to communicate and register with the Carbon Black Cloud. If this key is deleted from the Carbon Black Cloud after an appliance is registered, then the appliance incorrectly displayed a successful registration status.
|December 16, 2020||All||DSER-21690||
A user's favorite saved search that had been deleted was restored at times.
|December 16, 2020||All||DSER-28552||
Policy Action notifications for device control alerts did not always trigger.
|December 16, 2020||All||DSER-27473||
MSSP users could not submit feedback via the console.
|December 16, 2020||Endpoint Standard||DSER-28188||
Some network-related detections were missing information about the hosts that attempted to connect to and/or scan customer endpoints.
|December 16, 2020||Endpoint Standard||DSER-28967||
Improved the handling of requests from sensors to make sure that the lastContactTime is updated with minimal delay.
|December 16, 2020||Endpoint Standard||DSER-28909||
Login issue after database upgrade.
|December 16, 2020||Endpoint Standard||DSER-20913||
Dashboard endpoint health widget did not match the enrollment page.
|December 16, 2020||Endpoint Standard||DSER-20496||
Could not delete admin accounts when linked to multiple orgs.
|December 16, 2020||Endpoint Standard||DSER-28962||
Unable to quarantine devices from the Remediation option on the Alerts page.
|December 16, 2020||Endpoint Standard||DSER-28420||
Device Control - Approvals/_search and device/_search defaulted to 0; if a request was sent without rows, it returned an empty list.
|December 16, 2020||Endpoint Standard||DSER-28419||
Device Control - Audit log did not show wildcards for PID.
|December 16, 2020||Endpoint Standard||DSER-28399||
Device Control - Edit approval endpoint did not return vendor name and product name.
|December 16, 2020||Endpoint Standard||DSER-28397||
Device Control - Errors in checkaccess middleware returned application/json content type.
|December 16, 2020||Endpoint Standard||DSER-28386||
Device Control - v1/v2 APIs used RFC3339 time formatting.
|December 16, 2020||Endpoint Standard||DSER-28336||
You could get a block by ID; product returned a 404 error for a block that was soft-deleted.
|December 16, 2020||Endpoint Standard||DSER-28286||
Device Control - 409 error handling on approval edit.
|December 16, 2020||Endpoint Standard||DSER-28284||
Device Control - Devices with soft-deleted approvals still showed APPROVED status.
|December 16, 2020||Endpoint Standard||DSER-28262||
Device Control - Ensure All routes that change database state use audit logging.
|December 16, 2020||Endpoint Standard||DSER-27397||
Device Control - Add Max Size for CSV uploads.
|December 16, 2020||Endpoint Standard||DSER-27393||
Device Control - Get Approval by ID endpoint.
|December 16, 2020||Endpoint Standard||DSER-27336||
Device Control - Update all APIs to accept and respond to VID/PID as hex strings instead of ints, and create V3 of all APIs.
|December 16, 2020||Endpoint Standard||DSER-27287||
Device Control - Deprecated POST /devices and POST /allowlist.
|December 16, 2020||Endpoint Standard||DSER-27087||
Device Control - Updated free text search.
|December 16, 2020||Endpoint Standard||DSER-26985||
Device Control - Deprecated org blocking.
|December 16, 2020||Endpoint Standard||DSER-26261||
Device Control - Updated Device Control DB IDs.
|December 16, 2020||Enterprise EDR||DSER-29023||
Updated label in device details window to reduce confusion
|December 16, 2020||Enterprise EDR||DSER-20579||
Clicking an Investigate table row that’s currently in-view in the right pane resulted in a right pane disappearing.
|December 16, 2020||Enterprise EDR||DSER-28966||
Report Hits section of Process Analysis was generating bad links to the Enabled Watchlists page.
|December 16, 2020||Cloud Forwarder||DSER-28709||
Translate Script Load fields on ModLoad events
|December 16, 2020||Cloud Forwarder||DSER-28464||
Removed dc_ prefix from alert forwarder device control fields.
|December 16, 2020||Cloud Forwarder||DSER-27381, DSER-27382, EA-17218||
Alert Forwarder: Additional tooling to prevent corrupted gzipped files from being sent to S3. Prevent empty files from being sent to S3.
|December 16, 2020||Cloud Forwarder||DSER-27088||
Update Alert Forwarder to deliver DC alerts.
|December 7, 2020||All||DSER-28453||
Removed deprecated subroles from the Roles panel:
|December 7, 2020||Endpoint Standard||DSER-27986||
Non-printable Unicode characters are no longer inserted in display fields for improved line breaking.
|December 7, 2020||Endpoint Standard||DSER-28792||
Could not reset default filters on the Alerts page.
|December 7, 2020||Endpoint Standard||DSER-28400||
Fixed a navigation bug for MSSP users.
|December 7, 2020||Endpoint Standard||DSER-28665||
Improved the display of the Dashboard top alert widgets.
|December 7, 2020||Audit and Remediation||DSER-28043||
Fixed an error when closing a Live Response session through the End my session button.
|December 7, 2020||Workloads||DSER-27819||
Console enhancements based on feedback from beta customers and user research for vulnerabilities:
|December 7, 2020||Workloads||DSER-27954||Windows counts are now displayed in graphs for affected assets as well as product vulnerabilities.|
|December 7, 2020||Workloads||DSER-27901||
Added total vulnerability count description in the Learn More panel.
The following text is the first line in Learn More: Check total vulnerabilities for a count of all vulnerabilities across all VM workloads and products (OS, apps, versions).
|November 23, 2020||All||DSER-28363||When Policy Rules are displayed in Firefox, line breaks are now correctly used to separate the rules.|
|November 23, 2020||Endpoint Standard||DSER-28113||The in-product Search Guide now correctly displays the available fields for the VMware Carbon Black Cloud product combinations deployed within an organization, for example, Endpoint Standard or Endpoint Enterprise (includes Enterprise EDR).|
|November 11, 2020||All||DSER-12863||Enabled processing of events generated by sensors when malicious files have been detected and removed.|
|November 11, 2020||All||DSER-27526||num_available field is now available in V6 Alert API, matching other APIs.|
|November 11, 2020||All||DSER-26079||The Alerts page search now correctly handles uppercase watchlist names.|
|November 11, 2020||Endpoint Standard||DETECT-2082, EA-17292||The Endpoint Standard sensor was correctly blocking malware from running and the cloud detection analytics were correctly generating an alert, but the alert did not have the correct ThreatCategory of KNOWN_MALWARE.|
|November 11, 2020||Audit and Remediation||DSER-27523||Fixed CBLR Get File timeout errors that were generated while downloading large files.|
|November 11, 2020||Audit and Remediation||DSER-27430||Support for latest stable version of osquery: 4.5.0.|
|November 11, 2020||Audit and Remediation||DSER-27431||New recommended queries using new osquery 4.5.0 tables.|
|November 9, 2020||Enterprise EDR||DSER-27092||Certain fileless_scriptload events could crash the Process Analysis page.|
|November 9, 2020||Enterprise EDR||DSER-28126||The confirmation dialog did not automatically close after a successful request to apply a watchlist to historical data.|
|October 26, 2020||All||DSER-27592||Updated the policy test query to ensure that consistent counts are produced.|
|October 26, 2020||All||DSER-12863||Improved handling of registry auto-delete events.|
|October 26, 2020||All||DSER-27523||Improved handling of very large file downloads via LiveResponse.|
|October 14, 2020||All||LC-406||At the end of multi-line search queries in the Investigate search bar, the cursor insertion point was not displayed in the same place as edits.|
|October 14, 2020||All||DSER-27394||Incorrect error message on alert dismissals.|
|October 14, 2020||All||DSER-27012||Endpoint Standard and Enterprise EDR: Times displayed in the Alert Triage page showed current times for Process Start times.|
|October 14, 2020||Endpoint Standard||DSER-26679||The Investigate page did not show the Selected App option when searching by hash.|
|October 14, 2020||All||DSER-26588, EA-16942||Notification time converter used hours instead of minutes.|
|October 14, 2020||All||DSER-21619||We have reworked the Policy Preview/Operation Attempt search buttons on the Policies page.|
|October 14, 2020||All||LC-113||Facet searches did not return complete data.|
|October 14, 2020||All||DSER-26686||IPv6 addresses of Local IP and Remote IP for Netconn event on investigate are now displayed in the correct order.|
|October 14, 2020||All||DSER-14687||Proper cleanup session when connector/keys are deleted through the CSR user interface.|
|October 14, 2020||Audit and Remediation||DSER-27001, EA-17147, EA-17148||Live Query > Query Results > Scheduled tab did not display data.|
|October 12, 2020||Endpoint Standard||DSER-26998||On the Investigate page, Enriched Events tab > Applications sub-tab, the Delete application action was not available.|
|October 12, 2020||Enterprise EDR||DSER-27437||Fixed process analysis alert integration.|
|October 12, 2020||Enterprise EDR||DSER-27341||Users could only investigate the first query in a multi-query IOC.|
|September 28, 2020||All||DSER-26162||In the Prevention tab on the Policies page, custom applications now allow commas in the path name.|
|September 28, 2020||Enterprise EDR||LC-418||Process Summary v2 API endpoint was missing some process_guid entries in the siblings category.|
|September 28, 2020||Enterprise EDR||LC-417||Process Summary v2 API endpoint was missing some expected fields such as has_children and hits.|
|September 28, 2020||Enterprise EDR||LC-60||On the Process Analysis page and /events/ API endpoint, searching for alert_id values for CB Analytics alerts failed.|
|September 28, 2020||Enterprise EDR||DSER-27199||Submitting a query on the Watchlist Investigate page disabled the left nav.|
|September 21, 2020||Enterprise EDR||DSER-26653||In Watchlists pages, query IOCs did not have color-coded syntax highlighting.|
|September 21, 2020||Enterprise EDR||DSER-26462||On the Investigate page, when a user typed - or + and then accepted a suggested search field name, the - or + character was removed.|
|September 21, 2020||Enterprise EDR||LC-60||Searching on alert_id did not work the same way for Process Analysis (and /events/) as it did for Alerts and Investigate.|
|September 21, 2020||All||DSER-26832||Concurrent database updates blocked each other and resulted in increased latency when processing status messages.|
|September 21, 2020||All||DSER-23258||IP used for audit logging was incorrectly pulled from http header.|
|September 21, 2020||All||DSER-21735||Users with View and Manage API Keys roles could not manage API keys.|
|September 21, 2020||All||DSER-9895||First Admin in an Org Default Role was set to Admin instead of Live Response Admin.|
|September 21, 2020||All||DSER-5907||Admins for a deregistered org could still login to the console.|
|September 21, 2020||All||DSER-24470||Improved user interface for Confirm vs. Save on the Policy page.|
|September 21, 2020||Audit and Remediation||DSER-25134||Running execfg in Live Response returned a write permission error when a command did not result in characters being written to stdout/stderr.|
|September 21, 2020||Audit and Remediation||DSER-25265||Queries that returned a permissions column caused an error on the Query Results page.|
|September 21, 2020||Enterprise EDR||DSER-26583||Some search fields were not properly highlighted on the Investigate search bar.|
|August 31, 2020||All||DSER-26275||Improved error message on upload reputation failures.|
|August 31, 2020||Enterprise EDR||LC-420||Investigate page submit button did not submit search with page defaults.|
|August 31, 2020||Enterprise EDR||DSER-26465||Using arrow keys to select a suggestion replaced the search bar content.|
|August 31, 2020||Enterprise EDR||DSER-26473||When a user deleted a Watchlist from the Watchlists page, the console showed a persistent progress bar.|
|August 31, 2020||Enterprise EDR||DSER-26475||Links from the Investigate page to Process Analysis did not always load the Process Analysis page.|
|August 31, 2020||Enterprise EDR||LC-105||API requests to update reports in a watchlist returned an HTTP 500 error if the value of a new report ID matched an old report ID.|
|August 21, 2020||All||DSER-11426||IP addresses are selectable on the Alert Triage page.|
|August 21, 2020||All||DSER-26171||Fixed broken hyperlinks for scriptload event hash on the Process Analysis page.|
|August 21, 2020||Enterprise EDR||DSER-20308||Crossproc searches for crossproc_target:(true,false) returned the same results.|
|August 21, 2020||Enterprise EDR||DSER-21992||In the Investigate search bar, the cursor insertion point did not display in the same place as edits at the end of multi-line search queries.|
|August 21, 2020||Enterprise EDR||DSER-25762||The v2 Events Facet Search API endpoint always returned num_found: 0.|
|August 21, 2020||Enterprise EDR||DSER-25797||On the Investigate page, the Submit button did not submit a search when no selections were made.|
|August 17, 2020||All||DSER-25564||Endpoints page showed the old policy name instead of the new policy name when a policy change was pending.|
|August 17, 2020||All||DSER-25427||HTML SPAN tags were improperly displayed in the console dialogue box.|
|August 17, 2020||All||DSER-8707||The portscan TTP was not available in Add Notification.|
|August 17, 2020||All||DSER-25731||The Release Notes link was outdated.|
|August 17, 2020||All||DSER-25371||Internal and external device IPs were not set correctly for enriched events.|
|August 17, 2020||All||DSER-10380||Dashboard layout and feedback routes are fixed.|
|August 17, 2020||All||DSER-25648||Changes made to Alert Type in the Notification Configuration page were not saved.|
|August 17, 2020||All||DSER-25675||Alerts API generated a poorly formatted response.|
|August 17, 2020||All||DSER-20311, DSER-25468||The Policy permission page let you click the Save button without clicking the Confirm button.|
|August 17, 2020||All||DSER-25796||"An error occurred - please refresh the page" message displayed when accessing the Investigate tab.|
|August 17, 2020||All||DSER-25124||Live Response file upload from sensor failed when the content was zero bytes.|
|August 17, 2020||All||DSER-22828||Exporting data from the Endpoint Health widget now returns the Last Contact Time so that it is consistent with the export from the Endpoints page.|
|August 17, 2020||All||DSER-19509||CBLR put command appeared to hang indefinitely if the target directory did not exist or if the file already existed.|
|August 17, 2020||All||DSER-22632||A Live Response session could hang while uploading a file.|
|August 17, 2020||All||DSER-24976||The Endpoint OS filter did not apply to exports.|
|August 17, 2020||All||DSER-20901||Added an audit log entry for SAML login configuration change.|
|August 17, 2020||All||DSER-23790||The Endpoints page incorrectly displayed an endpoint user-initiated sensor bypass as an Admin action.|
|August 17, 2020||Endpoint Standard||DSER-21979||The console showed different target values for machines in the same policy.|
|August 17, 2020||All||DSER-18900||The backend did not honor the sensor policy that was specified in cfg.ini.|
|August 17, 2020||All||DSER-25432||Deleting a user in the console did not delete the Google Auth Token.|
|August 12, 2020||Enterprise EDR||DSER-14758||Searching by device_internal_ip returned no results for Enterprise EDR-native events on the Investigate page.|
|August 12, 2020||Enterprise EDR||DSER-22952||Searching on the events area of Process Analysis now has the same validation experience as the Events tab of the Investigate page.|
|August 3, 2020||All||EA-14505, EA-13452, DSER-16563||Dashboard Export All feature sometimes timed out.|
|August 3, 2020||Endpoint Standard||DSER-25480||The Test Rule query from the Policies page was passed to the Investigate page with double quotes, thereby resulting in zero results.|
|July 23, 2020||All||DSER-25648, EA-16738||On the Notifications configuration page, some notification changes made to certain filters were not being saved.|
|July 23, 2020||All||CWP-2422||The Endpoints page displayed under Inventory in the left navigation pane.|
|July 21, 2020||Enterprise EDR||DSER-18853||Watchlist bulk report /ignore API errors appeared if too many reports were requested. This caused the Watchlists page to show cryptic errors on Watchlists with a large number of reports.|
|July 21, 2020||Enterprise EDR||DSER-19364||Process tree API sometimes returned an empty reply, causing 502 errors. This also caused the Process Analysis page to report 502 errors.|
|July 21, 2020||Enterprise EDR||DSER-24803||Process tree API returned 502 error for non-existent process_guid, rather than 404 error.|
|July 21, 2020||Enterprise EDR||DSER-25099||Investigate queries with '=' character did not successfully search.|
|July 21, 2020||Enterprise EDR||DSER-25146||/events/_search API with cb.fields parameter returned reputation data in non-reputation fields.|
|July 21, 2020||Enterprise EDR||DSER-25158||The process_cmdline and parent_name fields did not return when requested using the cb.fields parameter on Process Search v2 API.|
|July 21, 2020||Enterprise EDR||DSER-25223||Investigate page did not properly highlight multiple values for a single query term such as process_name:(A OR B OR C).|
|July 16, 2020||All||DSER-23567||Subnet sensor group assignment failed when endpoint IP changed.|
|July 16, 2020||All||DSER-11099||Alert comment was not saved when the comment contained 198 or more characters.|
|July 16, 2020||All||DSER-24664||Dashboard exports had missing reports.|
|July 16, 2020||All||DSER-24719||Reputation did not appear for events on the Investigate page.|
|July 16, 2020||Enterprise EDR||DSER-25099||Fixed an issue where we weren’t URL-encoding queries when linking to Investigate.|
|July 16, 2020||Enterprise EDR||DSER-25223||Field names were highlighted when they weren’t being used as field names.|
|July 16, 2020||All||DSER-21621, EA-15928||Option to move Linux sensors into a sensor group was not successful.|
|July 16, 2020||All||DSER-21622||A duplicate API key name error occurred on the API Access page, despite there being no duplicate API key name.|
|July 16, 2020||All||DSER-24857||Alert triage links did not always open.|
|July 16, 2020||All||DSER-24719||Process reputation did not always appear on the Investigate page.|
|July 16, 2020||All||DSER-24146||Fixed time filters when filtering by time in alert searches via API.|
|July 16, 2020||All||DSER-23123||Links in alert notifications for an org belonging to an MSSP will now bring the user to the relevant org, not the MSSP org.|
|July 16, 2020||All||DSER-22649||Added severity as an option for all notification types.|
|July 16, 2020||All||DSER-22217||Dashboard widgets alert counts are now consistent.|
|July 16, 2020||All||DSER-21365||Dismiss alert comments were not getting added to Notes.|
|July 16, 2020||All||DSER-20897||Query issue fixed for export of audit log and reputation.|
|July 16, 2020||All||DSER-19125||Alerts with more than 198 characters can now be dismissed without error.|
|July 16, 2020||All||DSER-17409||Alert count discrepancies between dashboard widget and alerts page are fixed.|
|July 16, 2020||All||DSER-16912||Missing application name issue is resolved.|
|July 16, 2020||All||DSER-23776||Sensor Upgrade Service allows multiple in-progress jobs.|
|July 16, 2020||All||DSER-22490||Accordion on the Jobs page includes job details.|
|July 16, 2020||All||DSER-21572||Allow bulk deletion of uninstalled endpoints from the Endpoints page.|
|July 16, 2020||All||DSER-24129||Sensor was not being evicted from conferDeviceToOrgCache.|
|July 16, 2020||All||DSER-24703||MSM did not report sensor group_set.last_process_time when an error occurred on processAll.|
|July 16, 2020||CB Defense||DSER-19980||Could not re-add email address to the console users.|
|July 16, 2020||CB ThreatHunter||DSER-16278||Watchlists page had no timeout on the hits queries.|
|July 16, 2020||CB ThreatHunter||DSER-19041||HTTP 403 responses did not have a useful search bar message.|
|July 16, 2020||CB ThreatHunter||DSER-19132||Report search feature of Watchlists page left table rows selected when submitting a new search.|
|July 16, 2020||CB ThreatHunter||DSER-19364||Process tree API sometimes returned an empty reply, causing 502 errors.|
|July 16, 2020||CB ThreatHunter||DSER-20386||/status and /results routes of the Search API disagreed on progress counts.|
|July 16, 2020||CB ThreatHunter||DSER-20671||Process analysis tree did not indicate when it displayed partial results.|
|July 16, 2020||CB ThreatHunter||DSER-20957||Fixed error notification on Enabled Watchlists page that occurred when a report had been deleted but its ID remained in the selected watchlist.|
|July 16, 2020||CB ThreatHunter||DSER-22191||Search by Enterprise EDR watchlist Alert ID did not return any results.|
|July 16, 2020||CB ThreatHunter||DSER-23960||The Process Analysis page did not always load, and returned a 502 or 504 error code.|
|July 16, 2020||CB ThreatHunter||DSER-24738||The Process Analysis page requested multiple alert IDs from a single alert lookup API.|
|July 6, 2020||CB LiveOps||EA-16055, DSER-24727||In cases where the initial set of active devices is low (for example, during off-hours), a query might have completed too early and eligible devices would not run the query. Previously, eligible devices whose last contact time was within the last 2 hours were examined. This window is extended to the last 7 days.|
|July 6, 2020||CB LiveOps||EA-16525, DSER-24962||Timeout errors when attempting to export Live Query results from the console or API.|
|July 6, 2020||CB ThreatHunter||DSER-18962||Could not add all reports to Watchlist when > 10,000 Reports.|
|July 6, 2020||CB ThreatHunter||DSER-20957||Reports were missing in custom watchlists, with an error.|
|July 6, 2020||CB ThreatHunter||DSER-22191||Search by Enterprise EDR watchlist Alert ID did not return results.|
|July 6, 2020||CB ThreatHunter||DSER-22928||On the Investigate page, buttons next to each search result required two clicks to switch to the intended page.|
|July 6, 2020||CB ThreatHunter||DSER-23249||Process Analysis did not show all childprocs in the tree diagram.|
|June 22, 2020||CB Defense||DSER-24268||The number of times a hash has been seen in your org has returned to appropriate take action pop-ups with a more accurate description.|
|June 22, 2020||CB Defense||DSER-24261||Refreshing the Alerts Triage page sometimes generated an error.|
|June 22, 2020||CB LiveOps||DSER-24676||On the individual Query Results page > Results tab, the table columns overlapped if column names were long.|
|June 22, 2020||CB ThreatHunter||DSER-24056||Clicking the event count link on the Applications tab under the Enriched Events tab on the Investigate page did not always reload the page correctly.|
|June 22, 2020||CB ThreatHunter||DSER-24675||Executing multiple favorite searches in a row did not always work as expected.|
|June 11, 2020||All||DSER-21975||The console failed to terminate a user’s session after being inactive for 60+ minutes. Users are now logged out after 60 minutes of inactivity.|
|May 26, 2020||CB LiveOps||DSER-23553||The Live Query Results email was confusing and out of date with the content in the console.|
|May 26, 2020||CB LiveOps||DSER-23408||Live Query CSV Export feature failed if all result fields for a given query did not have the same number of columns.|
|May 26, 2020||CB ThreatHunter||DSER-23579||Search more accurately returns results that match the specified time window because it is now using the timestamp when the sensor observed the event.|
|May 20, 2020||CB LiveOps||DSER-12847||Using the Duplicate feature on the individual Query Results page caused filters to disappear.|
|May 20, 2020||CB LiveOps||DSER-17777||When the Show new results bar is clicked to refresh results, expanded facets aren't updated.|
|May 11, 2020||All||DSER-23479||Linux sensors could not be uninstalled from the console.|
|May 11, 2020||CB LiveOps||EA-14906, DSER-18241, DSER-23576||The Go Live button was occasionally missing from the Alert Triage page.|
|May 11, 2020||CB LiveOps||DSER-23443||Stopped results count disappeared from the Query Results page.|
|May 11, 2020||CB LiveOps||DSER-22975||The footer on the Query Results page table was not attached to the page and required you to scroll to access pagination.|
|May 11, 2020||CB LiveOps||DSER-19327||One-Time and Scheduled tables displayed Showing 0-x of y in the footer, instead of starting the pagination with 1.|
|May 11, 2020||CB LiveOps||EA-15080||Infrequent intermittent 404 errors occurred when running Live Response commands to retrieve data from an endpoint and when trying to run a vbscript.|
|May 11, 2020||CB LiveOps||TR-4666||The case statement in the “Verify RDP Status” compliance query was backwards. The query should return “ENABLED” if RDP is Enabled, and “DISABLED” if RDP is Disabled.|
|May 11, 2020||CB LiveOps||EA-16096, DSER-23206||Timeout errors occurred when attempting to download a large CSV of Live Query results from the console or API. CSVs that were downloaded often only contained a partial or incomplete result set.|
|May 11, 2020||CB ThreatHunter||DSER-17465||Right pane on the Investigate page sometimes missed process command line data.|
|May 11, 2020||CB ThreatHunter||DSER-23189||Calling the cancel search API endpoint returned an HTTP 404 response.|
|May 11, 2020||CB ThreatHunter||DSER-23374||When a search field was preceded with a "-" character, the Investigate page did not suggest possible values for that field.|
|April 30, 2020||All||DSER-20723, DSER-20725||Update Sensors window displays only the platforms that are applicable to the user’s endpoint selection.|
|April 27, 2020||CB ThreatHunter||DSER-22687||Button from watchlist Alerts to Investigate page included redundant fields.|
|April 22, 2020||All||DETECT-1521||R_DROPPED_PUP TTP with incorrect reason is fixed.|
|April 22, 2020||All||DETECT-1544||Target app blacklist alert description was using the incorrect process name.|
|April 22, 2020||All||DETECT-1524||Spearphishing MITRE TID TTP is more selective.|
|April 22, 2020||CB Defense||DSER-22319||On the Investigate page, the Target Command Line is now included in free text search.|
|April 22, 2020||CB Defense||DSER-22841||Users without certain permissions could not see a sensor’s policy name on the Endpoints page.|
|April 22, 2020||CB LiveOps||DSER-17138||Notifications dropdown was missing from Audit- and Remediation-only organizations.|
|April 22, 2020||CB LiveOps||DSER-23210||Individual query results page stretched horizontally with long SQL as the query name.|
|April 22, 2020||CB ThreatHunter||DSER-23152||Watchlists page did not show the enabled watchlists after editing an enabled watchlist.|
|April 13, 2020||CB Defense||DSER-22856||Options that are not available for Linux endpoints on Endpoint Standard are hidden from dropdown menus when a Linux endpoint is selected.|
|April 13, 2020||CB Defense||DSER-22857||The Linux icon was missing from the Known malware category on the Policies page.|
|April 13, 2020||CB LiveOps||DSER-23008||Re-running a query from the one-time table did not update the table to show the new run, and required a refresh of the whole page.|
|April 13, 2020||CB ThreatHunter||DSER-22259
||Deselecting filter values caused unselected categories to disappear on the Investigate page.|
|April 9, 2020||All||DSER-16395||Checkboxes on the Endpoints page remained checked after the action was taken.|
|April 9, 2020||CB LiveOps||DSER-22696||The Query Exchange link redirected to the old Query Hub on the User Exchange.|
|April 9, 2020||CB LiveOps||DSER-22690||Attempting to run a query on an endpoint that had not checked in within two hours appeared to do nothing. An HTTP 400 error code “Incompatible Query” was issued.|
|April 9, 2020||CB ThreatHunter||DSER-19026||The Process Analysis tree did not render when there were too many child processes.|
|April 9, 2020||CB ThreatHunter||DSER-21829||Report was not created on PUT to /feedinfo if Feed had existing Reports.|
|April 9, 2020||CB ThreatHunter||DSER-22612||The Investigate button on the Alerts page did not include the alert_id for the Alert that was being investigated.|
|April 9, 2020||CB ThreatHunter||DSER-22676||Watchlists detections did not handle escaped ":" character in query IOCs.|
|April 1, 2020||All||DSER-21496||Fixed misaligned tables when printing the User Guide.|
|April 1, 2020||All||DSER-16164||Clicking on the link in an email brought you to the Investigate page with no results.|
|April 1, 2020||All||DSER-20412||Removed hash count from associated Take Action actions on the Alert Triage page.|
|April 1, 2020||CB Defense||N/A||The alert description was missing contextual information.|
|April 1, 2020||CB Defense||DSER-21898||Process name in TTP lists did not render properly in some scenarios.|
|April 1, 2020||CB Defense||DSER-21982||TTPs did not always align properly in narrow browser windows.|
|April 1, 2020||CB LiveOps||DSER-21909||Live Query Standalone only: Under Settings, you could navigate to the API Keys page and enable the LQ APIs.|
|April 1, 2020||CB ThreatHunter||DSER-22114||Search bar colors for syntax highlighting on the Investigate page did not meet accessibility standards.|
|March 5, 2020||CB Defense||EA-15848||An update to a detection involving rundll32.exe editing registry keys resulted in an unexpected false positive to true positive ratio. A fix was deployed to refine the detection; however, it took longer than expected for alerts to return to historical levels. Alerts have now returned to historical levels for false/true positives.|
|March 2, 2020||CB LiveOps||DSER-21601||The Schedule button on the Live Query Schedule pane from Recommended Queries now has a loading state.|
|March 2, 2020||CB LiveOps||DSER-13256||When trying to rerun a query that is targeted to run on a deregistered device, the Rerun button now returns an error.|
|March 2, 2020||CB ThreatHunter||DSER-21338||Process Analysis tree did not display a red Denied shield icon on the parent node that attempted to run a blocked process.|
|February 18, 2020||CB ThreatHunter||DSER-18129||The search_validation API endpoint returned a 200 HTTP response on internal server error.|
|February 18, 2020||CB ThreatHunter||DSER-19463||ProcessCard on the Investigate right pane concatenated multiple policy actions into one word.|
|February 18, 2020||CB ThreatHunter||DSER-20505||Editing a watchlist in the Watchlists pages removed Reports if there were more than 50 reports.|
|February 18, 2020||CB ThreatHunter||DSER-21423||Fixed 502 Bad Gateway on the Investigate page when sorting on count fields with certain queries.|
|February 3, 2020||All||DSER-19197||Users could not print more than one page in the User Guide when the guide was opened in full screen mode.|
|February 3, 2020||CB ThreatHunter||DSER-19242||On the Process Analysis page, crossproc event text was not always accurate.|
|February 3, 2020||CB ThreatHunter||DSER-21364||Watchlists now support CIDR notation in the netconn_ipv4 field for IOC_V2 of match_type = equality.|
|January 30, 2020||All||DSER-16376||Could not add Linux Sensors into sensor management groups.|
|January 30, 2020||CB ThreatHunter||DSER-19026||Process Analysis tree did not properly render with multiple child processes.|
|January 30, 2020||CB ThreatHunter||DSER-20681||The primary process was changing to the selected node on the Process Analysis page.|
|January 30, 2020||CB ThreatHunter||DSER-20868||The "execution of cmd from a non-standard path" Watchlist Report was missing a colon character in a term's value.|
|January 30, 2020||CB ThreatHunter||DSER-20912||PID appeared in the Signature component of the Investigate and Process Analysis pages.|
|January 30, 2020||CB ThreatHunter||DSER-21144||Some feeds showed on the Add Watchlists page for already-subscribed feeds.|
|January 21, 2020||CB Defense||DSER-20521||Threat Reports widget investigated all available time frame.|
|January 21, 2020||CB Defense||DSER-21142||Threat Reports widget was not available in EU and APJ.|
|January 21, 2020||CB Defense||DSER-20445||The “Beta” label is removed from the Roles page. Roles is no longer in a state of Open Beta, and is fully functional and available for all customers.|
|January 21, 2020||CB LiveOps||DSER-20654||Exporting a CSV of Live Query results produced an "Out of Memory" error, and the download failed when attempting to download a large amount of data.|
|January 21, 2020||CB ThreatHunter||DSER-20220||Value search queries on Investigate or Process Analysis pages displayed an error when new fields were introduced.|
|January 21, 2020||CB ThreatHunter||DSER-20180||Process Analysis page shows "+" icon on tree nodes that, when clicked, did not show any child nodes.|
|January 9, 2019||CB ThreatHunter||DSER-20679||On the Investigate page, long-running facet population queries resulted in an inability to see search results.|
|December 9, 2019||CB ThreatHunter||DSER-20085||On the Endpoints page, the sig pack update status column is redundant for CB ThreatHunter stand-alone customers.|
|December 9, 2019||CB ThreatHunter||DSER-19972||On the Process Analysis page, while the Events table was being updated with additional data, user-expanded event details were closed within 2 seconds.|
|December 4, 2019||All||DSER-20251||Usability improvements to the Threat Reports widget.|
|December 4, 2019||All||EA-12527,
|The incorrect IP was being shown in the Audit log.|
|December 4, 2019||CB Defense||DSER-20153||Clearing the filters on the left panel for alerts also cleared the search criteria.|
|December 4, 2019||CB Defense||DSER-15937||Application name was not shown in the policy impact panel in some cases.|
|December 4, 2019||CB LiveOps||EA-15013, DSER-18897||Searching for a complete device name using the endpoint selector on the New Query page was not working correctly when the device had a backslash or hyphen in the name.|
|December 4, 2019||CB LiveOps||EA-15013,
|On an individual query result page, navigating from the Devices tab to the Results tabs via the Results Matches table link returned no results.|
|December 4, 2019||CB LiveOps||DSER-19889||Clicking Result count on the Devices tab returned an error message.|
|December 4, 2019||CB ThreatHunter||DSER-13274||The Clear button on the Process Analysis page changed case on the Firefox browser when a filter was applied.|
|December 4, 2019||CB ThreatHunter||DSER-11751||Long process names caused the selected node panel to have a horizontal scroll bar.|
|December 4, 2019||CB ThreatHunter||EA-13266||Dismissed watchlist alerts re-appeared.|
|November 25, 2019||CB Defense||DSER-19496||Include Dismissed Alerts and Group Alert filters were not accounted for in the Dashboard CSV export.|
|November 25, 2019||CB Defense||DSER-19878||400 errors appear on the Network tab on the Alerts page.|
|November 25, 2019||CB Defense||DSER-19959||After drilling down on an alert on the Investigate page, changing alerts sometimes showed the wrong alert on the Alert Triage page.|
|November 25, 2019||CB Defense||DSER-20058||Counts in the filter panel and header on the Alerts page did not update after alerts were dismissed.|
|November 25, 2019||CB Defense||DSER-20242||Filtering by a custom time window twice caused filters to not update as expected.|
|November 25, 2019||CB LiveOps||DSER-19966||Endpoint query selection is persistent between new queries even after navigating away from the page. This affected both the Recommended and the SQL Query tabs.|
|November 25, 2019||CB LiveOps||DSER-19889||Clicking the Result count from the Devices tab resulted in an error toast message for devices that had “\u” in the name.|
|November 25, 2019||CB LiveOps||DSER-19763||Rare edge case where individual query results page crashed when loading Query Details.|
|November 25, 2019||CB ThreatHunter||DSER-20114||The search value for process_cmdline searches can now include the "&" character.|
|November 11, 2019||All||DSER-19853||Selecting a device name from the Investigate page or Endpoints page did not filter the results, or only filtered results temporarily. A related KB article describes the issue, cause and resolution.|
|November 11, 2019||All||DSER-19774||Clicking the Help icon on the Investigate page caused the page to stop working and required a reload.|
|November 11, 2019||CB Defense||DSER-19660||Dashboard counts update as expected when alerts are dismissed.|
|November 11, 2019||CB Defense||DSER-19820||Simultaneously dismissing multiple alerts now works as expected.|
|November 11, 2019||CB Defense||DSER-19635||The Delete Application button is restored to the Investigate page.|
|November 11, 2019||CB Defense||DSER-19641||Notes for grouped alerts now only show on the grouped alert.|
|November 11, 2019||CB LiveOps||DSER-19720||Fixed a number of minor user interface issues and inconsistencies on the individual Query Results page.|
|November 11, 2019||CB LiveOps||DSER-17956||Opening the User Guide on various CB Live Response and Live Query pages redirected to the User Guide Table of Contents instead of to the relevant User Guide page.|
|November 11, 2019||CB LiveOps||DSER-18971||Running a command with long outputs caused the Live Response console window to overlap with other elements on the page, and display other scrolling behavior oddities. This only affected the most recent versions of Chrome.|
|November 11, 2019||CB LiveOps||EA-14547, DSER-19612||The Go Live button was sometimes disabled when logging into the console from some devices. The Go Live button is no longer disabled if a page is left idle for more than ten minutes.|
|November 11, 2019||CB ThreatHunter||DSER-19158||Translate API added escape characters to pre-escaped backslash and wildcard characters.|
|November 11, 2019||CB ThreatHunter||DSER-19368||When clicking links to the Investigate page under certain circumstances, you were directed to /cb/investigate/events instead of /cb/investigate/processes.|
|October 28, 2019||CB ThreatHunter||DSER-17129||Filemods on the Process Analysis page do not display hash of file.|
|October 23, 2019||CB ThreatHunter||DSER-18170||On the Process Analysis page, netconn events are reporting "Connection Direction: Outbound" for both inbound and outbound netconns.|
|October 23, 2019||CB ThreatHunter||DSER-19158||In the Convert Legacy Query API endpoint, any value for the field that converts to process_cmdline which includes backslashes to escape are incorrectly escaped again.|
|October 23, 2019||CB ThreatHunter||DSER-18966||The Process Analysis table now default sorts in ascending order.|
|October 23, 2019||CB Defense||EA-14551
|Binary details were missing from the Alerts Triage side panel in some instances.|
|October 23, 2019||CB Defense||DSER-16406||Process count in the Rule Preview on the Policies page is different from the Investigate results count.|
|October 23, 2019||CB Defense||DSER-19392||TTPs now display in the Enriched Events side panel on the Investigate page.|
|October 23, 2019||CB Defense||DSER-12250||The notifications indicator makes it clear which notifications are read or unread.|
|October 23, 2019||CB Defense||DSER-18844||On the Endpoints page, clearing search now fully clears all parameters.|
|October 23, 2019||All||DSER-17187||Add to Blacklist and Add to Whitelist modals now show consistent data in all pages.|
|October 14, 2019||CB ThreatHunter||DSER-11445||Hovering the mouse on a Investigate search filter hides the percentage values.|
|October 14, 2019||CB ThreatHunter||DSER-16083||When editing a watchlist name or description on the Watchlists page, if the backspace key is used to delete the entire entry, the entry is rewritten to the original value. This happens if the input is highlighted and deleted or if the backspace key is held.|
|October 14, 2019||CB ThreatHunter||DSER-17544||On the Investigate page, a parent process in the right panel sometimes randomly shows counts.|
|October 14, 2019||CB ThreatHunter||DSER-18863||The UI does not always respect API validation success.|
|October 7, 2019||CB LiveOps||DSER-18859, EA-15013||On the Results tab of the Results page, searching for an endpoint with a \ in the name returned no results.|
|September 30, 2019||CB LiveOps||DSER-18858||Intermittent issues where Go Live was disabled on the Endpoints page for some console users but not others, independent of the Internet browser.|
|September 30, 2019||CB LiveOps||DSER-18259||Devices tab on the Results page produced an error when navigating to a stopped query.|
|September 30, 2019||CB ThreatHunter||DSER-17944||Clear search button cleared just the search bar and not selected filters on the Investigate page.|
|September 30, 2019||CB ThreatHunter||DSER-17417||If HTML special characters (&, =, etc.) were used in a query, clicking the Investigate icon from the IOC page truncated the query.|
|September 30, 2019||CB ThreatHunter||DSER-16760||Hits popover in Investigate page displayed invalid date and no metadata.|
|September 18, 2019||All||DSER-16531||In rare instances, the sensor did not receive the latest policy information from the backend.|
|September 18, 2019||CB Defense||DSER-15901||An internal server error was returned when adding a Connector with a special character, or when the first word matched an existing Connector.|
|September 18, 2019||CB ThreatHunter||DSER-13271||No field descriptions/examples existed in many suggestions for search fields on the Process Analysis page.|
|September 18, 2019||CB ThreatHunter||DSER-15532||Searching on the Process Analysis page with a negated field yielded no results.|
|September 18, 2019||CB ThreatHunter||DSER-16190||The device_policy field was not always populated in API data or investigate filters.|
|September 18, 2019||CB ThreatHunter||DSER-17643||When clicking into the Investigate search field, the user had to click in the vertical center to get focus.|
|September 18, 2019||CB ThreatHunter||DSER-17341||Investigate search bar was not correctly color-coding certain fields.|
|August 30, 2019||CB ThreatHunter||DSER-17542||Paths with leading / or \ in facets work when selected.|
|August 5, 2019||CB LiveOps||DSER-13859||Filters on the Results page sporadically disappeared when selecting a device filter that resulted in non-matching or error devices.|
|August 5, 2019||CB ThreatHunter||DSER-14758||Searching by device_internal_ip returned no results for CB ThreatHunter-native events on the Investigate page.|
|August 5, 2019||CB ThreatHunter||DSER-15767||
When the PSC had no recent data for your organization, the Enabled Watchlistspage displayed an unhelpful error. The error now reads "No hits available for past 3 days".
|August 5, 2019||CB ThreatHunter||DSER-16153||
Improved the accuracy of the Process Start Time that the Process Analysis page reports.
|August 5, 2019||CB ThreatHunter||DSER-16482||
Add Query to Watchlist gave an error when certain characters existed in search field values.
|August 5, 2019||CB ThreatHunter||DSER-17060||
Event counts on the Processes right pane shows as "---", not "0", for the enriched data stream.
|August 5, 2019||CB ThreatHunter||DSER-17451||In some situations, the bottom pagination bar on the Process Analysis page did not load.|