NetWitness is pleased to announce the general availability of NetWitness Platform 12.4.2. This release contains fixes to feature functionality and critical security patches for vulnerabilities reported.
NetWitness Platform 12.4.2 includes the following notable enhancements.
AlmaLinux OS Upgrade: When you upgrade to the NetWitness 12.4.2 version, the system will be automatically migrated to AlmaLinux 8.10 version. The NetWitness Platform 12.4 upgrade process is an automatic in place upgrade of both the operating system and NetWitness software. You do not have to follow any specific procedure for upgrading the operating system to AlmaLinux 8.10.
Kernel updates fail to generate the required initramfs and vmlinuz binaries which are equivalent to the latest kernel required for booting the OS. This can lead to a kernel panic state if the node is rebooted without these files and can cause a NetWitness upgrade failure. This issue is now resolved in the 12.4.2 release.
HTTP Strict Transport Security (HSTS) is an optional response header that can be configured on the server to instruct the browser to communicate only via HTTPS. The remote HTTPS server does not enforce HSTS in the NetWitness user interface, and vulnerability scanners have flagged this on a few ports. The absence of HSTS makes it vulnerable to downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections. This issue is now resolved in the 12.4.2 release.
The event time of Critical and High Alerts displayed on the Host Details view is incorrect. Also, an error message Unable to fetch events, server may be down or inaccessible is displayed. As a result, the High alerts are not rendered in the NetWitness UI. This issue is now resolved in the 12.4.2 release.
Unable to log in using AD accounts (Applies for PAM and Netwitness users) after upgrading to 12.4 when the user has more than one role, and the default landing page is not springboard. This issue is now resolved in the 12.4.2 release.
The Event Source Management server allows manual mapped parsers along with other parsers, which creates inconsistencies in parsing the logs. This issue is now resolved in the 12.4.2 release.
The total number of events on the Event Sources tab and Investigate page do not match. Some of the events are missing in the Event Sources list. This issue is now resolved in the 12.4.2 release.
ESM alarms from log sources are not received after upgrading to 12.3.1. This issue is now resolved in the 12.4.2 release.
Even after deleting events from Event Sources, some events appear again in the Event Sources tab. This issue is now resolved in the 12.4.2 release.
Importing the attributes from the CMDB to the event source on ESM causes the ESM database to get corrupted. This issue is now resolved in the 12.4.2 release.
No results appear when viewing the Investigate page and attempting a Context Lookup for a value. Context Lookup issue is detected only on the Investigate Navigate and Legacy Events page. This issue is now resolved in the 12.4.2 release.
Note: This issue is not observed on the Investigate > Events page.
This update addresses the latest security vulnerabilities reported against various libraries the NetWitness Platform uses, including two critical (CVE-2023-6816, CVE-2016-1000027), 36 major, 97 Moderate, and 16 minor vulnerabilities. To learn more about vulnerabilities and security fixes for 12.4.2 release, go to the Security Advisory.
Please refer to NetWitness Platform 12.4.2. Release Notes for detailed information about new features, enhancements, Known Issues, and Build Numbers.
For additional documentation, downloads, and more, visit the NetWitness Platform page on the NetWitness Community.
For more information about online help, Community Forum, and Advisories, visit https://community.netwitness.com.