Skip to main content

Cloud-delivered Advanced AnalyticsAdvanced Analytics i63 Release Notes

Advanced Analytics i63.5

The following issues were addressed in Advanced Analytics i63.5:

Issue ID

Description

CONT-17429

To reduce false positive alerts and provide more accurate threat detection, the scoring system for IP addresses collected from threat detection services has been modified. The default score for IP addresses, as assigned in the is_ip_threat field, has been reduced to a score of 1.

For a list of the rule score changes, see Scoring Updates for IP Threat Rules in the Security Content Release Notes.

EXA-31707

Fixed an issue encountered during threat hunting where the Data Upload size was mislabeled as MB instead of MiB. The UI label is now corrected.

EXA-35817

Fixed an issue with model calculations that affected up to 320 rules. The model threshold calculation incorrectly evaluated event counts as anomalous based on outdated model snapshot data, causing rules to be either over or under triggered. With this fix, the percentile threshold count is now always calculated based on the latest model snapshot data instead of cached snapshots. This fix does not change the underlying calculation logic for the percentile threshold count.

EXA-36685

Fixed an issue on asset timeline pages where setting a date/time ahead of the current time resulted in an error that required the page to be reloaded. With this fix, a No more data message is displayed to indicate that data for future dates does not yet exist.

EXA-36703

Fixed a processing issue where Alert Triage did not raise alerts from some third-party vendors.

EXA-36988

Fixed an issue on the Exabeam Rules page where the Action drop-down menu was not fully visible on the last rule in the search list.

EXA-37190

On the System Activity page, the text color has been changed to make it visible in Day Mode.

EXA-37376

Fixed an issue where asset timelines could not load domain controller timelines. When this occurred the timeline would appear to hang without loading data. This was due to an error with the logic for defining asset IDs by IP address or hostname.

EXA-37380

Fixed an issue on the Timeline pages where the screen would hang and Timeline buttons would become disabled.

EXA-37441

Fixed an issue where Data Insights and Rule Definitions were not available for some processes when peerGroupInfo and groupInfo could not be determined.

EXA-37559

Introduced an enhancement to improve performance related to reprocessing time after Advanced Analytics restarts. With this enhancement, the time required to analyze logs during the downtime is now significantly decreased.

EXA-37788

Fixed an issue with worker nodes that caused processing delays when an empty event list was encountered. With this fix, worker nodes can now proceed with processing to avoid any additional delays and provide additional helpful details in the log.

NGPM-1425

Fixed a link on the Exabeam Engine page for initiating UIP Log Reprocessing through Customer Support.

PLT-13600

Fixed an issue that caused excessive delays with audit log ingestion times and anomaly notifications.