- 2025 Release Notes
- August 2025
- July 2025
- June 2025
- May 2025
- April 2025
- March 2025
- February 2025
- January 2025
- Known Issues
Known Issues
The New-Scale Security Operations Platform includes the following known issues.
Attack Surface Insights
There are no known issues in Attack Surface Insights
Automation Management
ID | Description |
---|---|
ENG-71726 | When you select an action in an advanced playbook, the action details become unresponsive and fail to load. To resolve this issue:
|
Cloud Collectors
There are no known issues in Cloud Collectors.
Context Management
There are no known issues in Context Mangement.
Correlation Rules
ID | Description |
---|---|
CRB-2368 | If you enter a description containing multiple lines, Case Manager incidents created using Correlation Rules may contain |
CRB-2767 | If a sequence detects the absence of a specific field value and you use the Group by Field functionality on that field, the correlation rule incorrectly triggers on the absence of grouped fields for which the sequence doesn't query. For example, if you use the Group by Field functionality on the |
Dashboards
ID | Description |
---|---|
NGR-2560 | When dashboards are exported or imported, the size and position of the visualization tiles is not maintained. |
NGR-595 | Filters applying the is in the last operator to the Approx Log Time field yield inaccurate results when the time unit is equal to our greater than hours. As a workaround to this issue, express time lengths in seconds or minutes. ![]() |
Log Sources
There are no known issues for Log Sources.
Log Stream
There are no known issues in Log Stream.
New-Scale Platform
There are no known issues in New-Scale Platform.
Outcomes Navigator
ID | Description |
---|---|
NGCM-309 | Outcomes Navigator doesn't properly calculate coverage for Advanced Analytics rules whose rule expressions include session-end or sequence-end events. Affected Advanced Analytics rules include:
|
Search
ID | Description |
---|---|
ENG-75846 | When using Exabeam Query Language (EQL) in advance search mode, usage of a For example, although the following EQL syntax is invalid, it is unintentionally successful: ![]() When this issue is resolved, searches that use this invalid syntax will stop working. Therefore, it is highly recommended to always use the explicit operators: |
NGS-4325 | Occasionally, when using advanced query language operators in Search to generate results in the Table view, the generated table is displayed with a misalignment. The header row is displayed to the left of the column data. This issue appears to be intermittent and has not been reliably reproduced for analysis and resolution. If you encounter this table misalignment issue, and can provide consistent steps to reproduce it, please contact your Exabeam account manager. |
NGS-3376 | Some users are experiencing the interface freezing and becoming unresponsive if they have their “Rows per view” setting set to 100. |
NGS-3137 | When testing a long search query in the Correlation Rules Builder, the Search service does not load as expected, and a message is displayed: |
NGS-1104 | When using Safari, the field summary initial event count is inconsistent. |
Service Health and Consumption
ID | Description |
---|---|
CC-1350 | Legacy cloud collector names are incorrectly displaying as unknown and unspecified on consumption details charts. Example: ![]() |
N/A | Service Health and Consumption dashboards are only available at this time for customers with Exabeam Security Operations Portfolio Licenses |
Site Collectors
Issue ID | Description |
---|---|
NGSCL-1517 | Site Collector installation fails on RHEL 9 because of lack of network support for TLS v1.3 more secured ciphers, without a clear warning. |
NGSCL-1558 | A Site Collector instance occasionally produces an |
NGSCL-2447 | The search filters on the Site Collectors Overview page are case sensitive. Currently, search results are not displayed if you do not match the case with the collector instance name for the key words that you use for searching for collector instances. |
NGSCL-2569 | While editing a Site Collector instance, in Advanced Settings, the Timezone field after initial configuration displays the first city name of the time zone such as UTC/PST on the user interface instead of the exact city name which you selected. |
NGSCL-3674 | While upgrading a Site Collector instance to its latest version, the Windows Event Log agent collector pulls duplicate logs when historic log fetch is enabled. |
NGSCL-3961 | After upgrading a Site Collector instance from version 1.x to 2.x, the server side collectors Splunk, Oracle, MySQL, MSSQL, QRadar, and EStreamer start to fetch historical data based on an old start fetch timestamp. Workaround – If you are using Site Collector version 1.x with the server side collectors installed, and want to upgrade to 2.x version, ensure that you update the Start Fetch Date for the Splunk collector and Iterator column initial value for Oracle, MSSQL, and MySQL collectors to the current time or to the value based on the iterator you defined. Alternatively, you can choose to wait to upgrade the Site Collector instance from 1.x to 2.x version until this issue is fixed. |
Threat Center
There are no known issues in Threat Center.
Threat Detection Management
There are no known issues in Threat Detection Management.