4. Known problems and limitations
4.1. Netdata export - temporary lack of information
When repeatedly enabling/disabling the Netdata export, the monitoring information related to the detection probes may become momentarily unavailable for a period of 5 to 20 minutes.
Workaround: No solution.
4.2. GCenter Backup/Restore - Error management
If an error is made by the user when following the restoration procedure, the menu progress bar remains blocked and no error message can be seen in the WebUI.
Workaround: No solution.
4.3. GCenter Backup/Restore - Pairing GCap
Following a GCenter backup, if the GCap pairing is deleted, then restoring the backup will not enable restoring the connection with the previously deleted GCap.
Workaround: Reapply the pairing.
4.4. Disable LDAP configuration with LDAP server off
Disabling an LDAP configuration generates an error if the LDAP server is inaccessible.
Workaround: Make a valid LDAP configuration with the accessible LDAP server in order to disable the desired configuration
4.5. Incorrect GCap status after updating the GCenter
The status of the GCap may be erroneous following the GCenter update (Last update = unknown / Status: Online but update outdated)
Workaround: Reapply the ruleset configuration at the GCap level.
4.6. Kibana - GeoIP Maps
Viewing GeoIP information within Kibana dashboards is impaired.
Workaround: No solution.
4.7. Sigflow Manager - Transform Category
Applying a Transform category raises a 500 error if no ruleset is available on GCenter.
Workaround: Create a ruleset.
4.8. Sigflow Manager - Error 500 when adding a rule to a custom source
Adding a rule raises a 500 error if the following conditions are present:
The rule is added by editing a custom source
The rule already exists in another custom source (same SID)
Workaround: Change the rule's SID that is to be added in order to avoid the SID conflict.
4.9. Sigflow Manager - Inconsistency in the display of the number of categories and rules of a category
The
`Sigflow > Sources`
homepage shows the number of categories and rules contained in each source.It is possible that the information displayed is inconsistent with the sources' actual content.
This situation may occur after editing a custom source or an update.
Workaround: No workaround.
4.10. Upgrade - LDAP configuration made in v2.5.3.100 and never modified since generates an error
The LDAP configuration made in v2.5.3.100 and never modified since causes a problem when migrating to v2.5.3.102.
Workaround : This problem is fixed in V2.5.3.102-HF1.
If in doubt, please contact Gatewatcher technical support.
4.11. Sigflow configuration - Custom source name cannot contain space
In the Config - Sigflow/sources screen of the legacy web UI, it is possible to define a custom source of signatures for the Sigflow detection engine.
During the addition procedure, the source name must be entered.
This name must not contain any space otherwise it will generate an error.
Workaround: Change name by removing spaces.
4.12. Limiting storage of indexed data in ElasticSearch
In v2.5.3.102, ES indices have been migrated to a more performant storage but it reduces space available to keep the data.
Workaround: This problem is fixed in V2.5.3.102-HF1.
Please refer to the procedure in the Hotfix section of this release note.
If in doubt, please contact Gatewatcher technical support.
4.13. A component crashes when it receives an empty evelog
In v2.5.3.102, sending an empty evelog causes the crash of a GCenter component.
Workaround: This problem is fixed in V2.5.3.102-HF1.
4.14. ActiveHunt - Problem with SID duplication
In v2.5.3.102, in some cases ActiveHunt could generate Sigflow rules with a duplicate SID.
Workaround: This problem is fixed in V2.5.3.102-HF1.
4.15. LDAP - Problem to activate the module
In v2.5.3.102, in some cases, activating LDAP module is impossible.
Workaround: This problem is fixed in V2.5.3.102-HF1.
4.16. GCenter Backup/Restore - Problem with NDR dashboards
In v2.5.3.102, after restoring a backup NDR dashboards are no longer operational.
Workaround: This problem is fixed in V2.5.3.102-HF1.
4.17. GCenter Backup/Restore - Network configuration
In v2.5.3.102, when a backup file is applied, network configuration of MGMT0 is restored which it can cause issues.
Workaround: This problem is fixed in V2.5.3.102-HF1.
4.18. GCenter Backup/Restore - Error with FQDN
In v2.5.3.102, when restoring a backup, if the FQDN of the target GCenter is different then an error occurs.
Workaround: Need to change GCenter FQDN and restart.
4.19. GCenter Backup/Restore - Build number
In v2.5.3.102, it's impossible to identify the build number of a backup file.
Workaround: This problem is fixed in V2.5.3.102-HF1.
4.20. NDR - data deletion
In v2.5.3.102, when an administrator triggers a manual data deletion (in
`Data Management > Data Deletion`
), some data of NDR dashboard are not correctly deleted.Workaround: This problem is fixed in V2.5.3.102-HF1.
4.21. WebUI - Access problem when MTU is modified
In v2.5.3.102, in some cases, if the MTU of MGMT0 is decreased, the WebUI access is no longer possible.
Workaround: This problem is fixed in V2.5.3.102-HF1.
4.22. Upgrade - Problem with the counters of files waiting to be analyzed
After an upgrade to v2.5.3.102, in some cases, the counters of the pending files no longer change and display an incorrect value.
Workaround: This problem is fixed in V2.5.3.102-HF1.
4.23. Upgrade - Problem when Codebreaker processes payloads
After an upgrade to v2.5.3.102, in some cases, Codebreaker is not able to process payloads.
Workaround: This problem is fixed in V2.5.3.102-HF1. A problem could persist with the counters of files waiting to be analyzed.
If in doubt please contact Gatewatcher technical support.
4.24. Upgrade - Problem with Syslog export when TLS is enabled
After an upgrade to v2.5.3.102, Syslog export, with TLS enabled, is no longer operational.
Workaround: This problem is fixed in V2.5.3.102-HF1.
4.25. Upgrade - Problem of communication between internal components
After an upgrade to v2.5.3.102, communication between some components is no longer operational.
Workaround: This problem is fixed in V2.5.3.102-HF1.
4.26. WebUI - Problem when a search is performed with a specific date range
On WebUI, in the NDR dashboards, when a search is performed with a specific date range, the search over a period of time is done in UTC while the results are displayed in UTC+1.
Workaround: This problem is fixed in V2.5.3.102-HF1.
4.27. WebUI - Problem to update password and user profil
Users belonging to Administrator group are not able to update their password or edit their profil through the WebUI.
Workaround: This problem is fixed in V2.5.3.102-HF1.
4.28. WebUI - Display problem when some specific protocols are enabled
When some specific protocols are enabled, this can cause errors in some NDR dashboards.
Workaround: This problem is fixed in V2.5.3.102-HF1.
4.29. Error code 500 after the modification of the storage for ES data
Following the change of ES data storage media, a temporary 500 error may appear when accessing Kibana.
Workaround: Wait few minutes.
4.30. Kibana - Problem with shortcuts generated through NDR interface
When using the
`Go hunting`
feature in the NDR alerts dashboard, there is a time issue in the Kibana redirect.Workaround: This problem is fixed in V2.5.3.102-HF1.
4.31. Sigflow Manager - Problem importing rules with an existing SID
When removing a pre-installed source and then importing a source with existing SIDs in the previously removed source, the GCenter does not restart correctly.
Workaround: This problem is fixed in V2.5.3.102-HF3.
4.32. Network - Problem when configuring two interfaces on the same subnet
When configuring two interfaces in the same broadcast domain, a connection problem may occur randomly.
Workaround: This problem is fixed in V2.5.3.102-HF3.
4.33. File management - Improved management of truncated files
When a file is truncated during its reconstruction by the GCap, its shasum does not correspond to the one present in the evelog and no message is present in the logs.
Workaround: This problem is fixed in V2.5.3.102-HF3.
4.34. LDAP - Problem with a configuration input error
An authentication error occurs if the configuration applied is incorrect.
Workaround: This problem is fixed in V2.5.3.102-HF3.
4.35. `Backup/Restore`
- Authentication problem when restoring a backup
A problem with authentication and rights may arise when restoring a backup.
Workaround: This problem is fixed in V2.5.3.102-HF3.
4.36. GCap pairing - OTP generation problem
A problem may occur when generating an otp for pairing a GCap.
Workaround: This problem is fixed in V2.5.3.102-HF3.
4.37. Yara rules - Problem triggering Yara rules
A problem may occur when triggering Yara rules.
Workaround: This problem is fixed in V2.5.3.102-HF3.
4.38. `GCaps profiles`
- Problem with advanced variable base configuration
Using the options available in the
`Set advanced memory configuration`
menu may generate an error.Workaround: This problem is fixed in V2.5.3.102-HF3.
4.39. GCTI - Generation of DNS rules with a detection range that is too wide
For the DNS protocol, the GCTI module can generate detection rules whose detection range is too wide, resulting in too many alerts.
Workaround: This problem is fixed in V2.5.3.102-HF3.
4.40. WebUI - Error when using the Chrome V113+ browser
Using Chrome 113+ (and other Chromium-based browsers) may generate errors when browsing the GCenter WebUI.
Workaround: This problem is fixed in V2.5.3.102-HF3.
4.41. Migration - Wrong default value
In some cases, the default value for data retention is not correct.
Workaround: This problem is fixed in V2.5.3.102-HF3.
4.42. Migration - Making migration more reliable
If the user does not wait for the update to be completed before restarting the GCenter, it will not restart correctly.
Workaround: This problem is fixed in V2.5.3.102-HF3.
4.43. GPS - Improvement to the PowerShell analysis module
Improvements have been made to the GPS module for PowerShell analysis.
Workaround: This problem is fixed in V2.5.3.102-HF3.
4.44. Migration - Error when entering an incorrect value in the Netdata configuration
An error occurs during migration if an incorrect value has been entered in the Netdata configuration.
Workaround: This problem is fixed in V2.5.3.102-HF3.
4.45. `CGaps profiles`
- Errors when configuring Net variables
Errors may occur when configuring Net variables if several GCaps are paired with the GCenter.
Workaround: This problem is fixed in V2.5.3.102-HF3.
4.46. Malcore - Error in the event type of the "File is lost" event
An error is present in the event type of the "File is lost" event generated by the Malcore engine.
Workaround: This problem is fixed in V2.5.3.102-HF3.
4.47. `Emergency Mode`
- Problem running the service
In some cases, the
`emergency mode`
does not run correctly.Workaround: This problem is fixed in V2.5.3.102-HF3.
4.48. `Backup/Restore`
- Problem with Sigflow Manager when restoring certain categories
A problem may occur when restoring the source configuration in the Sigflow Manager module.
Workaround: This problem is fixed in V2.5.3.102-HF3.
4.50. `Backup/Restore`
- Local accounts are not restored correctly
A problem may occur when restoring local accounts.
Workaround: This problem is fixed in V2.5.3.102-HF3.
4.51. WebUI - Problems with the display of IP addresses in the hostname column of the NDR dashboards
In some cases, the IP addresses contained in the hostname column of certain NDR dashboards are not in the correct order.
Workaround: This problem is fixed in V2.5.3.102-HF3.
4.52. Eve logs - Problem with the component that receives eve logs
In some cases, the component receiving the eve logs does not restart automatically.
Workaround: This problem is fixed in V2.5.3.102-HF3.
4.53. Migration - Error using IDMEF in syslog export
Using the IDMEF codec in the syslog export configuration causes an error.
Workaround: This problem is fixed in V2.5.3.102-HF3.
4.54. Update - Error during successive updates since v2.5.3.10
An error occurs when applying an update when the original version is the v2.5.3.10.
Workaround: This problem is fixed in V2.5.3.102-HF3.