4. Known problems and limitations

4.1. Netdata export - temporary lack of information

When repeatedly enabling/disabling the Netdata export, the monitoring information related to the detection probes may become momentarily unavailable for a period of 5 to 20 minutes.

Workaround: No solution.

4.2. GCenter Backup/Restore - Error management

If an error is made by the user when following the restoration procedure, the menu progress bar remains blocked and no error message can be seen in the WebUI.

Workaround: No solution.

4.3. GCenter Backup/Restore - Pairing GCap

Following a GCenter backup, if the GCap pairing is deleted, then restoring the backup will not enable restoring the connection with the previously deleted GCap.

Workaround: Reapply the pairing.

4.4. Disable LDAP configuration with LDAP server off

Disabling an LDAP configuration generates an error if the LDAP server is inaccessible.

Workaround: Make a valid LDAP configuration with the accessible LDAP server in order to disable the desired configuration

4.5. Incorrect GCap status after updating the GCenter

The status of the GCap may be erroneous following the GCenter update (Last update = unknown / Status: Online but update outdated)

Workaround: Reapply the ruleset configuration at the GCap level.

4.6. Kibana - GeoIP Maps

Viewing GeoIP information within Kibana dashboards is impaired.

Workaround: No solution.

4.7. Sigflow Manager - Transform Category

Applying a Transform category raises a 500 error if no ruleset is available on GCenter.

Workaround: Create a ruleset.

4.8. Sigflow Manager - Error 500 when adding a rule to a custom source

Adding a rule raises a 500 error if the following conditions are present:

The rule is added by editing a custom source
The rule already exists in another custom source (same SID)

Workaround: Change the rule's SID that is to be added in order to avoid the SID conflict.

4.9. Sigflow Manager - Inconsistency in the display of the number of categories and rules of a category

The `Sigflow > Sources` homepage shows the number of categories and rules contained in each source.
It is possible that the information displayed is inconsistent with the sources' actual content.
This situation may occur after editing a custom source or an update.

Workaround: No workaround.

4.10. Upgrade - LDAP configuration made in v2.5.3.100 and never modified since generates an error

The LDAP configuration made in v2.5.3.100 and never modified since causes a problem when migrating to v2.5.3.102.

Workaround : This problem is fixed in V2.5.3.102-HF1.

If in doubt, please contact Gatewatcher technical support.

4.11. Sigflow configuration - Custom source name cannot contain space

In the Config - Sigflow/sources screen of the legacy web UI, it is possible to define a custom source of signatures for the Sigflow detection engine.
During the addition procedure, the source name must be entered.
This name must not contain any space otherwise it will generate an error.

Workaround: Change name by removing spaces.

4.12. Limiting storage of indexed data in ElasticSearch

In v2.5.3.102, ES indices have been migrated to a more performant storage but it reduces space available to keep the data.

Workaround: This problem is fixed in V2.5.3.102-HF1.
Please refer to the procedure in the Hotfix section of this release note.
If in doubt, please contact Gatewatcher technical support.

4.13. A component crashes when it receives an empty evelog

In v2.5.3.102, sending an empty evelog causes the crash of a GCenter component.

Workaround: This problem is fixed in V2.5.3.102-HF1.

4.14. ActiveHunt - Problem with SID duplication

In v2.5.3.102, in some cases ActiveHunt could generate Sigflow rules with a duplicate SID.

Workaround: This problem is fixed in V2.5.3.102-HF1.

4.15. LDAP - Problem to activate the module

In v2.5.3.102, in some cases, activating LDAP module is impossible.

Workaround: This problem is fixed in V2.5.3.102-HF1.

4.16. GCenter Backup/Restore - Problem with NDR dashboards

In v2.5.3.102, after restoring a backup NDR dashboards are no longer operational.

Workaround: This problem is fixed in V2.5.3.102-HF1.

4.17. GCenter Backup/Restore - Network configuration

In v2.5.3.102, when a backup file is applied, network configuration of MGMT0 is restored which it can cause issues.

Workaround: This problem is fixed in V2.5.3.102-HF1.

4.18. GCenter Backup/Restore - Error with FQDN

In v2.5.3.102, when restoring a backup, if the FQDN of the target GCenter is different then an error occurs.

Workaround: Need to change GCenter FQDN and restart.

4.19. GCenter Backup/Restore - Build number

In v2.5.3.102, it's impossible to identify the build number of a backup file.

Workaround: This problem is fixed in V2.5.3.102-HF1.

4.20. NDR - data deletion

In v2.5.3.102, when an administrator triggers a manual data deletion (in `Data Management > Data Deletion`), some data of NDR dashboard are not correctly deleted.

Workaround: This problem is fixed in V2.5.3.102-HF1.

4.21. WebUI - Access problem when MTU is modified

In v2.5.3.102, in some cases, if the MTU of MGMT0 is decreased, the WebUI access is no longer possible.

Workaround: This problem is fixed in V2.5.3.102-HF1.

4.22. Upgrade - Problem with the counters of files waiting to be analyzed

After an upgrade to v2.5.3.102, in some cases, the counters of the pending files no longer change and display an incorrect value.

Workaround: This problem is fixed in V2.5.3.102-HF1.

4.23. Upgrade - Problem when Codebreaker processes payloads

After an upgrade to v2.5.3.102, in some cases, Codebreaker is not able to process payloads.

Workaround: This problem is fixed in V2.5.3.102-HF1. A problem could persist with the counters of files waiting to be analyzed.

If in doubt please contact Gatewatcher technical support.

4.24. Upgrade - Problem with Syslog export when TLS is enabled

After an upgrade to v2.5.3.102, Syslog export, with TLS enabled, is no longer operational.

Workaround: This problem is fixed in V2.5.3.102-HF1.

4.25. Upgrade - Problem of communication between internal components

After an upgrade to v2.5.3.102, communication between some components is no longer operational.

Workaround: This problem is fixed in V2.5.3.102-HF1.

4.26. WebUI - Problem when a search is performed with a specific date range

On WebUI, in the NDR dashboards, when a search is performed with a specific date range, the search over a period of time is done in UTC while the results are displayed in UTC+1.

Workaround: This problem is fixed in V2.5.3.102-HF1.

4.27. WebUI - Problem to update password and user profil

Users belonging to Administrator group are not able to update their password or edit their profil through the WebUI.

Workaround: This problem is fixed in V2.5.3.102-HF1.

4.28. WebUI - Display problem when some specific protocols are enabled

When some specific protocols are enabled, this can cause errors in some NDR dashboards.

Workaround: This problem is fixed in V2.5.3.102-HF1.

4.29. Error code 500 after the modification of the storage for ES data

Following the change of ES data storage media, a temporary 500 error may appear when accessing Kibana.

Workaround: Wait few minutes.

4.30. Kibana - Problem with shortcuts generated through NDR interface

When using the `Go hunting` feature in the NDR alerts dashboard, there is a time issue in the Kibana redirect.

Workaround: This problem is fixed in V2.5.3.102-HF1.

4.31. Sigflow Manager - Problem importing rules with an existing SID

When removing a pre-installed source and then importing a source with existing SIDs in the previously removed source, the GCenter does not restart correctly.