Bug Tracking & Known Issues

API Software
IdDescriptionDate CreatedLast ModifiedPriorityStatus
1Func checkcontenttype() doesn't check media type of new data that's uploaded against the media type specified by the header tag "Content-Type". Should compare media types in list of supported types {"", "text/plain", "application/json", "application/octet-stream", "multipart/form-data", "base64"}, else respond with 415 unsupported content media type.2019-09-012020-06-06LowClosed
2Set preferences when requesting multiple MIME types. To set this preference, q parameter (relative quality factor) is used. Value of q parameter can be from 0 to 1. 0 is lowest value (least preferred) and 1 is highest (most preferred).2019-09-01ImprovementOpen
3Partial compliance with HATEOAS, lacks content-type negotiation. Responses with data return "application/json" and "base64". Responses with errors return "application/json" and "text/plain".2019-09-01ImprovementOpen
4Func getcustomheaders() doesn't get custom headers. Structs "TableData" and "Session" don't support header modifications. A table needs to be added to PostgreSQL.2019-09-01ImprovementOpen
5Repeated messages and responses flood the resource /api/v1/logs. Do not add an entry to /api/v1/logs if the message is the same as previous entry. Increment a series/seq type as frequency/count. Generate a uinst32 hash of the message before adding to logs. Create a range of timestamps with starting times and ending times.2019-09-012020-06-06LowClosed
6Add header tag to specify export format: JSON, XML, YAML, etc.2019-09-01ImprovementOpen
7Create a hierarchy table of booleans for indicating which tables in the database are enabled/activated for feature testing, integration testing, version migrations, and perf improvements. 2019-09-01ImprovementOpen
8Add more statistics to /api/v1/logs for billing to keep track of: number of requests, types of requests, amount of uploaded data, amount of transferred data, total data, total reaction time, etc.2019-09-01ImprovementOpen
9Add a GET-only resource that displays system information of the AWS Dedicated Host including AZ, Compute, Storage, and RDS.2019-09-01ImprovementOpen
10Missing HTTP header for "Expires" to reduce bandwidth from GETs with huge responses2019-09-01LowOpen
11Missing HTTP header for "Cache-Control" to reduce bandwidth from GETs with huge responses2019-09-01LowOpen
12Add header tag to specify date-time format among services2019-09-01ImprovementOpen
13Replace string literals of listcontrols() with a URL crawler that displays hypermedia controls of resources and objects.2019-09-01ImprovementOpen
14Add functionality that locks or prevents the registration of new endpoints2019-09-01ImprovementOpen
15Add support for UTF-8 charsets2019-09-012020-06-06ImprovementClosed
16Add support for UTF-16 charsets2019-09-012020-06-06ImprovementClosed
17Resources are missing parameters for displaying its startup status and total running time.2019-11-14ImprovementOpen
18Resources are missing parameters that control saving its configuration (to disk) and restoring its configuration.2019-11-14ImprovementOpen
19Resources are missing parameters that control whether the resource is powered on or powered off.2019-11-14ImprovementOpen
20Blocks of statements in the code should have unique codes like UUID that can be traced back to which statements or functions ran prior to the error.2019-11-14ImprovementOpen
21Add an option to the resource for "Endpoint Registration" to enable Two-Factor Authenication (2FA) based on the Time-based One-time Password Algorithm via relay of PIN code in Email message.2019-11-29ImprovementOpen
22Add a GET-PUT request to Predictive Security Analytics for "maxreports" that limits the number of requests to the resource2020-04-21LowOpen
23Add a GET-PUT request to Attack Vector Targeting for "maxstorage" that limits the amount of storage used for training.2020-04-212020-07-01LowClosed
24Add a POST request to Attack Vector Targeting for "availablestorage" that returns the amount of storage available in the data lake.2020-04-212020-07-01LowClosed
25Add a GET-PUT request to Predictive Security Analytics for enable/disable of rrl_similarity*2020-04-252020-06-06LowClosed
26Add a GET-PUT request to Predictive Security Analytics for enable/disable of rrl_logic*2020-04-252020-06-06LowClosed
27Add a POST request to Attack Vector Targeting to clear the data lake of an endpoint2020-04-252020-06-06ImprovementClosed
28Add parameters to Attack Vector Targeting for managing the data lake of an endpoint2020-04-25ImprovementOpen
ML Software
IdDescriptionDate CreatedLast ModifiedPriorityStatus
1Anomalous behavior is not detected when (1) an event that was expected to happen as part of a series of events making up a behavior is ommitted or deleted from the machine data on the endpoint; (2) an event that was expected to happen as part of a series of events is missing from the machine data on the endpoint due to corruption during ingestion; (3) the PCA of the surrounding events matches 90% of a learned behavior. RRL recognizes the new PCA as a likely possibility since it's a variation of an acceptable past behavior; this is a serious issue since technically there's nothing wrong with PCA and there's nothing wrong with RRL. The problem is that DeepSentry doesn't rely on a standard frame of reference like a camera or a sensor typical in image analysis that would fill in deleted data or corrupted data with null bytes or zero bytes so there's no way to determine the amount of error and compare the amount of error to events that happened in the past involving the deleted data.2019-12-062020-01-07HighClosed
2DEFCON 2019 challenged hackers in a contest to come up with counter-offensive solutions to machine learning. One prize winner proved that machine learning could be 100% evaded by mimicking the behaviors of software that produce whitelisted events, and further proved that any whitelisting in machine learning is a vulnerability.2020-01-072020-03-01HighClosed