Sprint 08
Enhancements
Configurations
New Attribute in Processing Rules and Correlation Policies
A new attribute, `events.principal.location.countryOrRegion`, is now available in processing and correlation rules. This attribute enables the specification of the country or region for correlating signals based on defined conditions.
New Attributes in ActOn Policy
ActOn Policy query builder now includes confidence, likelihood, and impact scores. Situations that meet specified scores are converted to ActOns, and are visible on the ActOns page.
Integrations
Introduced Widgets in Entities
New Widgets on the Entities overview page provide the following details:
- Display New entities synced over the past 7 days. Users can also view entities synced by categories.
A list of critical entities. - A detailed view of entities synced from individual sources (e.g., CMDB, ASE, cloud, security sources).
- Clicking on each source will show the total entities synced by source.
Design Changes in Single Entity Page
Action options like "mark as critical," "sync now," "add tags," and "assign functions" are consolidated into a single drop-down for improved accessibility.
JSON Plugin and Export Enhancements in Entity Details
The JSON Plugin update enhances usability by introducing expandable/collapsible JSON code. Additionally, users can now export filtered entities to a JSON file from the Entity Inventory Page and receive this file via email.
Signal Analytics
Added Functions Dimension for Aggregate Insights
Users can now filter signals by Functions for analysis. These signals are generated after satisfying the conditions set within the functions.
Behaviour Analytics
Advanced Filters Added to Models List
Enhanced search and filter capabilities in the Models tab on the Detection Policies page.
Insights
Hyperlink in Dashboard Creation Page
A link icon is added when creating a widget on the dashboard. Clicking the link shows a list of published dashboards to link the appropriate dashboard to the widget for more insights. The linked dashboard can now be opened in a new tab from the widget footer after publishing.
Content Management System
Restricted Edit Pack Access
Edit content pack option now restricted to creator level, enhancing security and control.
Platform Resolutions
Manual Sync for ActOns/Situations to External Systems
A new 'Sync ActOn' link has been added to the ActOn and Situations, allowing users to manually sync ActOn and situation with external applications such as JIRA and Chronicle SOAR.
Delink and Root Cause for Detection
Mark the signal as “root cause” is introduced. Additionally, you have the flexibility to delink signals excluding primary signals, to either a new ActOn or an existing ActOn.
Accounts and Subscriptions
Design Changes to the Subscription Page
The Account Subscription page has undergone significant redesign:
- New Colour Schemes: Subscription cards now feature updated colour schemes.
- Reorganized Information: Information on the cards has been restructured for clarity.
- Expired Status: An "expired" status is now displayed when the renewal date passes.
Toasters and Inline Banners Design Changes
Changes in toaster and inline banner designs have been implemented across the platform
Restoration of Upgrade Options
Previously deprecated upgrade options to organization and domain levels in All Accounts have been restored.
Sprint 07
New features
Mandiant Integration
Users can now integrate the Mandiant security source with the Resolution Intelligence Cloud. This integration enables threat intelligence data sync into the Resolution Intelligence Cloud. Integrating Mandiant allows you can sync Indicators of Compromise (IOCs) to the platform, enhancing your security posture with the latest threat intel.
Calling (Script) Templates for Escalations
Calling templates can be created as plain text or in Nunjucks format, allowing you to personalize the messages with customer-specific information. Users can link these templates to the escalation policy, ensuring that whenever an ActOn is triggered, the user is notified with the pre-defined message from the calling template.
Escalation template management is provided to view, edit and Delete templates.
Escalation Urgency in Functions
Introducing escalation urgency settings within the functions page. Users can now create an escalation policy directly from this page and associate it with a specific function. The Functions listing page has been updated with new column called Escalation Urgency, which shows the urgency settings of a function.
Enhancements
Following enhancements are made to multiple modules on the Resolution Intelligence CloudTM.
Configurations
- Improved In-line banners and validation messages in the configuration pages
- Ability to use Escalation Template for escalation policies
- Enhanced listing page for escalation policies with the ability to list of functions linked to the escalation policy
Integrations
- Region field has been added to the AWS instance page, allowing users to select the region from which entities must be synced.
- Improved Add Tags Design on Single Entity Page. Where users can add more than seven tags, the additional tags are wrapped into a "More" option.
- Icons have been introduced to all classes under various categories in the Entities section to facilitate easy identification of each class and enhance the visual appearance of the page.
- CSV export option has been added to the Entity Inventory page, allowing you to export filtered entities to a CSV file.
- A new "Ingested Source" filter has been introduced on both the Overview and Listing pages.
- The Entity Inventory page now includes a date filter, allowing users to filter entities by date. By default, all entities are displayed. Users can choose to view entities synced using date/time range options
Signal Analytics
- A range slider has been added to the line chart under time series analysis view. Selecting the range using this slider will allow you to view the signals generated during the selected period.
- Signals Window: The Signals window has been replaced with a side panel showing the list of signals generated on a specific date.
- Day Drop-Down and Y-Axis Values: The day drop-down menu has been moved to the right side of the screen. Correspondingly, the values on the Y-axis have also been repositioned to the right for better alignment and readability.
- Date Display at Signal Breakdown: When you click on a signal breakdown point on the line chart, the date along with the number of signals generated on that specific date will be displayed. You can navigate through the signals generated on preceding and succeeding days using the back and next arrows, providing a comprehensive view of signal trends over time.
Analytics & Insights
Advanced Filters Added to Behavioural Models to enables users to define search criteria to retrieve relevant records from the respective tables. Users can apply operators such as equals, not equal, like, and not like to fetch records that match specific criteria.
Chronicle Management System
- The threat feeds published in Chronicle may occasionally fail due to issues. When this happens, the threat feed will automatically attempt to republish every 5 minutes, up to three times.
- Only the latest version of detection rules will remain in the enabled state in the Chronicle. Prior versions of detection rules will be set to the disabled state.
Platform Resolutions
- Asset ID Link redirects to Entities Page
- De-link and Re-link Signals to ActOns
- Added options to Delete Individual or Entire Chat in ActOn Analyzer.
Comments
0 comments
Please sign in to leave a comment.