New Features
Personalize the application appearance by adding a favicon and a logo:
You can now change the look and feel of the Resolution Intelligence Cloud platform to align with your brand adding a favicon and a logo. Navigate to the Account Information Overview page and access the brand settings to upload your logo and favicon onto the platform.
New user Interface of Account Information overview page:
The overview page under account information in the left configuration menu has been revamped with new tabs. Now you can add the following details at domain or organization or tenant levels.
- Account Details - you can enter your company name, company website, address, and set your local time zone and billing owner, and admin contact details along with the email-id.
- Account Settings - you can restrict or allow users from other domains to share the resources available in your account.
- Custom Branding - this allows you to add or change your company logo and favicon icons to highlight them to your organizations and tenants.
New BYOL Chronicle Instance setup for tenants
Resolution Intelligence Cloud now allows you to integrate the Chronicle instance of a tenant by generating a SAML file and sharing it with the Google team to obtain access to the respective tenant's Chronicle instance. Once granted, the SOC team can monitor and safeguard the assets efficiently.
Introduced a new UI for Entities (previously known as Assets)
To align with cybersecurity standards, tangible and intangible Assets are renamed to Entities in the Resolution Intelligence Cloud platform. The whole Assets module has been revamped to consolidate entity data and give more insights at the entity level for the SOC analysts. Using this entity data, the team can act quickly and handle troubleshooting of the security threat.
Entities Overview Page:
- Introduced an Entities Overview page featuring a comprehensive collection of entities published from CMDB and security sources. These entities are organized into categories and classes, allowing further filtering based on functions, sources, states, and tags.
Entity Inventory:
- Implemented Entity Inventory to show all entities that are continuously monitored for security threats in the platform.
Detailed Overview - Entities:
Introduced the Entity Page to provide an in-depth perspective on a particular entity. This includes details on active signals detected, ongoing situations, and the generation of ActOns for the entity. This comprehensive view facilitates a deeper understanding of the entity's status and associated actions.
Enhancements
- Detection Rules new UI: We are excited to introduce an enhanced user interface for managing Detection Rules! This update brings a host of improvements aimed at streamlining your workflow, improving visibility, and empowering better threat detection and response capabilities.
-
- Revamped User Interface: Our Detection Rules' new user interface offers you to see the previous versions, the personnel name who created the rule, and the actions performed on each detection rule.
- Collaboration: With new UI, you can collaborate among multiple stakeholders by providing your comments in right side menu for improved communication.
- Pre-defined YARA-L format: The pre-defined YARA-L format allows you to write your rules error free.
- Metadata Parameters Segmentation: Another exciting feature is that the meta data parameters are classified by MITRE Attack Matrix, Threat Actors, Risks posed, Telemetry source, Signal specifications, and custom tags to navigate through the multiple rules.
-
- Content Packs new UI: We are thrilled to announce the improved user interface for the Content Packs. This upgrade introduces you a more intuitive and refreshed user interface to simplify managing Content Packs.
-
- Redesigned Interface: Experience a cleaner look and feel interface for easy navigation and quick access to Content Packs. You can see the personnel name who created the Pack, and the actions performed on each Pack.
- Rich Visualization: The visual representation allows you to see the number of linked detection rules, associated tenant or organization accounts and the status of auto update feature.
- Collaboration: With new UI, you can collaborate among multiple stakeholders by providing your comments in right side menu for improved communication.
- Enhanced Rules Panel: The right panel of rules enables you see multiple rules with the additional details like their status, version no#s, and created or modified dates etc. You can filter the rules by status and add them to your packs.
- Accounts List: With improved UI, you can see the list of tenant or organizational accounts associated with each pack.
-
- Introduced the following status to the Parsers
-
- Available: The parser is approved, but there is no data ready to parse. Once the data is available, the parser starts parsing the data and it moves to the published state. This state is applicable to tenant level users only.
- Validating: When you publish a parser, our internal engine takes some time to validate it and the status is shown as "Validating" state. This state is applicable to tenant level users only.
- Failed: This state assigns to the parser when it is unable to parse the raw log data due to permission issues or any other issues. This state is applicable to domain or organization or tenant level users.
-
- Rearranged Chronicle CMS features in the left nav-config menu
-
- The existing Chronicle CMS module within the platform has been restructured in the left navigation configuration menu.
- All the functionalities within this module are strategically reorganized to improve user flow and accessibility without change in the existing functionality. Parsers and Log Source monitors have been moved under the Data Ingestion section.
- Users can now find and access Chronicle data functionalities from this section. The reference lists functionality has been moved under Entities to whitelist the domains and IPs, and the other functionalities, such as Content packs, Detection policies, and threat feeds have been put together under the Signals section to define rules and generate detections.
-
- Introduced/removed/disabled the following features in each Entity UI
-
- Added hyperlinks to Signals, Situations, and ActOns under ID column to delve more insights on respective items.
- Added Created On and Updated On columns in Situations and ActOns to know when a Situtaion or ActOn is created or updated.
- Removed Likelihood, Impact, and Confidence columns in ActOns tab.
- Removed Priority column Situations tab.
-
- Enhanced tooltips UI in accordance with standard guidelines to maintain consistency throughout the Resolution Intelligence Cloud.
- Now you can search a behaviour model by all filters present in the behaviour analytics listing page.
- The Situation and ActOn UI has been upgraded. Now, you can differentiate between Security or DigitalOps by examining at the columns available in the UI. For Security, the Situations or ActOns' UI has Situation Analysis column that provides Likelihood, Impact, and Confidence scores. For DigitalOps, there is no such column available in the UI.
- In entities overview page, search your desired category with a space in the search bar is allowed now. This feature helps you search any category that contains spaces in between the words. For example, "Applications & Services".
- Introduced new column names - source, external source, priority, state, and external signal ID to the signals listing table and removed status column to sort out your favourite list of signals.
- In Signals details page, under Situation Info, a text has been modified to "Third Party ID".
- Added date range filter in the Entities and Evidence column in the ActOn work area to filter out the signals correlated that involved in an ActOn according to the specified date range.
- Implemented audit trail for usage & limit metrics where you can track or log if any metrics are creation, upgradation, deletion to enhance transparency and facilitate troubleshooting.
- In the new ActOn work area, under notes tab, pre-defined templates have been introduced. These templates cater to the user needs and improve the workflow of your organization.
- Situation title is enriched with the additional attributes like primary asset and alert tags while configuring the correlation policies.
- Now you can filter the correlation policies by name and source (OpsRamp or Chronicle) in the listing page. By source, you can differentiate between Security and DigitalOps related policies.
- Showing full name for time zones in user account across the Resolution Intelligence Cloud.
- Renamed "Incident Tag" to "Tag" under Situation Tag in the Scoring Rules creation form.
- The following operators have been introduced for UDM field, Reference List, in the Behaviour Analytics creation form.
-
- reference_starts_with
- reference_ends_with
- reference_contains
-
- Added additional columns in Behavior Analytics Home page:
-
- Alerts from last run: The total no.of notifications, warnings, or messages generated as a result of the most recent execution of a model.
- Status of last run: The condition or outcome of the most recent execution of a model. Possible values are: Failure or Success.
-
Comments
0 comments
Please sign in to leave a comment.