Sprint 09
New Features
The new features introduced in this release:
New AI Capabilities for Model Generation in Behavioral Analytics
We have introduced advanced AI capabilities to streamline model generation within the Behavioral Analytics module. The integrated AI allows you to create models based on tailored recommendations.
When you select a recommendation to create a model, the AI gathers the necessary specifications and presents them in YAML format, providing a draft of the initial model. Note that you must manually review and complete any missing data before publishing the model for use.
We have added a refresh button next to the model recommendations, allowing you to generate five new recommendations each time it is refreshed. This ensures you always have the latest and most relevant suggestions for model creation.
Introduced ActOn Settings
Introduced ActOn Settings, allowing you to customize the status, stage, and priority values beyond the system defaults.
Enhancements
These are the enhancements made to existing functionalities on the Resolution Intelligence Cloud.
Integrations
Enable Only Single ITSM Integration at a Time
Users can now enable only a single ITSM integration at a time. To switch to another ITSM integration, the existing one must first be disabled.
Mandatory Chronicle Integration to Enable Mandiant
Enabling Mandiant integration now requires prior activation and configuration of Chronicle. This ensures a seamless integration setup for Mandiant.
Behavior Analytics
Revamped Model Page
The model page has been redesigned for enhanced usability. Aggregate insights are now consolidated on the left, with added flexibility to select specific periods for viewing active models created during the selected duration. By default, the models created in the last 7 days are displayed.
Content Management System
TAXII Service Checkbox Added
We have added a TAXII service checkbox for administrators on the onboarding tenant form. This feature fetches threat intelligence data from the client’s TAXII server in STIX format and sends it to the Resolution Intelligence Cloud. The data is then forwarded to Chronicle. A daily scheduler ensures the latest data is automatically pushed to the platform.
Support for edit and publish options in Parsers
When parsers are published from the domain, organization, or tenant level, the status at the tenant level changes to validating. During this phase, users have the options to edit and publish parsers. The edit option allows users to make necessary modifications to parsers. Once the required changes are made, users can use the publish option to expedite the publishing process to Chronicle.
Platform Resolutions
History (Activity Logs) on ActOns Page
History (Activity logs) are now available for ActOns. This feature records user activities performed on a specific ActOn, detailing the action taken, the user who performed it, and the timestamp.
Tags on ActOns and Situations Pages
Tags can now be added to ActOns. Additionally, tags added through external systems are visible next to the tags option in the ActOn/Situation workspace.
Assign Stage to ActOn and Situation
The stage attribute has been introduced in the ActOn workspace. You can now assign a stage to an ActOn by selecting the appropriate stage value, indicating its phase in the response lifecycle. This helps track the progress and current phase of an ActOn more effectively.
External Sync at Domain and Org Level
The Sync ActOn feature, previously limited to tenants, is now available at the domain and organization levels. This allows users to manually sync ActOn and Situations with external ITSM applications or SOAR.
Support for Copy to Clipboard option in ActOn Analyzer, Notes and Summary tabs
A new copy to clipboard icon has been introduced for each response in ActOn analyzer, allowing users to easily copy AI-generated responses. The same icon has been introduced in the Summary tab and notes under the Activity tab of an ActOn.
Design changes to ActOn and Situations pages
We have made the following design changes to the Situations and ActOn pages:
- Signal Indicators: Signals marked as Primary and root cause signals are labeled with the same name in the Title column, allowing users to easily differentiate these signals from others.
- Consistent Count Visibility: The count on the Detections tab, Entities & Evidence, Entities, and Correlated Signals in both Security and Digital Ops ActOns is now visible to maintain consistency.
- Changed Escalate Icon: The escalate icon has been changed for a more intuitive user experience.
Configurations
Support for valid Port Range in Processing Rules
The port range has been applied to the events.target.port attribute in the processing rules. The valid port values range from 0 to 65535. Security signals received from Chronicle will be evaluated against the conditions specified in the processing rules.
For example, if a security signal includes an events.target.port attribute with a value of 155, the processing rule that matches this condition will trigger the configured action on the signal.
Comments
0 comments
Please sign in to leave a comment.