Sprint 11
New features
Create and Publish Rules, Content Packs and Reference Lists through GitHub
Rules, content packs, and reference lists can now be created and managed through GitHub. YAML file templates containing rule details are available in the Git repository. Users should provide the necessary rule details in the YAML files, add rules to the pack file in YAML format, and then commit and push changes to the branch. Once completed, the changes can be deployed to the selected environment. Upon successful deployment, the rules will be published to CMS and Chronicle.
Enhancements
These are the enhancements made to existing functionalities in the Resolution Intelligence Cloud.
Integrations
Advanced Search in Entity Inventory
New advanced search functionality has been introduced on the Entity Inventory page. While basic filters remain available, the advanced search feature allows users to construct queries with multiple conditions using operators. This functionality refines search results when dealing with large volumes of entities, enabling users to build, run, and format complex queries to efficiently obtain relevant results.
Additional Attributes in Enrichment Policies
New attributes have been added to the attribute drop-down menu in the Specify Enrichment Criteria section of enrichment policies, including type, user group name, company name, tag key, client ID, tags, location zip code, tag value, category, state, tag source, name, location, and source name. You can now assign priority, tags, or both to entities that meet the specified criteria.
Portal Engineering
Enhancements to Usage and Metrics
Previously, only ingested volume metric had the dashboards and now the dashboards have been introduced for every metric you view on the usage and metrics page.
Behavior Analytics
Minimum Threshold Value for Models
A minimum threshold value of 0.05 has been established for creating behavioral models. Attempts to set a value below this threshold will automatically default to 0.05. This update is reflected on the Behavioral Model Simulation page, ensuring that the threshold can only be set to 0.05 or higher. This change aims to reduce discrepancies between variance scores and the number of behaviors.
Platform Resolutions
Added Feedback option for responses in ActOn Analyzer
The thumbs up and down options can now be viewed for each response generated by the ActOn Analyzer. This option helps to understand whether the generated AI response is helpful or requires improvement.
Insights
Improved Tooltip Display
Previously, tooltips were visible for all fields on the dashboard widgets. Now, tooltips are only displayed for fields with truncated text.
Sprint 10
New Features
These are the new features added to the Resolution Intelligence Cloud:
Introduced teams and team assignment to ActOns
We have introduced new functionalities for managing teams and assigning them to work on ActOns. Here’s an overview of the new features:
Team management
- Create Teams
- Users can now create teams by adding one or multiple members. Teams can be edited, deleted, and marked as active or inactive.
- Team assignment to ActOns
- Support for Teams in ActOns
- Users can assign an ActOn to a team. The assigned team can be from Domain, Organization or Tenant levels in the Account Hierarchy.
- Support for Teams in ActOns
Enhancements
These are the enhancements made to existing functionalities in the Resolution Intelligence Cloud.
Integrations
New Attributes in ActOn and Situation Data sources for Notifications
We have added three new attributes—Priority, Assigned to, and Status—to the ActOn data source, and the Status attribute to the Situation data source in System Notifications. When an event is triggered based on the specified priority or status, or when an ActOn is assigned to a configured user, a notification is sent to the configured notification channel.
Behavior Analytics
Model Generation Enhancements
We’ve made enhancements to the AI model generation process, including:
- Addition of two new fields in YAML Specification: When creating a model for a particular recommendation, the AI gathers specifications and presents them in YAML format. Along with other details, the tactics and techniques used are now shown.
- Default of YAML values: You no longer need to manually use the Create Model button to apply YAML values to the model creation form. Once the model is generated, all YAML values will be automatically populated on the new create model page.
- Enhanced Model Display Format: The model display format has been updated from a dialog to a form. This form-based approach allows for a more intuitive and user-friendly experience.
- Preserved AI Chat Integration: After the model is created, the generated model in the AI chat is preserved and appears as an extension to the model creation form. This chat can be easily collapsed and expanded.
Display Count in Procedural Filtering
Previously, only the total count for each section was displayed. Users can now view the count of individual values to the total count within each section of aggregated model trends, such as model type, tactics, techniques, sub-techniques, threat actors, log sources, tools, and model count.
Changed Inline Banners
Inline banners have been added throughout the Behavioral Analytics module.
Signal Analytics
Procedural Filters Sorting in Descending Order
Procedural Filters now automatically sort fields in descending order based on the unique values in each dimension, allowing users to quickly identify fields (dimensions) with the most data.
Platform Resolutions
Support for Tag and Stage Filters in Situations and ActOns Page
We’ve added tags and stage filters on the ActOns and Situations pages. Users can now filter ActOns and Situations by specific tags and stages to get relevant results.
Enhancements to ActOn Settings
The ActOn Settings page has been improved with the following enhancements:
- Restricted the length of status and stage names to minimum of 2 characters and maximum of 20 characters.
- Added validation messages and field-level help text.
- Restricted change to default name of the Closed status on the Status tab.
Situation ID Hyperlink in Signal Listing Page
Every Situation ID is now hyperlinked in the Signals listing page. Clicking on this link redirects the user to the respective Situation page.
Feature Deprecation
Deprecation of Attributes
Attributes such as Asset Count, Primary Asset Location, and Asset Location from the ActOn policy page are deprecated. The Prime Asset Location attribute is removed from the Situation Title field in Correlation Policies.
Comments
0 comments
Please sign in to leave a comment.