New Features
These are the new features added to the Resolution Intelligence Cloud:
Alert Burst Control in Signals
When a high volume of signals is triggered in a short period—due to misconfigured detection rules or customer outages, exceeding the subscription’s ingestion rate—signals are queued in the alert burst control and processed slowly. The option is provided to prioritize Critical signals, while unnecessary signals can be discarded or deleted.
Enhancements
These are the enhancements made to existing functionalities in the Resolution Intelligence Cloud.
Entities
New Attributes in Advanced Search of Entities
New attributes, such as User ID, Username, User Phone Number, and User Email Address have been added to the advanced search query options in entities.
New Attributes for Enrichment Policies
New attributes have been added to the attribute drop-down menu in the Specify Enrichment Criteria section of enrichment policies, including Employee ID, Company Name, Department, Username, User Email Address, Phone Number, User ID, Manager Department, Manager Employee ID, and Manager Designation.
Chronicle Entity Classification
Previously, Chronicle entities were grouped into four broad categories. In this update, each entity is now classified into a specific category within the Resolution Intelligence Cloud platform. With over 30 resource types in Chronicle, each is assigned both a category and a class, following the defined ontology of the Resolution Intelligence Cloud. This structured classification ensures that when a sync is performed, all entities are accurately synchronized and classified into their respective categories on the Entities overview page.
Notifications
New attributes in System Notifications
New attributes have been added to the ActOn and Situation data sources in system notifications: stage, incident source, subject, tenant (at the organization level), and organization (at the domain level).
Content Management System (CMS)
Enhancements to Threat Feeds
Users at the domain, organization, and tenant levels can now add a URL to fetch threat feeds. Additionally, a new option allows users to update and republish failed threat feeds to Chronicle. This update option is only available for threat feeds in the failed state.
Processing Rules
Added IN CIDR Operator for Target and Principal IP Attributes
Previously, there was no option to specify subnet ranges for principal and target IPs in processing rules. To address this, the IN CIDR operator has been added, allowing users to group IP addresses by subnet and apply processing rules to entire subnets rather than individual IP addresses. This option is only available when events.principal.ip or events.target.ip is selected.
Resolutions
Closed Reasons for ActOn and Situation
Users can now provide a reason when closing ActOns or situations, instead of closing them outright. Upon selecting the closed status, a side panel appears, allowing users to choose a closure reason—such as benign, resolved, self-heal, closed by an external system, or false positive—and add a resolution note. The same options are available for bulk closures on the listing pages for ActOns and situations.
Signal Analytics
Expanded Access to Signal Analytics
The signal analytics module is now accessible at the domain and organization levels, depending on user permissions. Users such as Owners, Global Admins, Managers, Responders, Observers, and Configuration Managers can access this feature.
Updated Histogram Fields in Signal Analytics
Duplicate fields have been removed from the signal analytics histogram, and new fields have been added to provide more valuable insights.
Dashboards
Change of Dimension Names in UDM Events and UDM Events Aggregate
UDM Events and UDM Events Aggregates have different dimensions, and all these dimension names have been updated to new UDM dimension names at the tenant level. For detailed information, please visit the support site.
Comments
0 comments
Please sign in to leave a comment.