Sprint 14
New Features
These are the new features added to the Resolution Intelligence Cloud:
Introduced Import Entities Feature in Entities Overview
We've introduced the Import Entities feature, enabling users to efficiently import entities from CSV files into Resolution Intelligence Cloud. This feature is designed for organizations that do not have existing integration options to sync entities with Resolution Intelligence Cloud. Key capabilities include:
Bulk Import from CSV: Users can upload a CSV file containing entity details and map the CSV columns to the corresponding fields in Resolution Intelligence Cloud, ensuring a smooth and accurate data import. They can choose to import all entities or only those that meet the conditions defined in the ingestion policy.
Enhancements
These are the enhancements made to existing functionalities on the Resolution Intelligence Cloud.
Integrations
Enhancements to BYOC Chronicle Integration
Several enhancements have been made to link the Bring Your Own Chronicle (BYOC) in integrations, focusing on ease of use, security, and flexibility. Key improvements include:
- SSO Flow on UI: The SSO process, previously handled through the backend, can now be integrated directly from the UI. Users can securely connect to their Chronicle instance by simply providing the instance URL and callback URL, eliminating the need for backend intervention and streamlining the setup process.
- Module set up: Users can now enable the CMS features by uploading keys. Additional keys are set to optional to facilitate uploading keys later using the edit option to enable other features. Users also have the option to replace existing keys, providing greater flexibility during the setup process.
- Enhanced Activity Table and Separate page to view configured Chronicle details: Previously, the Chronicle setup details and activity were displayed by expanding the Chronicle Instance Setup section. Now, users are redirected to a new page to view Chronicle and activity details, improving navigation and user experience.
Entities
Entities Overview: Manage Columns Enhancement
We’ve improved the Manage Columns functionality on the entity inventory page for enhanced customization. While the default columns are still shown for each class of entities, the Manage Columns feature now retrieves all active columns for an entity directly from the API.
Users can easily select, deselect, and rearrange these columns, allowing them to tailor their view and access the entity data most relevant to their needs.
Resolutions
Signal Analytics Navigation at Domain and Org Levels
We've added the Signal Analytics link to the Detections tab of security ActOns at both the domain and organization levels. Users can now navigate directly to Signal Analytics from the Detections tab, improving workflow efficiency. The Signal Analytics link is also visible on the Signals page at both the domain and organization levels, providing a comprehensive view of signal performance and security insights.
Addition of System Notes for ActOns and Situations
Previously, both work notes and system-generated notes were grouped under the work notes section. With this enhancement, users can now view system notes, generated by external applications, separately within the Activity tab under the Notes section. By default, the work notes are displayed, but users can easily filter and view system notes using the drop-down menu.
Sprint 13
New Features
These are the new features added to the Resolution Intelligence Cloud:
Introduced Email Notifications for Content Packs
Email notifications have been introduced for content packs. These notifications will keep users informed about the status of their content packs, covering a range of scenarios including failed, successful, partially successful, and single-rule publishing.
Enhancements
These are the enhancements made to existing functionalities on the Resolution Intelligence Cloud.
Content Management System
Threat Feed enhancements
The publishing status for threat feeds is now visible across different hierarchy levels: platform, domain, org, and tenant. This addition gives real-time insight into the progress of threat feeds as they are being published to Chronicle.
- Published Status: As threat feeds are being published to Chronicle, the status changes to "publishing." Once the feed is successfully published, the page automatically refreshes, displaying the published status.
- Enable/Disable Threat Feeds: Users can now enable or disable threat feeds directly from the UI, providing greater control for managing threat feeds efficiently.
Resolutions
Filter Enhancements in Signals and Situations
The user experience with filters in Signals and Situations has been improved. After filters are applied or reset, the side panel automatically collapses, offering a more streamlined workspace while retaining the applied filter settings for ease of use.
Note Filtering in Situations and ActOns
A significant enhancement has been made to the Notes functionality in Situations and ActOns. There are three distinct types of notes—Internal Notes, Resolution Notes, and Work Notes—previously, users could not filter these notes by type. Now, a drop-down menu has been added to allow users to filter by note type, providing easier access to the relevant information within the Activity tab.
Signal Analytics
Pattern and Anomaly Detection for ASI Signals
The Signal Analytics module now includes the analysis of patterns and anomalies from signals ingested from ASI sources. This enhancement deepens insight into signal behavior, improving the accuracy and scope of anomaly detection and threat identification.
Dashboards
Removal of Dashboard Dimension Limit for All Sources Excluding BigQuery
The restriction on adding dimensions to dashboards has been removed. Previously, users were limited to a maximum of 15 dimensions. Now, users can add the full list of available dimensions when creating dashboards for different sources, offering greater flexibility and enabling more comprehensive data analysis. However, please note that the dimension limit of 15 still applies to BigQuery sources.
Time Zone flexibility in Dashboards
Dashboards now offer enhanced time zone flexibility, automatically adjusting UTC offsets to align with the user's local time zone. This improvement allows displayed times to be customized according to the user's geographic location, while ensuring that underlying data—such as ActOn counts during a specific time frame—remains accurate and unaffected. Although the time at which detection rules were created and logs were recorded will adjust based on the selected time zone, the data itself will remain intact.
For example, if ActOns were created in (UTC-07:00) San Francisco on October 3, 2024, at 7:04 AM with a count of 20, switching the time zone to (UTC-03:00) Punta Arenas will cause the dashboard to display the time as October 3, 2024, at 11:04 AM. However, the ActOn count will remain at 20. This functionality ensures that any time zone adjustments impact only the displayed times, preserving the accuracy and consistency of the underlying data.
Removed option
Removed Root Cause Option for Security ActOns
Comments
0 comments
Please sign in to leave a comment.