Sprint 17
New features
The following are the new features introduced in this release:
Introduced Streams Functionality in ActOns
Streams functionality has been introduced on the ActOns page, allowing users to filter ActOns by creating streams with a set of filters. This helps users, especially detection and response teams, to quickly apply custom or predefined streams to see the most relevant ActOns without having to select filters every time.
Default Streams: Predefined streams, such as All ActOns, Closed ActOns, Critical ActOns, New ActOns, Unassigned ActOns, Response Due, and Re-investigation, provide instant access to ActOns categorized by common criteria. By default, the "All ActOns" stream is displayed when the page is refreshed.
Custom Streams: Users can create custom streams by applying specific filters, including ActOn Type, Priority, Status, Stage, Functions, Signal Source, Tags, Class, Sub-Class, Category, and Sub-Category, to meet specific business needs.
Sub-Streams: Users can refine their streams further by creating sub-streams. Additional filters can be applied without altering the original stream’s filter values. New filters can only be selected from sections that have not been applied yet.
Enhanced Viewing Options: Users can switch between List View and Card View for a personalized display of ActOns within a stream. Data Density Controls allow for expand/collapse options to adjust the level of detail shown for each ActOn.
Introduced ConnectWise ITSM Integration
We’re excited to announce the integration of ConnectWise ITSM with Resolution Intelligence Cloud. Key capabilities include:
- Automatic Ticket Generation: When an ActOn is created in the Resolution Intelligence Cloud, a corresponding service ticket is automatically generated in ConnectWise.
- Real-Time Sync: Changes made to ActOns—such as updates to status, notes, priority, team, or subject—in either ConnectWise or Resolution Intelligence Cloud are synchronized instantly. This ensures that both platforms remain consistent, enabling faster and more efficient issue resolution. Attachments can also be shared from Resolution Intelligence Cloud to ConnectWise; however, sharing attachments from ConnectWise to Resolution Intelligence Cloud is not supported.
- Customizable Ticket Creation: Users can choose whether to create tickets for all ActOns or only for those that meet certain predefined criteria set in an outbound policy. This gives users control over which ActOns result in ticket creation.
- Default Policy and Additional policies: By default, the system creates tickets for all ActOns based on a predefined ActOn policy. However, users can also set up additional policies that allow tickets to be created for Situation as data source.
Enhancements
These are the enhancements made to existing functionalities on the Resolution Intelligence Cloud.
Entities
Support for Bulk Update of Entities
Users can now enrich entities in bulk within a tenant or on specific entities filtered through advanced search queries or the filters available on the Entity Inventory page. By selecting the "Select All Filtered Entities" option, users can perform actions such as marking entities as critical or non-critical, and assigning tags, functions, or SKUs on all filtered entities at once.
Enrichment policies
Renamed Apply Option in Enrichment Policies
The "Apply" option in Enrichment Policies has been renamed to "Run Now," allowing users to manually trigger the application of enrichment policy, with no changes to the existing functionality.
Added New Fields in Enrichment Policies
The enrichment policy listing page now includes new fields, such as Created By, Created Date, Updated By, and Updated At. These fields provide visibility into who created and last updated a policy, along with the associated timestamps, ensuring better transparency and tracking for enrichment policy management.
Improved Query Builder component
The default “Match All” checkbox in query builder pages is now deselected. Users can enable “Match All” or add specific conditions, offering greater flexibility. This change has been made on the Enrichment Policies page.
Notifications
New Attributes in System Notifications
New attributes, including acton.scoreimpact, acton.scorelikelihood, acton.scoreconfidence, situation.scoreconfidence, situation.scoreimpact, and situation.scorelikelihood, have been added to the ActOns and Situations data sources in the attribute dropdown under the query builder. These attributes enable users to receive notifications when selected events from an ActOn or Situation meet specific confidence, impact, and likelihood thresholds.
Additionally, the "Teams Changed" event has been introduced to the ActOn data source, triggering notifications whenever an ActOn is assigned to a new team.
Slack and Teams cards enhancements
Slack and Teams notification cards now include additional details to provide more context. These cards display information such as the Notification Policy name, Notification Channel name, and Notification Event type. This enhancement ensures that users can easily view and understand the specific notification settings for events triggered by data sources, such as ActOn, Situation, Signal, and Entity.
ActOn Settings
Customizable Priority Values in ActOn Settings
Users can now directly update priority values from the ActOn Settings page. Any changes made at the domain level are reflected across organization and tenant levels, and the updated values are displayed in the priority field wherever it is used, including Signals, Situations, and ActOns.
Resolutions
Rule Name Column in Detections Tab
The Detections tab in ActOns now includes a “Rule Name” column, which displays the rule responsible for triggering the detection and creating the corresponding ActOn.
Insights
Remove Untitled Dashboards in 24 hours
Untitled dashboards saved in a "draft" state without any metadata or widgets will be deleted after 24 hours. If the dashboard contains metadata, it will remain intact. This ensures a cleaner and more organized dashboard management experience.
ActOn Record Limit Extended to 10K
The limit for ActOn records displayed in dashboards has now been increased from 500 to 10,000. Users can now view up to 10,000 records, whether filtering by date range or viewing all available data.
Restricted ActOn ID Dimension to Charts
The ActOn dimension under ActOn sources now only allows you to add tables, excluding other chart types. Existing dashboards that previously used charts with the ActOn dimension will still display them, but new dashboards can have tables only.
Accounts
Redesigned Global Table Components in other pages
The redesigned global table component, previously implemented on a few pages of the platform, has now been extended to other functionalities. This enhanced table component is now applied to pages including API Keys, Organizations, Tenants, User Logs, Activity Logs, Subscriptions, and Teams, offering a more modern and consistent user experience.
Redesigned Date Picker Component Across the Platform
The date picker component has been redesigned to improve functionality and provide a seamless user experience. It has been implemented across all functionalities where the date range field is used, including Activity Logs, User Logs, Account Subscription, Entities, and All Accounts pages. The new design includes preset and custom date ranges for easier filtering of data by the selected range or presets.
Export Accounts by Date Range
Users can now export accounts filtered by a selected date range at the domain, organization, tenant, or combined levels.
Removed
The following ActOn, Situation, and Signal attributes have been removed from the System Notifications page:
ActOn attributes
- Asset Tags
- acton.assets.asset_name
- acton.assets.asset_status
- acton.assets.asset_subtype
- acton.assets.asset_type
- acton.assets.device.device_type
- acton.assets.device.os_name
- acton.assets.device.os_type
- acton.assets.source.name
Situation attributes
- Asset Tags
- situation.assets.asset_name
- situation.assets.asset_status
- situation.assets.asset_subtype
- situation.assets.asset_type
- situation.assets.device.device_type
- situation.assets.device.os_name
- situation.assets.device.os_type
- situation.assets.source.name
Signal Attributes
- Asset Tags
- Extracted Key/Value Fields
- alert.assets.asset_name
- alert.assets.asset_state
- alert.assets.asset_status
- alert.assets.asset_subtype
- alert.assets.asset_type
- alert.assets.location_name
- alert.assets.source.name
Sprint 16
Enhancements
These are the enhancements made to existing functionalities on the Resolution Intelligence Cloud.
Entities management
"Run Now" Option in Enrichment Policies
Users can now instantly apply and run enrichment policies with the new "Run Now" option, enabling immediate enrichment of new entities without waiting for the scheduled run.
Notifications
New Entity Attributes for Signals in Notifications
Added entity-related attributes for system notifications triggered by signals. For example, a notification is sent when a signal from a critical entity meets the set condition.
Resolutions
Search Function in Notes Section
A search functionality has been introduced in the Notes section, enabling users to quickly find specific notes.
Ingested Source Filter and Column on Signals Page
A new "Ingested Source" filter and column have been added to the Signals page, making it easier to locate and manage signals based on their source.
Content Management System
Verify Rule for Later Versions
A new Verify Rule option is now displayed in the rule editor when creating a new version of a detection rule, ensuring clarity and actionable steps.
Support for Syntax Type Error Display
Rule verification now flags syntax mismatches with clear error messages, including line numbers for correction.
Suggested Actions in Content Pack Notifications
Added new Error Description and Suggested Actions columns in content pack notifications to simplify troubleshooting and resolving failed or disabled rules.
Accounts
Revamped Table Components
Redesigned table components with a sticky Actions column and improved look and feel for enhanced usability.
New Field on Subscription Cards
Subscription cards now display the Cancelled On date alongside the Renewal On date for canceled subscriptions.
Updated Activity Logs for Netenrich Chronicle Setup
The activity logs screen now includes real-time updates for each configuration step, detailing steps, sub-steps, associated keys, and module status. This will display logs like the activity logs available for BYOC Chronicle instances.
Behavior analytics
Display Unique Values for Dimensions
Users can now view the total and unique value counts for each dimension, offering better insights into data patterns and occurrences.
Comments
0 comments
Please sign in to leave a comment.