New features
The following are the new features introduced in this release:
Multi-Tenancy Support for Behavior Analytics
Behavior Analytics now supports multi-tenancy, enabling users to create, manage, and associate behavior models across hierarchical levels for enhanced flexibility and control:
- Domain Level: Users with appropriate roles and permissions can create behavior models, link them to content packs, and publish them to child accounts (organizations and tenants).
- Organization Level: Users can create behavior models, link them to multiple content packs, or view models published from the parent account. Models inherited from the parent account are read-only, ensuring consistency with the parent configuration.
- Tenant Level: Users can create and publish behavior models independently or view models published from the parent account. Inherited models remain read-only. Tenant-level users can also view behavior trends for up to 30 days, providing actionable insights at the most granular level.
This enhancement strengthens Behavior Analytics by offering hierarchical flexibility while maintaining the consistency of inherited configurations.
Enhancements
These are the enhancements made to existing functionalities on Resolution Intelligence Cloud.
ConnectWise Integration
Notes and attachments added to an ActOn before the ticket creation in ConnectWise are now sent to ConnectWise, ensuring full visibility of historical data in service tickets.
Behavior analytics
Highlight First Occurrence of Malicious Events in Behavior Analytics
Behavior Analytics now highlights the first occurrence of malicious events within a 30-day range, with filters for "first occurrence," "outlier behavior," and "inline behaviors" to refine insights. This allows users to differentiate between recurring patterns and the first occurrence of a specific outlier behavior
CMS
Support for Associating Models with Content Packs: Users can now associate Behavior models with content packs, enabling seamless publishing to child accounts.
New Column for Config File Updates in Parsers: A new column displays the last update time of the config file section in a parser. This provides users with greater visibility into when changes were last made to the config file.
Automatic Publishing of Reference Lists: Reference list linked to the rule is now automatically published to child accounts during rule publication from the parent account if the required reference list is missing in the child accounts. Additionally, all automatic reference list publishing actions associated with rule publication are recorded in the activity logs, ensuring traceability.
Display of threat feed count for Configure URL feed sources: Threat feed counts from Configure URL feed sources like JSON, CSV, HTML are now displayed, improving feed management efficiency. This update provides a quick summary of imported data, improving feed management efficiency.
Resolutions
Support for Editing and Deleting Streams at the Platform Level: Streams can now be edited or deleted at the platform level, with changes automatically applied across all hierarchy levels.
Search Functionality for Streams and Sub-Streams: Users can search streams and sub-streams using keywords, with extended functionality for filtering ActOns by applied filters.
Improved Sub-Stream Management: Sub-stream views now revert to default stream when an active sub-stream is deleted, and parent stream filter updates cascade to sub-streams.
Enhanced Filtering by Escalation Triggers for Streams and Sub-Streams: New scope granularity for filtering ActOns by escalation triggers at the domain, organization, and tenant levels. Selecting a scope will display ActOns with escalations triggered for that scope.
Enhanced Priority Fields: Updated priority icons provide better representation and consistency across features like ActOns, Signals, and ActOn Settings
Entity Navigation Enhancements: Direct navigation to entity details is now supported from the Entities tab in Situations and the Entity section in Signals.
Accounts
Removed “View Profile” for Deactivated Users: The "View Profile" option has been removed for deactivated users, simplifying the interface.
Changes to date picker components: Date pickers now default to start (00:00:00) and end (23:59:59) times for selected date ranges, with manual adjustment options.
System Notifications
New Attributes in System Notifications: Two new attributes, acton.stage in the ActOn data source and situation.stage in the Situation data source, are now displayed in team and Slack notifications, providing enhanced context for the changes.
New attributes for Signal source in System Notifications: New entity attributes have been added to the signal data source, allowing users to define more specific conditions for notifications. For example, by setting a condition such as signal.entity.critical equals True, notifications will be sent for all events related to critical entities.
Comments
0 comments
Please sign in to leave a comment.