March 2025

  • Updated
Table of Contents:

New Features 

The following are the new features introduced in this release: 

Integrate Embed SOAR:  Single SOAR instance for multiple accounts  

Customers can now opt for a fully managed SOAR solution, allowing shared access to a single SOAR instance while maintaining complete account isolation. 

  • Shared SOAR Instance: Each customer account operates independently, despite sharing the same instance. This setup enables seamless, two-way data synchronization between Resolution Intelligence Cloud and SOAR, facilitating faster response and resolution. 
  • Automated Activation & Management: Netenrich enables SOAR accounts, handling authentication, tenant mapping, and outbound policies.

Enhancing Signal Analytics with AI: Introducing the Signal Analytics Agent & Findings Hub 

The Signal Analytics Agent enhances investigations with AI-driven insights, analyzing data patterns to highlight critical threats. 

  • Emerging & Sustained Trend Analysis: Identifies threats across 48-hour and 7-day trends. 
  • Automated Signal Evaluation: Filters out irrelevant signals, reducing noise and improving focus. 
  • Findings Hub: A centralized location for insights categorized under Data, Detection, Control, and Response Engineering. 

Watcher Functionality for ActOns: Stay Informed on Critical Updates 

Users can now watch ActOns for critical updates, ensuring stakeholders stay informed in real time. 

  • Add Single or Multiple Watchers: Users can assign watchers to track ActOn updates. 
  • Real-Time Notifications: Alerts are sent for priority, stage, status, ownership changes, and new work notes. 
  • Watchlist Management: Watchers can be added or removed at any time. 

Enhancements  

These are the enhancements made to existing functionalities on the Resolution Intelligence Cloud. 

Enrichment Policy Enhancements 

Activity History for Enrichment Policies 

Users can now track all actions performed on an enrichment policy via the Activity tab in the History sheet. 

Support for Activating and Deactivating Enrichment Policies 

Policies can now be activated or deactivated as needed. Activated policies apply enrichment attributes when conditions are met. Deactivated policies retain configurations but do not execute until reactivated. 

New Attributes in Enrichment Policies 

The Assign Attributes checkbox allows to enrich additional attributes to be applied to entities. 

Supported attributes include: 

  • Organization Unit (OU): Represents a business unit or department within the organization. (Example: "Corporate", "R&D", "Operations") 
  • Employee Type: Categorizes employees based on employment status to help define access control policies. (Example: "Full-time", "Contract Worker", "Intern") 
  • Environment: Defines the system environment where the entity operates for security segmentation. (Example: "Production", "Staging", "Development") 
  • POD (Pool of Deployment/Point of Delivery): Represents the geographical region where the entity is located, ensuring compliance with regional policies. (Example: "US", "India", "EU") 

Attribute Filters on the Entities Overview Page 

A new Attributes filter lets users filter entities by attributes directly on the Entities Overview page. 

Scheduler Information for CMDB Integrations 

The Instance Details tab now displays scheduler information, offering users a clear view of sync frequency. 

Behavior Analytics 

Model Creation Limits 

  • Administrators can now set limits on the number of behavior models created at each level in a multi-tenant environment. Once the limit is reached, the Create Behavior Model button is disabled. 
  • Users cannot duplicate existing models but can create new versions to refine their capabilities. 

Version Column in Model Listings 

A Version column has been added to the model listing page. Users can track iterations of behavior models and manage updates efficiently. 

ActOn Enhancements 

Bulk Updates for Teams and Assignees 

Users can now assign teams and assignees to multiple ActOns simultaneously. 

Show Only Critical Entities in ActOns 

A ‘Show Only Critical Entities’ toggle has been added to the Entities & Evidences tab in Security ActOns. 

Applied Filter Enhancements in Streams 

Users can now apply or remove filters when retrieving ActOns from any stream. Filters persist throughout the session and reset only upon page refresh. 

New Signal Association Filters Added to Signal Filters 

Users can now filter signals based on their association status: 

  • All Signals – Displays all available signals. 
  • Linked to Situation – Shows signals converted into Situations. 
  • Linked to ActOn – Displays signals converted into ActOns. 
  • Unlinked Signals – Lists signals not linked to any ActOn or Situation. 

Support for Single-Entity Pages in Entities & Evidences Tabs 

Users can now navigate to single-entity pages by clicking on entities listed under the Entities tab or the Entities & Evidences tab within Digital Ops and Security ActOns. 

Insights 

New Entity Dimensions in Dashboards 

Dashboards now support additional entity dimensions for enhanced insights and filtering: 

“Source”, “Tag Key”, “Tag Value” 

Migration of Asset Dashboards to Entities 

The following dashboards have been migrated from Assets to Entities: 

  • Service Performance 
  • ActOns 

Content Management System 

Accurate ‘Referenced by rule’ count in reference list 

The ‘Referenced by Rule’ count now only reflects the latest published version of a rule. Previously, multiple versions of the same rule were included in the count, even though only the latest version was active in Chronicle. 

This update ensures that only the current version associated with the reference list is displayed, improving accuracy in the listing page. 

Added Publishing Progress Indicator 

A new progress indicator has been introduced in the UI to track the status of rule publishing, enabling, and disabling. 

Accurate Disable Timestamp 

Previously, when a rule was updated, the previous version was automatically disabled, and its disabled timestamp was incorrectly set to match the creation time of the new version. 

Now, if a rule is manually disabled, the timestamp accurately reflects the time it was disabled, ensuring better tracking and compliance. 

Platform-wide Enhancements  

Color Gradients in the background near the page header to complement Toast Message appearance 

Toast notifications now appear with a distinct but subtle background color gradients near the page header for better visibility and recognition: 

  • Success messages: Green background 
  • Error messages: Red background 
  • Loading messages: Blue background 

Global Table Component 

The redesigned global table component has been extended to more pages for consistency across the platform, including: 

  • Preview Results (Diff Mode) in ActOn Policy 
  • Correlated Signals tab on the ActOns page 
  • Entities & Evidences tab 
  • Escalations tab 
  • Detections tab 
  • Activity History tab 

Related articles

Comments

0 comments

Please sign in to leave a comment.