Sprint 04
Enhancements
These are the enhancements made to existing functionalities on Resolution Intelligence Cloud.
Signals
Signal Burst Notification Banner
A Pendo banner now notifies users about signal bursts and the expected processing time for signals in the burst queue. The banner appears at the domain, organization, and tenant levels and includes a Manage Queue button, which directs users to the burst queue page to delete or prioritize signals.
Resolutions
Watcher Notification enhancements
Watcher notification emails now include ActOn details such as the ActOn title and tenant name.
ActOn Count in Default and Custom Streams
Users can now view the count of ActOns in both default and custom ActOn streams.
Filter retention on Entity Pages
Filters applied on the Entities Overview page now persist when users navigate to the Entity Inventory page and return.
Manual Sync of ActOns and Situations to ServiceNow
Users can now manually sync ActOns and Situations with ServiceNow, provided the ServiceNow integration is enabled on the Integrations page. This ensures that updates made to an ActOn are reflected in the corresponding ServiceNow ticket, and vice versa, ensuring data consistency across both platforms.
Content Management System
Added additional Attributes for Detection Rules
Additional Attributes field has been added to the Custom Metadata section on the detection rule creation page. This allows users to add custom fields alongside default fields to capture rule-related information. Users can add multiple custom or additional attributes using the provided drop-down field.
Signal Analytics
Added Filters in Findings Hub
Filters have been introduced in the Findings Hub section and Archived page of Signal Analytics. Users can now filter insights by the following categories:
- Detection Engineering
- Control Engineering
- Response Engineering
- Data Engineering
These filters are available in both the Emerging Trends and Sustained Trends tabs to filter and find the required insights.
Archived Insights in Signal Analytics
Users can now access archived insights generated by the Signal Analytics agent using the View Archive option on the Signal Analytics page. The archived page allows users to filter insights by date range and category to easily find past insights on Emerging Trends and Sustained Trends.
Behavior Analytics
Model Listing Page Enhancements
The Create a New Version option in the version drop-down has been renamed to Edit and moved outside the drop-down for improved accessibility. Users can now create new model versions directly using the Edit option. Newly created versions are displayed in the version drop-down next to the model's name.
Support for Special Characters in Model Filters
Special characters are now supported in model filters and the description field on the Model Creation page.
Default Model Creation Limit
By default, users can create up to five models across all account levels. To request an increase in this limit, users can contact their Account or Customer Success Manager.
Sprint 03
New Features
The following are the new features introduced in this release:
Integrate Embed SOAR: Single SOAR instance for multiple accounts
Customers can now opt for a fully managed SOAR solution, allowing shared access to a single SOAR instance while maintaining complete account isolation.
- Shared SOAR Instance: Each customer account operates independently, despite sharing the same instance. This setup enables seamless, two-way data synchronization between Resolution Intelligence Cloud and SOAR, facilitating faster response and resolution.
- Automated Activation & Management: Netenrich enables SOAR accounts, handling authentication, tenant mapping, and outbound policies.
Enhancing Signal Analytics with AI: Introducing the Signal Analytics Agent & Findings Hub
The Signal Analytics Agent enhances investigations with AI-driven insights, analyzing data patterns to highlight critical threats.
- Emerging & Sustained Trend Analysis: Identifies threats across 48-hour and 7-day trends.
- Automated Signal Evaluation: Filters out irrelevant signals, reducing noise and improving focus.
- Findings Hub: A centralized location for insights categorized under Data, Detection, Control, and Response Engineering.
Watcher Functionality for ActOns: Stay Informed on Critical Updates
Users can now watch ActOns for critical updates, ensuring stakeholders stay informed in real time.
- Add Single or Multiple Watchers: Users can assign watchers to track ActOn updates.
- Real-Time Notifications: Alerts are sent for priority, stage, status, ownership changes, and new work notes.
- Watchlist Management: Watchers can be added or removed at any time.
Enhancements
These are the enhancements made to existing functionalities on the Resolution Intelligence Cloud.
Enrichment Policy Enhancements
Activity History for Enrichment Policies
Users can now track all actions performed on an enrichment policy via the Activity tab in the History sheet.
Support for Activating and Deactivating Enrichment Policies
Policies can now be activated or deactivated as needed. Activated policies apply enrichment attributes when conditions are met. Deactivated policies retain configurations but do not execute until reactivated.
New Attributes in Enrichment Policies
The Assign Attributes checkbox allows to enrich additional attributes to be applied to entities.
Supported attributes include:
- Organization Unit (OU): Represents a business unit or department within the organization. (Example: "Corporate", "R&D", "Operations")
- Employee Type: Categorizes employees based on employment status to help define access control policies. (Example: "Full-time", "Contract Worker", "Intern")
- Environment: Defines the system environment where the entity operates for security segmentation. (Example: "Production", "Staging", "Development")
- POD (Pool of Deployment/Point of Delivery): Represents the geographical region where the entity is located, ensuring compliance with regional policies. (Example: "US", "India", "EU")
Attribute Filters on the Entities Overview Page
A new Attributes filter lets users filter entities by attributes directly on the Entities Overview page.
Scheduler Information for CMDB Integrations
The Instance Details tab now displays scheduler information, offering users a clear view of sync frequency.
Behavior Analytics
Model Creation Limits
- Administrators can now set limits on the number of behavior models created at each level in a multi-tenant environment. Once the limit is reached, the Create Behavior Model button is disabled.
- Users cannot duplicate existing models but can create new versions to refine their capabilities.
Version Column in Model Listings
A Version column has been added to the model listing page. Users can track iterations of behavior models and manage updates efficiently.
ActOn Enhancements
Bulk Updates for Teams and Assignees
Users can now assign teams and assignees to multiple ActOns simultaneously.
Show Only Critical Entities in ActOns
A ‘Show Only Critical Entities’ toggle has been added to the Entities & Evidences tab in Security ActOns.
Applied Filter Enhancements in Streams
Users can now apply or remove filters when retrieving ActOns from any stream. Filters persist throughout the session and reset only upon page refresh.
New Signal Association Filters Added to Signal Filters
Users can now filter signals based on their association status:
- All Signals – Displays all available signals.
- Linked to Situation – Shows signals converted into Situations.
- Linked to ActOn – Displays signals converted into ActOns.
- Unlinked Signals – Lists signals not linked to any ActOn or Situation.
Support for Single-Entity Pages in Entities & Evidences Tabs
Users can now navigate to single-entity pages by clicking on entities listed under the Entities tab or the Entities & Evidences tab within Digital Ops and Security ActOns.
Insights
New Entity Dimensions in Dashboards
Dashboards now support additional entity dimensions for enhanced insights and filtering:
“Source”, “Tag Key”, “Tag Value”
Migration of Asset Dashboards to Entities
The following dashboards have been migrated from Assets to Entities:
- Service Performance
- ActOns
Content Management System
Accurate ‘Referenced by rule’ count in reference list
The ‘Referenced by Rule’ count now only reflects the latest published version of a rule. Previously, multiple versions of the same rule were included in the count, even though only the latest version was active in Chronicle.
This update ensures that only the current version associated with the reference list is displayed, improving accuracy in the listing page.
Added Publishing Progress Indicator
A new progress indicator has been introduced in the UI to track the status of rule publishing, enabling, and disabling.
Accurate Disable Timestamp
Previously, when a rule was updated, the previous version was automatically disabled, and its disabled timestamp was incorrectly set to match the creation time of the new version.
Now, if a rule is manually disabled, the timestamp accurately reflects the time it was disabled, ensuring better tracking and compliance.
Platform-wide Enhancements
Color Gradients in the background near the page header to complement Toast Message appearance
Toast notifications now appear with a distinct but subtle background color gradients near the page header for better visibility and recognition:
- Success messages: Green background
- Error messages: Red background
- Loading messages: Blue background
Global Table Component
The redesigned global table component has been extended to more pages for consistency across the platform, including:
- Preview Results (Diff Mode) in ActOn Policy
- Correlated Signals tab on the ActOns page
- Entities & Evidences tab
- Escalations tab
- Detections tab
- Activity History tab
Comments
0 comments
Please sign in to leave a comment.