New Features
The following are the new features introduced in this release:
Revamped Entity Details Page
The Entity details page has been redesigned for improved usability and clearer insights across Host and User entities. Key actions like assigning functions, managing tags, and marking entities as critical are now directly accessible. New widgets highlight risk levels, behaviors, and signal-to-ActOn trends. Host and User layouts are tailored for context, with tabbed views and structured attribute displays.
Introducing Dark Mode theme
The platform now supports Dark Mode, providing users the ability to toggle between light and dark themes based on their preference. Dark Mode enhances readability, especially in low-light environments, and offers better accessibility for users with visual sensitivities—ensuring a more comfortable and inclusive user experience.
Schedule Activity Support in ActOns
When analysts set an ActOn to On Hold, a new side panel allows them to select a sub-status (e.g., Scheduled Activity, Pending Input) along with a start and end time. This locks the ActOn in "On Hold" status for the defined period, pausing SLA calculations and preventing updates during scheduled tasks like patches or updates. Activities can be rescheduled if needed and are now visible in default streams.
Introducing Modules: A collection of curated insights for better awareness and decision-making
Modules let you structure knowledge for clarity and impact. Here are just a few things you can do with Modules:
- Simplified Knowledge Architecture
Group related dashboards into intuitive modules and categories for effortless access and clarity. - Manage Knowledge from the View That Fits You
Create and publish modules across domain, organization, or tenant levels—manage knowledge from the view that fits your role. - No More Orphaned Dashboards
Ensuring knowledge structure from the start, modules enforce that dashboards must be linked to a module or category before they can be published. - See Insights Where You Want Them
Highlight essential dashboards by adding them to the global menu or setting them as landing pages for quick access.
Enhancements
These are the enhancements made to existing functionalities on Resolution Intelligence Cloud.
Platform-wide changes
Hamburger Menu is Now Clickable
The hamburger menu behavior has been updated to enhance accessibility and user experience. It is now accessed via click instead of hover ensuring more consistent interaction across devices.
Entities
Customer-Specific Ingestion Policy for Chronicle Entities
A customer-specific ingestion policy has been introduced to sync entities from Chronicle into the Resolution Intelligence Cloud, replacing the previous API-based approach. This new policy is configured with "match all" conditions and enables entity ingestion from the customer’s BYOC (Bring Your Own Chronicle) account, providing a more scalable and standardized way for entity synchronization.
'Sync Now' Option for GCP Entities
A new Sync Now option is available on both the Entities listing and Entity details pages, allowing users to manually trigger a sync and fetch the latest entity data from GCP on demand.
Color Gradients in the background to complement Toast Message appearance in CMS
Toast notifications now appear with a distinct but subtle background color gradients near the page header for better visibility and recognition:
- Success messages: Green background
- Error messages: Red background
- Loading messages: Blue background
Resolutions
Visual Indicator for Critical ActOns
A red visual indicator has been added to highlight critical ActOns (those with priority P0 and status set to New). This indicator appears next to the Critical ActOns stream to ensure quick identification of high-priority items.
Standardized Stream Count Representation
Stream counts have been standardized for a cleaner display. For example:
- 19,234 ActOns → shown as 19k
- 1,200,000 ActOns → shown as 1.2M
This improves readability and overall UI consistency.
Improved Filter Selection View
The applied filters view has been enhanced to automatically reflect filter values based on available ActOn data. When all values under a filter category are selected, it is shown as "All", and users can fine-tune the results by selectively enabling or disabling individual values.
Redirect to Custom Filter View for ActOn Navigation
When navigating to an ActOn—such as from a linked Signal—users are now redirected to a Custom Filter View that accurately displays the target ActOn, even if it's not part of a default stream. This ensures seamless access and visibility. The view remains active until the page is refreshed, after which it reverts to default streams.
Content Management System
Data Component Field Added to Metadata section in Detection rules
A new Data Component field has been introduced under the metadata section of detection rule creation. This field is a sub-type of the selected data source and reflects values equivalent to the event type in UDM. When a rule triggers a detection, the associated data component is captured and stored with the detection for improved context and traceability.
Enhanced Activity Logs for Packs and Detection Rules
Activity logging has been extended to improve visibility across hierarchy levels. For Packs, new events like Pack Published and Pack Publishing Completed are now logged and visible in child accounts when published from a parent level. These actions are attributed to System for consistent audit trails. For Detection Rules, logs now capture Detection Rule Published and Detection Rule Publishing Completed, enhancing traceability across the publishing lifecycle.
Signal Analytics
Feedback Options for Agent Findings in Signal Analytics
Users can now provide direct feedback on AI-generated insights using thumbs-up and thumbs-down icons. This allows users to highlight what was helpful and flag areas for improvement, enabling continuous refinement of Agent findings in Signal Analytics.
Enhanced Signal Filtering with New Dimensions
Several new dimensions have been added to improve signal analysis and filtering capabilities. Users can now filter signals using the following fields:
- metadata.product_deployment_id
- principal.cloud.project.id
- principal.cloud.project.name
- network.email.subject
- associatedEntities.name
- associatedEntities.entityGroups.name
- associatedEntities.attributes.OU
These additions enable more granular and efficient exploration of signals.
Behavior Analytics
Role-Based Permissions for Model Creation in Behavior Analytics
Role-based access controls have been implemented for creating and publishing models within Behavioral Analytics. Previously, all users could view publishing and action options regardless of their roles. With this enhancement, available actions—such as creating, editing, or publishing models—are now dynamically displayed based on the user’s assigned role, ensuring appropriate access and improved governance.
Comments
0 comments
Please sign in to leave a comment.