June 2025

New Features

The following new feature is introduced in this release:

Modules Now Available Under Dashboards

Modules have been moved under the Dashboards section. A new toggle has been introduced on the Dashboards page, allowing users to switch between the Dashboards List View and the Modules Card View.

• By default, users land on the Dashboards List View.
• Turning the toggle ON displays dashboards grouped under their respective modules.

In the List View, dashboards are displayed without module grouping. The Modules Card View, however, organizes dashboards under specific modules to provide better context and improve navigation.

Enhancements 

These are the enhancements made to existing functionalities on Resolution Intelligence Cloud. 

Configurations

New String Operators in Processing Rules

Additional string condition operators have been introduced in Processing Rules, offering greater flexibility in filtering and rule configuration.

The newly added operators include:

• Starts with
• Ends with
• Contains
• Contains words

These are available alongside existing options such as Equals and In, allowing users to write more precise and effective string-based conditions.

Operators are displayed contextually based on the data type of the attribute—string or integer—used in the condition field.

Integrations

Bi-directional Attachment Sync Between JIRA and RIC

Attachments are now seamlessly synced between JIRA and Resolution Intelligence Cloud (RIC). Any attachments added to notes in an ActOn after a JIRA ticket is created—are automatically synced to the corresponding JIRA issue. Likewise, attachments added in JIRA are synced back to the respective ActOn in RIC. This enables true bi-directional attachment synchronization, ensuring consistency and continuity of information across both platforms.

Enhancements to Google Threat Intelligence (previously known as Mandiant) Integration

The integration previously labeled as Mandiant has been added to Google Threat Intelligence. Users can now configure and retrieve threat intelligence data from two distinct sources: VirusTotal and Google Threat Intelligence under the Google Threat Intelligence suite. The retrieved intel from the selected source is automatically forwarded to Chronicle, where it is used in detection rules to identify security threats within telemetry data. To access threat intel from VirusTotal, a valid API key is required, while accessing threat intel from Google Threat Intelligence requires a username and secret.

Added "Sync Now" Option for ManageEngine Entities

A Sync Now option has been added for ManageEngine entities on both the Entity Inventory and Single Entity pages.

This enhancement allows users to manually trigger a sync to fetch new entities or update the metadata of existing ones from ManageEngine instantly, without having to wait for the next scheduled sync.

Dynamic Chronicle Links for Google Chronicle Entities

Previously, all entities in Google Chronicle—such as Users, User Groups, Hosts, Log Sources, and Resources—redirected to a common Chronicle URL. Now, the "View in Chronicle" link dynamically updates based on the entity type, providing a direct and context-specific Chronicle view for each entity category.

Removal of OpsRamp Links for OpsRamp Entities

The "View in OpsRamp" button has been removed from the Single Entity pages of all OpsRamp entities to streamline the UI and avoid broken or irrelevant links.

Visual Indicators for Internal vs External Tags in Entities

Tags associated with entities are now visually differentiated based on their source on the Single Entity page in Entities:

• External Tags: Synced from third-party applications are shown in purple.
• Internal Tags: Added manually within the platform or via enrichment policies. 
  Each tag type is now displayed in a distinct color, helping users easily distinguish between internal and external tags.

New Entity Attributes in Notifications

New user attributes related to entities have been added to System Notifications for ActOn and Situation data sources to improve context and traceability.

Resolutions

New Multi-Select Design Component on Situations Page

A new multi-select design component has been introduced on the Situations page. Users can now easily select multiple values by checking the boxes next to each option in the drop-down, without needing to click Apply after every selection. The drop-down also includes Select All and Reset options for improved usability.

Additionally, a new filter called Entities has been added, allowing users to filter Situations based on the specific entities associated with them.

Streams Enhancements in ActOns

Several enhancements have been made to the Streams feature to improve usability and transparency:

• Last Modified By: When a parent stream is modified, users can now see who last modified a parent stream. An info indicator appears next to the stream for 24 hours after any modification, signaling that changes have been made. This allows users to manually compare and update their sub-streams, if needed.
• View Previous Version: While updating a sub-stream, users can now view the most recent previous version of the parent stream filter. This helps in comparing changes and making informed updates to filter values in sub-streams.
• View Parent Stream Filters: In sub-streams, users can now click the View Parent Stream Filters link to view the filters applied in the corresponding parent stream.
• Edit Parent Streams: The Edit option for parent streams, previously disabled after a sub-stream was created, is now enabled. Users can make changes to the parent stream at any time. When updates are made, a last modified by indicator appears next to the parent stream to notify users of the change. Users can then manually compare the parent and sub-streams and update their sub-streams as needed.

Note: Changes made to the parent stream are not automatically reflected in existing sub-streams. Users must manually compare the changes and then reflect those changes in the sub-streams. 

Signals Page: Support for Multiple ActOns/Situations

The ActOn/Situation ID column on the Signals page now displays links when a signal is associated with multiple ActOns or Situations. Users can:

• View the number of associated ActOns and Situations.
• Click on each ID to navigate directly to the respective ActOn or Situation page.

Assignment Reason for Teams in ActOns

Domain-level users can now specify a reason when assigning an ActOn to teams at the organization or tenant level. When a team is selected, a side sheet opens, prompting the user to choose a reason from a predefined list and optionally add comments.

This enhancement clearly records the intent behind assigning a specific ActOn to a particular team. The selected reason and any additional comments are stored in the History tab of the ActOn, ensuring a transparent and auditable record of assignment actions. 

Applied Filters Now Visible on ActOns List Page

Users can now view the filters applied on the ActOns list page. When a stream is selected from the streams list, clicking the Filters icon displays all filters applied to that stream. This provides context and transparency into how the list is generated.

Note: The applied filters are reset when switching to the ActOns Cards View.

Multi-Selection Support for Teams in Streams

The Teams filter in Streams now support multi-selection.

• Users can select multiple teams to view ActOns assigned to the same user across different teams.
• However, only one owner can be selected at a time, maintaining clarity in ownership filtering.

Time Zone Support for Scheduled Activities on Hold

When an ActOn is put on hold due to a scheduled activity, users can now select a time zone. This field appears when selecting the "Scheduled Activity" reason. The scheduled time is displayed in the selected time zone. The on-call member handling the ActOn will see the scheduled activity time in their profile's time zone, ensuring alignment across users in different regions.

Signal Analytics

Signal Analytics: Enhanced Filter Visibility

In the Signal Analytics page, active filters are now displayed exclusively under the Applied Filters section. This helps users maintain focus by reducing visual clutter and keeping only relevant filters in view.

Explore more in Chronicle button added on the Signal analysis page

The Explore More in Chronicle button has been added to the Signal Analysis page—whether the analysis is initiated manually or generated by an agent. Clicking this button redirects the user to the Chronicle platform, enabling deeper investigation and further analysis of the signal.

ActOn ID and Situation ID Shown in Observational Insights

The Emerging Trends and Sustained Trends sections under Agent Findings in Signal Analytics now display the associated ActOn ID and Situation ID along with the other data.

This enhancement provides users with immediate visibility into which signals are linked to specific ActOns or Situations, improving clarity during analysis. Users can easily copy the ID and navigate to the respective ActOn or Situation page for deeper investigation.

Behavior Analytics

Signal Name Field Added to Signal Generation Conditions on Create Model Page

A new Signal Name field has been added under Signal Generation Conditions on the Create Model page.

When specified, the signal name is used for signals generated by the model, helping users more easily identify and interpret the signals.

Users can also include UDM fields in the signal name to enhance visibility and provide additional context, making it easier to understand the nature and source of each signal.

Clickable Model Name in Agent Insights

On the Agent Insights page, under Timeline & Key Observations, the model’s name associated with adversarial detections is now clickable.

Clicking the model name redirects users to the Behaviors page, with relevant filters automatically applied—enabling quicker and more focused investigation into the underlying behavior.

Dashboards & Modules

Remove Dashboards from the Global Menu added to Dashboards kebab menu

Users can now manage dashboards pinned to the Global Menu more effectively:

• Remove: Dashboards that are no longer needed can be unpinned from the selected accounts using the new Remove option.
• Update: A new Update option allows users to replace existing dashboard configurations in the Global Menu with updated ones, offering greater control and flexibility over dashboard shortcuts.

These options are available at the RI Management level, where authorized users can add, remove, or update dashboards in the Global Menu.

Insights 

Acton count metric is now available in signals data source

The ActOns count in signal metrics is available under signal sources. When using this metric, you cannot use the other metrics to create widgets in dashboards.