Patch release
This section provides information about the changes made in this patch release.
Insights
Added New Metric: Response SLA Breached %
A new metric, Response SLA Breached %, has been added to the available metrics list in dashboards. Currently, this metric does not display data when used without a dimension, such as in a Leaderboard widget. We recommend pairing this metric with dimensions to view the data accurately across different charts. This behavior is a known limitation and will be addressed in the upcoming release.
Sprint 11
New Features
The following new features have been introduced in this release:
Introducing Organizational Ontology for Functions
Organizational ontology is now available for functions at the domain, organization, and tenant levels. This capability provides a centralized, high-level view of how an enterprise is structured and how its departments are interconnected.
Traditionally, functions have been used across the platform—from signal generation to ActOn creation—showing the signals, entities, Situations, and ActOns associated with a function. However, there was no consolidated view to track these elements by department level across the organization.
With this update, users—especially CISOs and leadership teams—can now gain a comprehensive, bird’s-eye view of the organizational hierarchy and understand how each department contributes to security operations through their associated behaviors/signals, entities, Situations, and ActOns.
A canvas has been introduced to help users build and manage the organizational structure in a node-based format. Users can define parent-child relationships, enabling the creation of a structured hierarchy within the ontology.
The canvas provides insights into department-level performance in areas such as signal handling, response times, and operational behaviors. Currently, users can only enable or disable nodes. Disabling a parent node automatically disables all associated child nodes, ensuring control and consistency across the structure.
Further enhancements are planned for the upcoming release to expand this functionality and enhance the overall user experience.
New Enhancements
The following are new enhancements made to existing functionalities in this release:
Behavior Analytics
Model Enablement Behavior at Child Account Level
When a model is disabled at the child account level, updates made and published by the parent account (as a new version) are not automatically applied to the child. The child account must first enable the model and explicitly accept the changes. Once accepted, the model is now published to the lower-level accounts and subsequently synced to BigQuery.
Added Signal Generation Filter
A new Signal Generation filter has been introduced to help users filter models based on whether signal generation is enabled or disabled.
Previously, the signal generation status was grouped under model status. It is now presented as a separate filter for improved clarity and usability.
Content Management System
Restricted Publish Permissions for Configuration Manager in CMS
The Configuration Manager role in the CMS module now has restricted capabilities. Users with this role can create, edit, view, and delete configurations. However, they are no longer permitted to perform publish actions.
Entities
Entity Group Enhancements
The Entity Group page has been redesigned to improve usability and consistency.
- The traditional list view for templates has been replaced with a cleaner card layout.
- Filters have been added, enabling users to filter entity groups based on entity type—only those types for which groups exist will be displayed.
- A new search bar makes it easier to locate templates by name.
- Binding Conditions label has been renamed to Membership Policies for improved clarity.
- In the group preview, users can now view all matching entities instead of being limited to the first 25.
- A Risk Severity section has also been introduced in the Add Risk Rule side sheet, allowing users to define the likelihood and impact severity for entities associated with the group.
Accounts
Account Settings: Role-Based Access Control
Access to Account Settings, specifically for managing operational controls and business hours, is now governed by role-based access control. Only users assigned the roles of Global Admin, Manager, or Owner can modify these settings. All other users will have view-only access, ensuring sensitive configurations are maintained by authorized personnel.
Signal Analytics
Agent Insights: Historical Context in Signal Analytics
A new Historical Context section has been added to Agent Insights within Signal Analytics. This feature, powered by LLMs, analyzes up to six months of entity data to uncover behavioral patterns—such as recurring versus one-off events—helping security teams reduce false positives and focus on real threats. It also identifies potential links between the current signal and past events, offering deeper investigative context and improving detection accuracy.
Tactics-Based Filtering for Insights
The previous categorization of insights by Detection Engineering, Data Engineering, Response Engineering, and Control Engineering has been replaced with a more standardized approach using MITRE Tactics. Users can now filter insights directly by tactic, aligning more closely with widely accepted threat modeling practices and enhancing threat investigation workflows.
Insights
Dashboard UI Enhancements
The Dashboard page now features a redesigned toggle button that offers a more intuitive switch between the Dashboards List View and the Modules View. This UI update simplifies navigation and enhances the overall user experience when accessing and managing dashboards.
Integrations
Keys Made Optional in BYOC Edit Flow
All keys are now optional in the Edit BYOC flow at the tenant level, allowing greater flexibility in configuration.
Comments
0 comments
Please sign in to leave a comment.