4.4.0 Release

Features

  • Tag and Source UI Editor

    • Search for any number of Tags or Sources
      • OR – will find all items that have at least one of the Tag or Source Names
      • AND – will find all items that have all the Tag or Source Names
    • Update a Tag or Source Name or Description
    • Delete all Tags or Sources (will also remove them from the target type)
    • Replace a Tag or Source with a different Tag or Source
    • Add or Remove Tags or Sources for a target type (i.e., Alertgroup, Entity, Intel)
    • Word Cloud shows the top 100 Tags or Sources by count. Selecting a word will also search for it.

  • Stats Dashboard

    • Dynamic data visualization with selectable time ranges and various chart types.
    • Metric types:
      • alerts closed
      • alerts create
      • entries created
      • events created
      • entries updated
      • intel created
      • Mean Time To Contain
      • Mean Time to Remediate

  • Entity Pane Tag Improvements

    • Add or Remove Entity Class or Tag for multiple Entities
    • Add Comments to the Add or Remove action that will populate the Entity’s Entry Journal.

  • Dispatch Promotion to Existing Intel Item

  • New API endpoints to enable operations on multiple items

    • For many target types there is a new API endpoint for example:
      /api/v1/alertgroup/many
/api/v1/intel/many
/api/v1/dispatch/many
Etc…
    • Create Many - POST an array of objects to create
    • Update Many – PUT with an array of IDs and a single object to update all items with the same object
    • Delete Many – DELETE with an array of IDs to delete all objects

  • Filtering and Ordering Options for Search

  • Filter by entity class when searching for entities

  • Entity Replay Enrichment button.

  • Entity enrichment example documentation.

  • Entity Timeline view within Entity Modal.

  • Download files as password protected zip.

Fixes

  • OpenAPI documentation example improvements and fixes.
  • API instability bug fixes.
  • Improved firehose update concurrency.
  • Initial index creation fixes.
  • Improvements to Splunk stats table.
  • Display bugs fixes in vulnerability feeds.
  • Entity Flair display bugs fixed.
  • Fixes to user defined flair detection.
  • Improved error handling in Flair Engine’s download of external images.
  • Fixes to Inbox processors usage of Microsoft Graph API.
  • Self hosting static resources for API documentation.
  • Helm chart improvements.
  • File upload to Vulnerability sections now possible.