Skip to content

4.4 Release

Latest
Latest
Compare
Choose a tag to compare
@toddbruner toddbruner released this 28 Jul 21:07
v4.4.2
a42668d

Features

  • Tag and Source UI Editor

    • Search for any number of Tags or Sources

      • OR – will find all items that have at least one of the Tag or Source Names

      • AND – will find all items that have all the Tag or Source Names

    • Update a Tag or Source Name or Description

    • Delete all Tags or Sources (will also remove them from the target type)

    • Replace a Tag or Source with a different Tag or Source

    • Add or Remove Tags or Sources for a target type (i.e., Alertgroup, Entity, Intel)

    • Word Cloud shows the top 100 Tags or Sources by count. Selecting a word will also search for it.

  • Stats Dashboard

    • Dynamic data visualization with selectable time ranges and various chart types.

    • Metric types:

      • alerts closed

      • alerts create

      • entries created

      • events created

      • entries updated

      • intel created

      • Mean Time To Contain

      • Mean Time to Remediate

  • Entity Pane Tag Improvements

    • Add or Remove Entity Class or Tag for multiple Entities

    • Add Comments to the Add or Remove action that will populate the Entity’s Entry Journal.

  • Dispatch Promotion to Existing Intel Item

  • New API endpoints to enable operations on multiple items

    • For many target types there is a new API endpoint for example:

      
/api/v1/alertgroup/many

/api/v1/intel/many

/api/v1/dispatch/many

Etc…

    • Create Many - POST an array of objects to create

    • Update Many – PUT with an array of IDs and a single object to update all items with the same object

    • Delete Many – DELETE with an array of IDs to delete all objects

  • Filtering and Ordering Options for Search

  • Filter by entity class when searching for entities

  • Entity Replay Enrichment button.

  • Entity enrichment example documentation.

  • Entity Timeline view within Entity Modal.

  • Download files as password protected zip.

Fixes

  • OpenAPI documentation example improvements and fixes.

  • API instability bug fixes.

  • Improved firehose update concurrency.

  • Initial index creation fixes.

  • Improvements to Splunk stats table.

  • Display bug fixes in vulnerability feeds.

  • Entity Flair display bugs fixed.

  • Fixes to user defined flair detection.

  • Improved error handling in Flair Engine's download of external images.

  • Fixes to Inbox processors usage of Microsoft Graph API.

  • Self hosting static resources for API documentation.

  • Helm chart improvements.

  • File upload to Vulnerability sections now possible.

Assets 2
Loading