Initially released on 2nd November 2021
This release introduces saved searches, new and improved configurable scoring, the threat world map and your alert funnel widget
We've updated the algorithm used to calculate cluster scores. This new version is alert-centric, more configurable and changes to the settings will have an intuitive impact on the scores.
Head over to the scoring page to read in more detail about how this can be configured to better prioritise your cluster queue
The recently introduced search functionality allows complex searches to be built for your specific requirements. To enable you to quickly reuse or share the search criteria, we have added the ability to save and load the query, either for a single user or across your entire team.
Further Dashboard widgets are now available for an enhanced overview of alerts processed by SOC.OS
- Threat world map
- Added a world map visualisation of alert locations to the dashboard to give better visibility of the location of alerts.
- Correlation funnel
- The funnel represents all the alerts, clusters and critical clusters within an organisation. It shows how SOC.OS reduces the number of items that need attention.
Added a help menu with links to useful resources and documentation on using SOC.OS.
- Back end changes to allow new scoring method
- Further migrations for improved ingest performance
- Improved rate limiting, better handling of spikes of alerts in a short period
- Preparations for SOC.OS Alerting (coming soon)
- Security and performance updates
- Fixed More UI bugs and inconsistencies fixed
- Internal/External entities correctly labelled in data table column header
- Multiple source systems reporting same alert type no longer interfers with column layout of data table
- Fixed issue where occasionally UI would not log a user out after 30 minutes has expired. Now reliably logs out, including across multiple tabs.
- McAfee ePolicy Orchestrator
- Better mapping of alerts with variable contents, such as IP addresses, hostnames, thresholds etc
- ManageEngine AD better handles JSON threat types
¶ SOC.OS Wiki and help pages
- Help page for new scoring methodology
- Dashboard help page updated with funnel widget
- Updated integration instruction for Palo Alto and FortiAnalyzer
- Further details of the visualisation histogram
- Improved layouts, updates and clarifications across other pages