Initially released on 14th December 2021
¶ Major Features
This release introduces the alert workbench
¶ New alert workbench
A new alert workbench tab enables you to see, search, build and save queries on all processed alerts. Clicking on an alert within this view will redirect you to the cluster which contains that alert.
¶ Minor Improvements
- Additional search functionality for the new workbench, including search on calculated score
- Further migrations for improved ingest performance
- Security and performance updates
¶ Bug Fixes
-
Fixed More UI bugs and inconsistencies fixed
- Consistently allow data table to expand with "Show All"
- Threat world map key properly appears in the correct place at all times
- Threat world map correctly counts and colours all countries
- Timestamp grouping in data tables fixed, no longer reverts to epoch
- Tooltips updated for consistency with element shown
- Cluster list now correctly refreshes when an empty query
- Long string alerts now wrap for better visibility in raw alert panel
- Saved queries dropdown now behaves more consistently
-
Fixed issue affecting Firefox which would cause the UI to crash on certain clusters
-
Fixed Slashes and other special characters now correctly parsed in chip searches
-
Fixed Ingest able to properly parse rare format of CEF alerts with year in timestamp
¶ Source System Integrations
¶ Improved existing integrations
- Additional McAfee EPO alert types fully mapped to include all entities and improved action classification
- Additional SonicWall CEF alert formats parsed correctly, and additional IPv6 entities mapped
- Trend Micro Deep Discovery Analyzer 'Deny List Updated' alerts ingested and mapped
- Cisco Meraki additional alert types for level 7 firewalls ingested
- Improved aggregate count on dashboards of alert types containing IP addresses and hostnames
¶ SOC.OS Wiki and help pages
- New glossary page, to help you understand SOC.OS terms and 'jargon'
- Improved layouts, updates and clarifications across other pages