Initially released on 12th May 2021
With this release users finally get to experience the new Search capability in action, along with many other feature upgrades, including improvements to the workbench header, activity timeline and the way threat intel data is presented.
Search completely transforms the way in which users will be able to investigate their clusters and the underlying data. This new functionality will allow users to build far more complex, no code queries, based on the different entities and attributes of alert clusters. A query could return all clusters which contain a certain hostname (supporting forensic analysis or day-day investigations), or return all clusters with a specific MITRE ATT&CK® threat type (supporting proactive hunting activities).
For more information on using Search, check out our Using Search Tutorial
Say goodbye to scrolling through 2500 individual alert notifications of the same type, the new activity timeline now groups this for you. This ultimately helps you better understand the story behind the cluster.
Per below, you’ll be able to view JSON attributes in the front end, particularly useful for viewing external threat intelligence.