Initially released on 22nd June 2021
¶ Major Features
This release features a number of feature uprgades which are now available to all users. You can view a 3 minute vidyard showcasing some of the key updates by clicking on the gif below.
¶ Visualisation performance improvements
No more long waits for loading those clusters with hundreds or thousands of entities. New cluster visualisation driven from Elasticsearch gives a smoother and faster experience
¶ Agent status indicator refreshed
Status indicator now works with the latest version of the SOC.OS agent, giving you visibility in the SOC.OS UI when the agent is online or offline
¶ SOC.OS Wiki and help pages
Our help and documentation resource is rapidly taking shape, and has been deployed in beta. Keep an eye out for a full launch coming very soon
¶ Minor Improvements
- AlienVault OTX enrichment are now more reliable, with better identification of URLs to be submitted for look up
- Performance and usage monitoring implemented to drive UI improvements in future development
- Improved monitoring to enable alerting for agent downtime to SOC.OS team and allow future proactive alerting to users
- Enable multiple instances of the same source, eg monitor multiple AWS GuardDuty accounts within a single SOC.OS instance
¶ Bug Fixes
- Fixed: A number of bugs and inconsistencies introduced in the recent UI upgrade to introduce search
- Fixed: An issue with Wallboard Users being forced to use MFA
¶ New Source System Integrations
¶ New integrations of source systems
- Microsoft O365 Defender
- Microsoft Azure Advanced Threat Protection
- Cisco Meraki
¶ Improved existing integrations
- Trend Micro Deep Discovery threat mappings improved
- Entity identification for all Microsoft tools improved
- Entity identification for FortiAnalyzer improved