Initially released on 5th August 2021
¶ Major Features
This release brings advanced search capability (this is big!), drastically improved UI responsiveness (clusters and alert histograms now load quicker than the Aussies overtaking the Poms on the medal tally), Hour/Day/Week/Month cluster view, new (MS Advanced Threat Analytics) and improved tool integrations, a bunch of bug fixes and a continually maturing wiki to help with support and training.
Click on the following gif for a 2min overview of the major upgrades which are now available to all users. Enjoy!
To find out more about using Advanced Search, check out the Advanced Search Tutorial.
¶ Advanced search capabilities
Following the recent introduction of "chip" based basic searching, we wanted to provide even more powerful search capabilities, with the introduction of SOC.OS query language.
Any SOC.OS search bar supports advanced search using the SOC.OS query language. Simply press the Advanced button to the right of the query to convert your basic query mode into an advanced query. You can then edit the raw text of the SOC.OS query.
¶ Configure visualisation grouping by time
Introduced in the previous release but missing from our release notes, you can now choose to view the visualisation grouped into time periods of Hour, Day, Week or Month, allowing you to better interpret clusters over varying time periods.
¶ Minor Improvements
- Auth0 log in page updated to latest version (v11.27)
- Preparation for SOC.OS Alert search (more to come in coming releases)
- Further visualisation driven from Elasticsearch (histogram), improving performance and responsiveness
- Security and performance updates
¶ Bug Fixes
- Fixed: More UI bugs and inconsistencies fixed
- Threat types in visualisations
- Scroll bars
- Alert percentages
- UI unresponsive or black screen rendered now fixed
- Fixed: Default search query no longer re-populates after deleting and moving between clusters
- Fixed: Cluster attribute searches now work across all attributes and not just the first in list
¶ New Source System Integrations
¶ New integrations of source systems
- Microsoft O365 Defender
- Microsoft Azure Advanced Threat Protection
- Cisco Meraki
¶ Improved existing integrations
- Trend Micro Deep Discovery threat mappings improved
- Entity identification for all Microsoft tools improved
- Entity identification for FortiAnalyzer improved
¶ SOC.OS Wiki and help pages
- Search help page updated with Advanced Search
- Tutorial videos for some features now available here (more coming soon)