Initially released on 29th September 2021
¶ Major Features
This release builds on the back of the recent search functionality, introducing it to more locations in the UI, as well as an updated Cluster Overview panel to more clearly display a summary and more detailed drill down in every cluster to assist in your investigations.
¶ New Data Grid functionality
We've introduced the new search functionality to the cluster page, allowing for the visualisation and data view to be filtered using search queries.
Including, updating the cluster data view to be driven using search technology, allowing only the data the user is interested in to be loading and therefore reducing the loading times.
¶ New Cluster Overview Panel
Our new cluster overview panel enables easily surfacing the most prominent alert types and internal/external entities for the cluster. The alert types and entities are ordered by the number of alerts they are associated with.
The overview of alert types shows the number of effected internal entities and the number of alerts associated with that alert type.
The overview of the internal/external entities in the cluster displays the number of alerts associated with each entity as well as the first and last seen date times. Selecting an entity loads the entity attributes (such as 3rd party enrichment etc)
¶ Minor Improvements
- Updates to API to improve suggested terms when performing searches on Alert Type
¶ Bug Fixes
- Fixed an issue where some of the percentage bars on the Cluster Overview panel weren't being displayed properly.
¶ New Source System Integrations
¶ Improved existing integrations
- MS Azure Security Centre - Improved Actioned status of alert category "Antimalware action taken"
¶ SOC.OS Wiki and help pages
- Tutorial page for the new Cluster Data View functionality
- Search help page updated with Basic Search explaining the SOC.OS chip search feature
- New ManageEngine integration page
- Further updates and improvements to MS Graph, Trend Micro Apex Central and Fortinet FortiAnalyzer integration pages