v2.1 Release Highlights #491
briandelmsft
announced in
Announcements
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
STAT v2.1 has been out for a few months now, but I wanted to start sharing short posts about some of the key feature updates to pay attention to with each release. So, here are some key things to be aware of:
Exchange Module replaces Out of Office Module
The Exchange module now looks at things in addition to Out of office status. The module now looks at mailbox delegations, mailbox forwarding configuration and rules that manipulate messages by moving/deleting them. This module now supports passing to the scoring module where risk will be assessed based on these new data points.
If you are already using the out of office module, these additional enrichments will automatically be added after upgrading to v2.1
Datetime and Timezone formatting options
Comments can now include customized datetime formatting, and can also be adjusted by a preferred timezone offset
See configuration instructions here
Comments contain lookback periods
Modules with variable lookback periods such as the related alerts module will now include the selected lookback in the incident comment so analysts can quickly determine the scope of the query. This is not done for the KQL module, where the lookback period can be affected by the KQL you add. However, this module also allows you to add custom comments in which you can include lookback information
Added Privileged account scoring
If the account entity is a member of a privileged Entra ID role, the risk score of that incident will now be increased.
Beta Was this translation helpful? Give feedback.
All reactions