4.4 Release

[toddbruner]

Features

• Tag and Source UI Editor

  • Search for any number of Tags or Sources

    • OR – will find all items that have at least one of the Tag or Source Names

    • AND – will find all items that have all the Tag or Source Names

  • Update a Tag or Source Name or Description

  • Delete all Tags or Sources (will also remove them from the target type)

  • Replace a Tag or Source with a different Tag or Source

  • Add or Remove Tags or Sources for a target type (i.e., Alertgroup, Entity, Intel)

  • Word Cloud shows the top 100 Tags or Sources by count. Selecting a word will also search for it.

• Stats Dashboard

  • Dynamic data visualization with selectable time ranges and various chart types.

  • Metric types:

    • alerts closed

    • alerts create

    • entries created

    • events created

    • entries updated

    • intel created

    • Mean Time To Contain

    • Mean Time to Remediate

• Entity Pane Tag Improvements

  • Add or Remove Entity Class or Tag for multiple Entities

  • Add Comments to the Add or Remove action that will populate the Entity’s Entry Journal.

• Dispatch Promotion to Existing Intel Item

• New API endpoints to enable operations on multiple items

  • For many target types there is a new API endpoint for example:

    
    /api/v1/alertgroup/many
    
    /api/v1/intel/many
    
    /api/v1/dispatch/many
    
    Etc…
    
    

  • Create Many - POST an array of objects to create

  • Update Many – PUT with an array of IDs and a single object to update all items with the same object

  • Delete Many – DELETE with an array of IDs to delete all objects

• Filtering and Ordering Options for Search

• Filter by entity class when searching for entities

• Entity Replay Enrichment button.

• Entity enrichment example documentation.

• Entity Timeline view within Entity Modal.

• Download files as password protected zip.

Fixes

• OpenAPI documentation example improvements and fixes.

• API instability bug fixes.

• Improved firehose update concurrency.

• Initial index creation fixes.

• Improvements to Splunk stats table.

• Display bug fixes in vulnerability feeds.

• Entity Flair display bugs fixed.

• Fixes to user defined flair detection.

• Improved error handling in Flair Engine's download of external images.

• Fixes to Inbox processors usage of Microsoft Graph API.

• Self hosting static resources for API documentation.

• Helm chart improvements.

• File upload to Vulnerability sections now possible.

---

This discussion was created from the release 4.4 Release.