Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

For this release, we are focused on new improvement functionalities as well as features in Security Operations. The SecOps team wants to focus on delivering a couple of general improvements around Alert API to increase performance and reduce unused features.

New filtering options are added to the triage page to help user functionality when selecting multiple priorities to focus on, as well as performing bulk changes to Alertsalerts. We are excited with about some of these changes as they not only improve the overall interaction that users have with SecOps, but also improve the effectiveness of how it performs.

More improvements are planned in future releases to help improve workflows while enabling analysts with the right capabilities to action events.  

Improvements

...

...

  • Impact calculation

The configuration of the impact is displayed in the Settings window and can be enabled or disabled to improve the overall performance:

...

This function enables you to select two or more priorities at the same time to filter the alerts:

...

 

  • Bulk changes of alert status 

The general idea is to enable you to change the status of a given Alert alert group which includes the “Add Add to Investigation” Investigation as well as “Change Status” Change Status actions. It is also to change to any other given status changes available from the drop-down menu of the Alert alert type. 

For this particular function, the workflow is as follows: 

  • In the Triage workbench you need to first group the filters by Alert alert type.

...

  • By clicking the Filter button, the app performs the actions required to match alerts with the filters. Then click ACTIONS Actions and Change Statusstatus in a group of alerts.

...

  • The app shows a dialog warning that warns you about the change that you are about to perform and that this change it is applied to the whole set of alerts in the group. 

  • You select Select the final status of the alerts.

...

  • If the selected status is one that can have annotations related, the app shows the annotation title/text to be added with the status change.

  • Click SAVE save to perform the bulk change.

  • The app changes the status of all the alerts in the group and creates the annotation if needed.

  • If the bulk change is correctly performed, a successful message is shown:

...

  • If an error occurs while changing the status, you have to decide if you want to :

    Keep

    keep the dialog and show the error

    .Close

    , or close the dialog and show a notification in the triage page.

...

Deletion of SightingDB

...

Sighting DB is designed to scale writing and reading a count of attributes, tracking when it was first and last seen. Given thelimited usage of this particular enrichment, it has been deprecated and is no longer shown in settings.