Exchange 2.0

RELEASE DATE: July 4, 2024

[ New features ] [ Improvements ] [ Bug fixes ]

New features

New multitenant category

When your domain is part of a multitenant structure and is configured to see data from other tenants, this new section appears in Exchange to display the content that is compatible with multitenant use. Learn more here.

Open

Search improved

Now the search provides a recent searches section so that users can reuse them effortlessly. Furthermore, new searching criteria has been included to find items based on their data sources or the tactic and technique they belong to. Learn more here.

Open

Alert packs redesigned

Alert packs now display more info to help you decide if a specific alert is what you actually need, such as the number of alerts in the pack and the number of them installed, the priority of the alerts, or each alert’s data source. They also include a search and filters to help you find specific alerts, as well as a legend for the priorities. Learn more here.

Catalog expanded

New items have been published in Exchange to provide easy access to data and other utilities for a variety of purposes:

Alert packs:

• Remote System Discovery (MITRE T1018)

• Command and Scripting Interpreter (MITRE T1059)

• Software Deployment Tools (MITRE T1072)

• Data Staged (MITRE T1074)

• System Information Discovery (MITRE T1082)

• Exploit Public-Facing Application (MITRE T1190)

• Exploitation for Defense Evasion (MITRE T1211)

• Resource_Hijacking_(MITRE T1496)

• Non-Standard Port (MITRE T1571)

• Protocol Tunneling (MITRE T1572)

• Establish Accounts (MITRE T1585)

• Develop Capabilities (MITRE T1587)

Activeboards:

• AWS Security Lake

• Cloud Azure Audit

• Cloud Azure Sign in

• Collective Defense Overview

• Devo Alert Auditing

• Proofpoint email protection

• Web Analytics

Lookups:

• IANAPortAssignment

• AwsAuthorizedApiUsers

Synthetic data:

• Web Apache injection

Use case:

• Web Analytics AB

Catalog updated

New versions of the following items have been published in Exchange to show data more accurately, improve interaction, or increase the scope action:

Alert packs:

• SIEM detection capabilities enhanced.

• Performance enhanced with improved filters.

• Threat detection accuracy improved.

• Multitenant migration

• Problems solved about subqueries, deprecated operations, false positives, and operations on non-existing lookups.

Applications:

• Alert dependencies removed (now they can be installed only via Exchange alert packs), visuals improved, aggregation tasks created, and performance optimized.

• Devo 360 for Palo Alto → v1.1.1

• Devo 360 for Crowdstrike → v1.1.1

• Devo 360 for AWS → v1.1.1

Activeboards:

• Microsoft Active Directory → v1.1.0 → change source to box.all.win, fix keys in Voronoi, and change period to one day.

• Data Sources Insight → v1.0.1 → add default table before selection.

• Office365 Overview → v1.0.1 → fix Sharepoint widget.

• Windows Activity Monitoring → v1.1.0 → fix neq functions and selectors.

• Office365 Active Directory → v1.0.2 → fix widgets.

• Office365 One Drive → v1.1 → fix user agent widget and reorder widgets.

• OKTA Service Overview → v1.1.0 → reorganize widgets, change e-commerce sources, and delete external dependencies.

• OKTA Authentication Activity → v1.1.0 → change deprecated geo functions (mm by mm2).

• Firewall Monitoring → v1.2.0 → change map, time periods, and deprecated geo functions.

• Devo Users Tracking → v1.1.1 → migrate to multitenant.

Content packs:

• Modify Mitre Tactics to add the new techniques.

• TA0001 → T1190 added.

• TA0002 → T1059 and T1072 added.

• TA0005 → T1211 added.

• TA0007 → T1018 and T1082 added.

• TA0009 → T1074 added.

• TA0011 → T1571 and 1572 added.

• TA0040 → T1496 added.

• TA0042 → T1585 and T1587 added.

Improvements

Discover category

The navigation of the carousels inside the different sections has been improved to bring a full set of items when clicking instead of one tile only, providing a more dynamic experience.

Error handling

When an error occurs, a more comprehensive message is displayed to let users know the actual cause of the problem so that they can better decide how to proceed.

Bug fixes

• For you section: this section has been fixed to show the correct content for the current user.

• Vulnerabilities are up to date.