Document toolboxDocument toolbox

Platform 8.13.0

Owned by Borja Moro Moreno
Last updated: Oct 22, 2024
4 min read
[ 1 New features ] [ 2 Improvements ] [ 3 Bug fixes ]

RELEASE DATE: October 28, 2024

New features

Lookups: syntax unification

The different types of syntax used across the platform have been unified, providing an enormous step forward in usability. All areas of the platform now use the new version of the syntax, including the Data search and Alerts. There will be backwards compatibility in the Data search but you will be provided with the equivalent unified version every time you use the deprecated syntax. Learn more here.

  • Old syntax → select `lu/lookupName/lookupfield`(keyField) as newfieldName

  • Unified syntax → select lu("Lookup_name", "Lookup_field", Key_field) as new_field

2024-10-18_11-46-50-20241018-095217.png

Lookups: new operations

Taking advantage of the unified syntax, the lookup operations have been re-conceptualized to make the process of using lookups more accessible and understandable. There are now separate operations for the different use contexts and intended results, which have been also included in the database to power the smart query editor. Learn more here.

2024-10-18_12-15-24-20241018-115256.png

Lookups: new operations menu

The operations window in the Data search has been redesigned to accommodate the new lookup conceptualization and syntax, leaving behind the classification of operation per lookup and providing a more intuitive, enriching user experience. The new menu brings a lot of usability improvements, such as a comprehensive help, a clear categorization of lookups in Regular (domain) or Shared (provided by Devo or Multitenancy), or labels that help identify the key and data type of a lookup.

Lookups: IP to CIDR matching

Lookups can be used to easily correlate IP addresses with CIDR ranges (net4 and net6), making lookups an even more powerful tool with even more contexts of use. Learn more here.

Lookups: restrictions removed

As a result of the redesign of the lookup usage process, lookup operations and existing lookups are now clearly identified. This eliminates the need to restrict them, as there is no possibility of confusing them with other operations. Learn more here.

Delivery methods API: audit logs

Everything carried out using the Delivery methods API is now registered in the secops.audit.api table for auditing purposes. Learn more here.

Flow: allow data injection into other domains with the DevoSink

Users can now inject data into another domain with Devo Sink inside the Flow Editor using the API key of that external domain. Learn more here.

Improvements

Alerts: post-filters new date picker

When the eventdate is selected as the field to specify conditions for a post-processing, a date picker is now available to make it much easier to choose the desired dates without worrying about date formats. Learn more here.

Alerts: post-filters list enriched

In the list of existing post-filters, now the label in the action column is color-coded according to the intended action and the changed parameter is also included in the label. This facilitates understanding the intended purpose of the filter at a glance. Learn more here.

Bug fixes

Data search

  • When a search was still fetching data, running a new search was leading to the old one instead while getting an endless loading.

Alerts

  • Post-filter validation was unsuccessful when specific characters such as (“) were found in the alert’s extraData.

  • Unable to see the full post-filter condition for alerts with existing post-filters.