New
Log Search: We made updates to the Log Search experience:
- Export selected keys from Log Search to CSV: You can now choose to export only the keys you select from the Edit Keys modal in the Data tab of Log Search. This provides analysts with the ability to focus on the subset of data that is most valuable for solving the task at hand. To export your query results to CSV, click the arrow in the top right corner of the results table and select Export to CSV.
- Export query results from the Analysis tab: You can now export Log Search query results from the Analysis tab. To do so, run a query with a
groupby()
clause orcalculate
function, click the arrow in the top right corner of the results table, and select Export to CSV. You can use the exported query results for further local analysis or collaboration with your teammates. - Apply dashboard card key selections to Log Search: You can now apply the keys you select when you save a dashboard card to your current view in Log Search. To save your query results as a dashboard card, click the arrow in the top right corner of the results table and select Save as dashboard card. Then, toggle the option to Apply Edit Keys selections to Log Search in the Save as Dashboard Card modal to quickly view your log data as it will appear in the dashboard card.
New event sources: You can now ingest logs from three new event sources into InsightIDR:
- Microsoft Internet Information Services (IIS): A web server that is used to exchange web content with internet users. Read the documentation
- AWS AppFabric: A service that lets customers consolidate logs from their SaaS applications in one place, so IT and security teams can easily manage and secure their applications. Read the documentation
- Amazon Security Lake: A security data lake service that allows customers to aggregate & manage security-related logs. Read the documentation
Improved
- Updated audit log naming: We renamed the action for
INVESTIGATION_REOPENED
events in the audit log toMARK_INVESTIGATION_AS_OPEN
, so it's more clear what is being tracked. - Improved readability:
- We improved the readability of
INVESTIGATION_CLOSED
events in the audit log. - We improved the readability of the Community Defined Threats page in dark mode.
- We improved the readability of
Fixed
- We fixed an issue that was causing the "Allowlist and Close" option to display for investigations without any actors.
- We fixed an issue that was preventing event source health monitoring data from appearing on smaller screens.
- We fixed an issue that was preventing the light and dark themes from loading when InsightIDR starts.
- We fixed an issue that was causing the Investigation Management page to navigate back to the Home page when the browser was refreshed.
- We fixed an issue that was preventing the audit log from showing the most recent changes when the peek panel was opened.
- We fixed an issue to remove an extra border line that was showing up on the filter in Investigation Details.
- We fixed an issue that was preventing users from using the right click to open an investigation in a new tab. You can now right-click and open an investigation in a new tab for the multi-customer investigations experience.
- We fixed an issue that was preventing a bar chart from loading query results with a
groupby()
clause that contained more than 1000 groups. We now limit the bars that are displayed, and we suggest switching to Table view to see the full result set.