Threat Command

Enhanced Analysis & Visibility - One View for All Relevant IOC Data: When hovering over IOCs in the Threat Command or TIP modules, TEST users can now see all relevant data in one popover. Data shown can include: IOC value, severity, trend line, last reported date, MITRE ATT$CK tactics, Kill Chain phases, related cyberterms, IOC timeline, and Investigation map. This helps users gain 360 degree visibility of all relevant context, enabling timely triage and informed decisions.
Improved Remediation Status Visibility and Workflow: For every alert that can be remediated, users can now see the current remediation status and also initiate a remediation request directly from a new banner on top of the alert. A new status, "This alert can be remediated," shows the user that the current alert can be remediated.
Through the banner, users can more easily view remediation status and quickly initiate requests.
Webmail Feature End of Life: Webmail alerts, a rarely used feature, are no longer being generated. Historical data will remain in Threat Command. Threat Command will stop actively scanning for email addresses with customer’s brand name, including @google.com, @yahoo.com, and @outlook.com domains.

Vulnerability Risk Analyzer (VRA)

Earlier Vulnerability Reporting: Vulnerabilities will now be reported before NVD and MITRE publish them. Customers will be updated about new vulnerabilities in software products and technologies sooner, allowing them to take action faster.
The list of supported software vendors can be found in the InsightVM documentation portal.
Report Date Added for Easy Sorting: The 'Report date' column now shows the date that Threat Command first reported this vulnerability to the account. This date can be used to sort and filter the display. Users can see the NVD publish and modification dates by selecting a vulnerability. Users now have a better understanding of various date fields in the platform and can more easily and intuitively review newly reported relevant vulnerabilities.

New Version of QRadar App: Version 1.2.0 of the IBM QRadar app (https://exchange.xforce.ibmcloud.com/hub/extension/f2f48af32f23ba6ee4e87dc97a29c690) is now available for TIP. This version, compatible with QRadar v7.4.1 FP2+, includes the following improvements:
- A configurable option “Protocol” on the Account Config page supporting TCP/UDP protocol for forwarding events.
- A configurable option “Fetch Retired IOCs” on the Input Config page for each IOC type.
- Alignment to new TIP API routes.
This version improves IOC management capabilities in the QRadar app and gives users flexibility related to protocols.

IOCs from Email Source Moved to Rapid7 Domain: To upload IOCs by email, email messages should now be sent to a Rapid7 email domain. For example, if the previous email address was examplecompany@intsights.com, it is now examplecompany@rapid7.com.
Customers not familiar with their dedicated email address should reach out to their CSM. Best practices for uploading IOCs by email can be found in the online Help.

Customers should change to the new email address by August 1.

Customers can leverage standard use of Rapid7 email addresses instead of using multiple domains, simplifying the user experience.

System Email Link Redirect: Users can access all Rapid7 system email links (alert notifications, etc.) via a single login, streamlining the user experience. Customers who log in to Threat Command via the Rapid7 Insight Platform should follow the same process to open links in Threat Command system emails.

ID	Case	Area	Description
IST-786	04570627	Remediations page	The Remediations page does not display full data.
CS-2370	04531170	Leaked Credentials	CSV formatting is inconsistent.

ID	Case	Area	Description
TIP-7056	04550569	IOCs	The Some IOCs are missing from the HISAC threat feed.