New Features
- Network Traffic Analysis: We are excited to announce the General Availability of Network Traffic Analysis! With our free out-off-the-box functionality, you have access to IDS events and DNS and DHCP data, enabling you to detect intrusions earlier and gain visibility into events occurring on your environment that you couldn't see before. Check out the documentation.
- Event Source Search: You can now search for your event sources! Go to Data Collection Management, click the Event Sources tab, and enter the name of the event source you want to find in the Search bar.
- Log Search now supports CIDR notation: Easily search across a range of IP addresses on your network without using complicated Regular Expressions! Check out the documentation.
- Event Sources: We added support for Forcepoint Security 8.5.0. Check out the documentation.
Improvements
- Custom Parsing Tool: We've added the ability to extract fields from multiple log lines and remove log lines with incorrectly extracted fields, providing you with even more control when creating custom parsing rules.
- Labels and Targets Management page: You can now edit your custom alert labels and recipients (Email, Webhook, Slack and Pagerduty), which will automatically update the custom alerts they're associated with.
- Loose mode in Log Search has moved: To enable Loose mode in Log Search, you now click the Case insensitive and partial matches checkbox.
- Log Search: In Table view, when you run a log search by highlighting a keyword, the search will automatically switch to Loose mode if you partially select some of the text.
Fixes
- Drop-down menus in the top navigation are no longer hidden behind log search controls.
- We fixed an issue where clearing the calculations in the Simple mode of Log Search did not work.