New Features
- Filter Non-Expiring Users by Watchlist: Quickly identify which accounts are on the watchlist by filtering based on Watchlist status.
- Search your Non-Expiring Users: We have added Search to the Non-Expiring Users page! Now, you can easily search by username instead of scrolling through an endless list of users.
- View Network Flow Data Usage: If you purchased the Insight Network Sensor Add-On Module, you can now view a graph of your network flow data usage. Easily review your network flow data usage per month for the previous 12 months, the average usage for the past 12 months, as well as your data usage so far in the current month. Check it out in Settings > Monthly Data Usage.
- Event Sources: We have added support for the following Cisco Umbrella log events: Proxy, IP, and Cloud Firewall. Check out the documentation.
Improvements
- Reopened Investigations: When reopening an investigation, you can now choose to keep or remove any associated whitelist rules. To remove a whitelist rule, deselect the rule in the modal that appears after you reopen an investigation.
- Event Source Credentials: The Credential field in the Add Event Source panel now supports search! When editing or adding credentials in your event source, you can search for your credential instead of selecting it from a dropdown.
- AWS CloudTrails Event Source: You can now configure your AWS CloudTrails event source to receive events via Amazon SQS. Check out the documentation.
- CyberArk Event Source We have improved this event source to reduce the amount of benign alerts that were being generated. Now, InsightIDR only generates CyberArk alerts for Privileged Threat Analytics events.
Fixes
- We fixed an issue where some long running Log Search queries failed immediately.
- We fixed an issue where charts in Log Search were not resized when the log selector was closed.