Jun 26, 202020200626

New Features

  • Insight Agent: The Insight Agent now captures the following Windows Defender Antivirus events codes: 1006, 1007, 1008, 1015, 1116, 1117, 1118, 1119. These codes are passed to InsightIDR, where they generate Virus alerts.
  • Non-Expiring Users Page: You can now easily update the Watchlist Status and Account Type for multiple users at the same time on the non-expiring users page.
  • Event Sources: We added syslog support for Cisco ISE. Check out the documentation..
  • Event Sources: You asked, we listened! We added support for Proofpoint Taps. Check out the documentation. .
  • Event Sources: We added support for the Idaptive SSO event source. Check out the documentation.

Improvements

  • Data Collection Page: We've made an enhancement to improve the load time of the Data Collection page.
  • Okta Refresh Rate: The minimum refresh rate for Okta has been reduced from 10 minutes to 1 minute.
  • Custom Alerts: We added a Correlation ID to Custom Alerts so you can identify when an alert has been sent more than once.
  • Log Search: When you run a Groupby search that returns more than 10,000 groups, you will now see a notification indicating that your results are an approximation instead of an exact result.
  • Session timeouts: Session timeouts are now configurable! Your Platform administrator can define how long a user can be inactive before they’re automatically logged out, or allow each user to define their own timeout setting. Check out the documentation..
  • IP Search: Interested in searching for a range of IP addresses on your network? You can do that in Log Search! And there's more, we added an example to the "Sample Queries" menu in Log Search that you can use as a guide when running IP Searches. Check out the documentation..
  • SQS CloudTrails Event Source: We improved the error messaging so that you can more effectively troubleshoot if your logs are not being sent to InsightIDR.