Release Notes

New

• Monthly Log Data Usage Chart: You can now view your monthly log data usage in Settings > Monthly Data Usage. Check out your data usage over the last 12 months and better understand trends over time!
• Insight Agent Log Collection: The Insight Agent can now be configured to send the contents of text log files and all Windows events from the Security, Application and System channels direct to Log Search. Read more here.
• Add multiple fields to a single query: Explore your data in more detail by adding up to 5 fields to a single query. Check out the documentation.

Improved

• Notable Behaviors in Investigations: We updated Investigations to ensure that Notable Behaviors always indicate which user the behavior is associated with.
• Asset Group Filter Logic Update: Now, when you search for a new asset group in an investigation, you will see only assets running Windows with the Insight Agent installed, which are the only assets that endpoint data can be collected from.

• Event Source Setup Panel Enhancements: We recently updated the setup panel for multiple event sources, including LDAP, Active Directory, DNS, IDS, Advanced Malware, Web Proxy, Ingress Authentication, Custom Log, Generic Windows Event, and Database Audit Logs. Changes include more intuitive designs for User Interface components and additional in-product guidance.

• Flagged Process Details: We now display command line, process ID, and asset information for all your flagged processes.
• Virus Alerts in Investigations: You can now read full virus alerts directly from an investigation. Just hover over the Virus Alert Table to view the full alert text and better understand the content of an alert without leaving the investigation record.

• Add Data Source Page Usability: We updated text and icon colors on the Add Data Source page to make the page more accessible to all our users.
• Multi-Country Authentication Alert Logic: We updated our alert logic to account for the number of whitelisted countries when a multiple-country authentication attempt has been identified. This should reduce the number of benign multiple-country authentication alerts that are generated.
• Log Search Date Picker: We updated the date picker in Log Search so you can more easily select the time range you're looking for.
• Custom Alerts: The Custom Alerts page now displays a summary of the recipients for a Custom Alert when you hover over the Notification Count in the Alerts column.
• Mimecast Event Source: You asked, we listened! We changed the refresh rate from 2 hours to 1 hour to give you increased visibility into your Mimecast log data.

Fixed

• We fixed an issue where a banner on the Collection Issues page got stuck in a refresh loop between success and error messages.
• We resolved an issue where adding raw log data to an investigation would clear the investigation timeline.
• We fixed an issue with Enrichment Workflows where enrichment options were unavailable for Honeypot alerts that had a public IP address associated with them.
• We fixed an issue where checkboxes used to add endpoint data to investigations showed obscured text.
• We fixed an issue in Custom Investigations where the Take Action button did not work correctly when the Current Processes tab was open.
• VPN activity on the User Details page now shows all connections for each IP address instead of just the first and last connection.
• We fixed an issue where collectors with extra spaces in their names could not be deleted.
• The Asset Details page now correctly displays Insight Agent information.
• We fixed an issue where top navigation menus were hidden by loading spinners on the Investigations and Data Collection Management pages.
• The Mobile Device table no longer displays null or incomplete values.
• We fixed an issue where some dashboards were not loading correctly.
• We fixed an issue where long field names did not display correctly in Log Search Table View.
• IP addresses are no longer truncated in dashboard charts.