InsightIDR Release Notes / Oct 30, 2020

Oct 30, 202020201030

New

  • Enhanced Endpoint Telemetry for InsightIDR: The Enhanced Endpoint Telemetry (EET) add-on provides you with access to the rich process start data collected by the Insight Agent so you can understand other activity that occurred on the endpoint when an incident occurred, identify additional compromised assets, hunt for lurking threats, and more. EET is available as an add-on to your InsightIDR license. For details, check out the documentation.
Customer Requested
  • Privileged Admin Groups: You can now set any group as a privileged admin group and generate privilege escalation alerts when a new member is added to the group. To check it out, go to the InsightIDR left menu, and select Settings > Admin Groups Settings.
  • Audit Logging in Open Preview: Record user-driven and automated activity in the Insight Platform and InsightIDR! By enabling Audit Logging, you can track activity, and investigate who did what, when. For details, check out the documentation.
  • New Timelines in Group-by Tables: We now provide a results timeline in Log Search tables so you can see the distribution of a given group over time.

Improved

  • **Investigation Evidence:**You can now view oversized investigation evidence in its entirety from the Evidence panel.
  • User Behavior Analytics: UBA alerts that require LDAP and Active Directory event sources now display as disabled if you do not have those event sources set up, providing you with better visibility into your overall coverage.
  • Language Update - AWS CloudTrail: The AWS CloudTrail data collection method has been renamed to "S3 Bucket" to more accurately reflect where the data is coming from.
  • Chart Navigator in Log Search: We've added a chart navigator to stacked charts in Log Search so you can zoom in and out of large data sets to control how much data you can see.
  • Group-by Results Pagination: Results tables for Log Search group-by queries are now paginated so you can view large data sets more easily.
  • Quick Log Filter: When you highlight text in Log Search, you will now see a search menu where you can quickly add new filters to your data. This will allow you to filter your logs without needing to use Query Builder.

Fixed

  • We resolved an issue where some User Behavior Analytics (UBA) alerts for Active Directory were disabled when the logs were sent to InsightIDR via the Insight Agent instead of an event source.
  • Closing an investigation with the "Mark threat as false positive and close" option now dismisses the threat.
  • We fixed an issue where suggested keys did not always display in Log Search.
  • Customer Requested: We fixed an issue where some large log entry exports caused the browser tab to freeze.
  • We fixed an issue where long queries could not be saved in Log Search.