New
Custom Parser Editing: You can now edit fields in your pre-existing parsers! With this new feature, you can update the parser name, extract additional fields, and edit existing extracted fields. This functionality is available from the Custom Parsing Tool. Check out the documentation.
Cybereason Event Source: We’ve added support for Cybereason! You can now use the Cybereason API to send alerts to InsightIDR to generate investigations. Check out the documentation.
Sophos Intercept X Event Source: We added support for the Sophos Intercept X event source, which you can use to parse alert types as Virus Alert events. Check out the documentation.
DivvyCloud Event Source: You can now add DivvyCloud by Rapid7 as an event source in InsightIDR. You can send cloud events to InsightIDR for analysis, investigations, reporting, and more. Check out the documentation.
Network Sensor for AWS: We are excited to announce the General Availability of the Network Sensor for AWS! You can now deploy a network sensor on your AWS Virtual Private Cloud and configure it to communicate with InsightIDR. Check out the documentation.
Improved
- Display UBA Alerts that are relevant to you: We added a toggle to alert settings so you can more easily see the data that is most relevant to you. To display all out-of-the-box UBA alerts, select "All Alerts." Select "Available Alerts Only" to see only the alerts available to you based on your configuration. Check it out in Settings > Alert Settings > User behavior analytics.
Fixed
Harvested Credentials UBA alerts are now enabled for customers who have not configured LDAP and Active Directory event sources.
Account Created UBA alerts are now disabled for customers who have not configured LDAP and Active Directory event sources.