New
New InsightIDR Settings: We’ve made some changes to the InsightIDR settings menu:
- Access Honey Users, Honey Files, and Honey Credentials in Settings > Deception Technology.
- You can now enable Honey Credentials without contacting support! Check out the documentation.
- File Integrity Monitoring has moved to Settings > Insight Agent.
- We added a new setting that allows the Insight Agent to collect user logins, login failures, and password changes on endpoints managed by a domain controller. Find it in Settings > Insight Agent.
New Dashboard Cards: We added new dashboard cards for Enhanced Endpoint Telemetry and the Insight Network Sensor for AWS. Check them out in the Card Library under "Network Flow: Cloud Networks" and "Enhanced Endpoint Telemetry."
Netskope Event Source: We added support for Netskope! InsightIDR can now support a variety of alert and event types from Netskope via Syslog. Check out the documentation.
Improved
Enhanced Custom Parser Experience: We've made some changes to improve the Custom Parsing Tool experience:
- Clearly see which Extracted Fields you've selected and which were generated by Rapid7.
- Edit Custom Parser field names directly in line.
- See which log lines you've interacted with as you are editing your parser.
Multi-Groupby Example Query: We added a sample multi-groupby query to show you how to group by multiple fields. Check it out in Log Search > Example Queries.
Fixed
- The values in Settings > Monthly Data Usage now display correctly according to your local timezone.
- We fixed a bug where the S3 prefix displayed as required instead of optional during CloudTrail event source configuration.