New
- Additional Detections added: In response to the widespread North-Korean attributed social engineering campaign, we have deployed Indicators of Compromise (IOCs) and behavior-based detections in InsightIDR:
- Suspicious Web Request - DPRK Actor Targeting Security Research - Domain Observed
- Suspicious DNS Request - DPRK Actor Targeting Security Research - Domain Observed
- Suspicious Process - DPRK Actor Targeting Security Research - Related Binary Executed
- Suspicious Process - PowerShell Determining Operating System
- Suspicious Process - RunDLL32 Running Visual Studio File
Improved
- Hash Reputation Enrichment: We have enabled early access for Hash Reputation Enrichment to all Enhanced Endpoint Telemetry customers!
- Quarantine feature: You can now quarantine and unquarantine your endpoints directly from the Asset Details page in InsightIDR. Just search for the asset you want to quarantine in the top search bar, and use the new toggle to activate or remove a quarantine.
- Updated API for user access information: We have updated the User Access page and User Access table on the Asset Details page to use a faster API. We also implemented pagination on the User Access page.
- Updated API for vulnerability information: We have updated the Vulnerability Details page and the Vulnerabilities table on the Asset Details page to use a faster API. We also implemented pagination on the Vulnerability Details page.
- Improved ABA Settings page: We have updated the styling on the ABA settings page in order to improve readability.
Fixed
- We removed a legacy dropdown component to pave the way for a better experience.