InsightIDR Release Notes / Apr 28, 2022

Apr 28, 202220220428

New

  • Amazon S3 buckets are now supported as a collection method for custom logs: Prior to this enhancement, your S3 logs would need to pass through Cisco Umbrella to reach InsightIDR; now, you can select the Amazon S3 Collection Method when adding custom logs. This new direct path from Amazon S3 buckets to InsightIDR simplifies custom log collection.
  • New APIs to interface with InsightIDR users, accounts, and more: We have released new APIs to allow you to programmatically interface with InsightIDR users, accounts, local accounts, and assets. With these APIs, you can configure new automations to further contextualize alerts generated by InsightIDR, or 3rd party SIEM and EDR tools. This helps you achieve greater efficiency in your day-to-day workflows, and gain greater extensibility to visualize and report on the valuable data captured by InsightIDR.

Improved

  • Bulk rule changes for ABA Detection Rules: You can now change Rule Action and Rule Priority for multiple rules at once. This additional functionality will allow you to efficiently manage your rules without wasting precious time on monotonous rule management.
  • Clickable KPIs: Read-only users can now click the KPIs on the Home and Asset pages to gain additional context into the metrics displayed.
  • Pass selected log data to Quick Actions: You can now highlight Log Search results and the context menu will include an option to open the highlighted text in the Quick Actions menu. You can apply one of the pre-configured quick actions and get answers fast in a pop-up modal, without leaving the Log Search page. To avail of this option, you will need either of the following:
    • InsightIDR Advanced package with an Insight Connect license
    • InsightIDR Ultimate package

Fixed

  • We adjusted highlight colors in the parsing tool for better readability when using dark theme.
  • We fixed a bug that was preventing you from creating new custom parsers.
  • We fixed an issue with special characters not rendering correctly in investigation titles.
  • We fixed an issue with event sources showing a 0% parsing rate when they were parsing very small amounts of data. They now show "<0.1%" instead.
  • We fixed an issue with the time range selector in Log Search to recognize hitting the Enter key as selecting a custom time range.
  • We fixed an issue with the time range selector in Log Search when selecting "Now" as the end date for the selected range.