InsightIDR Release Notes / Oct 28, 2022

Oct 28, 202220221028

New

  • InsightIDR Onboarding Progress Tracker: If you are an InsightIDR Essential, Advanced, or Ultimate customer you will now have access to the InsightIDR Onboarding Progress Tracker. The new feature is available directly in InsightIDR as a self-serve, centralized check-list of onboarding tasks with step-by-step guidance, completion statuses, and context on the “what” and “why” of a task. This feature is available for new user onboarding, beyond the 90 day onboarding period.
  • New Log Search documentation: The Log Search documentation has been enhanced with two new topics, which can help users to understand more about log sets and the keys that they contain. Having a list of keys that are available in logs can help users to build strong LEQL queries to search the data. The list, also known as a schema, can also be useful for creating ABA Automations and Detection Rule management workflows. View the documentation on Log Set Guidance and Event Types and Keys.
  • GCC & GCC High event source: We have now enabled an option for you to bring data in from your GCC (Government Community Cloud) and GCC High environments when setting up your Office 365 event source. You can bring Office365 data into InsightIDR while meeting security standards that are necessary to uphold or process data on behalf of the US Government. To learn more about this new event source, read the documentation.
  • Palo Alto Cortex Data Lake event source: You can now configure Palo Alto Cortex Data Lake to send syslog-encrypted Web Proxy, Firewall, Ingress Authentication, VPN session, IDS, Hostname to IP, Advanced Malware, Virus Infection activity to InsightIDR. To learn more about this new event source, read the documentation.
  • Zscaler LSS event source: You can now configure Zscaler LSS to receive and parse User Activity and Audit type logs from Zscaler Private Access (ZPA), through its Log Streaming Service (LSS). To learn more about this new event source, read the documentation.

Improved

  • Enhanced Webhook Data Exporter: The Webhook Data Exporter has been enhanced to support the proxy configuration on your Collector(s).
  • Updated Investigation Details table: We replaced the icons in the Investigation Details table view with labels, to increase readability.
Customer Requested
  • Updated parsing flow and add CEF support to Trend Micro OfficeScan parser: You should see more logs and documents being produced as CEF format is now supported for Trend Micro OfficeScan.
  • Updated S3 Region options: We have added support for EU-NORTH-1, and other new AWS S3 regions, when configuring event sources.
  • Empty state text for Cloud Services panel gave incorrect advice: We have clarified the empty state text for Cloud Services to make it more clear which event sources need to be configured.
  • Added an open/close filter option to Investigation Details: The filter in Investigation Details can now be closed to provide more horizontal screen space.

Fixed

  • We fixed an issue where DVS was using incorrect calculations in the bytes formatter.