InsightIDR Release Notes / Jan 31, 2023

Jan 31, 202320230131

New

  • Investigations audit log: InsightIDR now provides visibility into actions that were taken on an investigation. The investigation audit log records updates made in the investigation, when those updates were made, and the user who made them. Additional features include:

    • Audit log visibility in Log Search: The audit logs from Investigations are also available in Log Search as part of the Audit Logs log set.
    • Audit log for Managed Detection and Response (MDR) customers: If you’re an MDR customer, the audit log shows the updates that your organization made to an investigation. The ability to view updates made by the Rapid7 SOC is planned for a future release.

    To learn more about the audit log, read the documentation.

  • API collection method for Palo Alto Cortex Data Lake: You can now set up the Palo Alto Cortex Data Lake event source using an API collection method, which makes setup easier and more secure. To learn more about the API collection method, read the documentation.

    • Note: The API collection method requires use of the Palo Alto API Explorer. Reach out to Palo Alto Networks for access.

  • Onboarding Progress Tracker for MDR customers: If you’re an MDR customer you now have access to the Onboarding Progress Tracker, which was previously available to InsightIDR Essential, Advanced, and Ultimate customers only. The Onboarding Progress Tracker is available from the Home page as a self-serve, centralized checklist of onboarding tasks with step-by-step guidance, completion statuses, and context on the “what” and “why” of a task. This feature is available for new user onboarding, beyond the 90 day onboarding period.

  • Search faster with a redesigned Log Search user interface: Now in open preview, you can load selected log sets more quickly using the fully updated Log Search experience. Equipped with new features and better interactivity for a more seamless user experience, Log Search Open Preview is available in the left navigation alongside the original Log Search until development is complete.

Improved

  • LEQL having clause includes all calculation functions: When grouping log results using groupby, you can now leverage the having clause with calculation functions, such as sum, max, and unique, which help you isolate interesting events and reduce noise.

  • Updated Home page metrics: We removed the Latest Processes and Cloud Services widgets from the Home page to better utilize screen space and make other metrics more visible. You can still view your Latest Processes and Cloud Services in Users and Accounts.

Fixed

  • We fixed an issue in Users and Accounts, which caused data in the Ingress Locations chart to be difficult to read.

  • We fixed an issue where the Barracuda Firewall event source was not parsing LocalBlock events. You might notice an increase in Barracuda Firewall events as a result.

  • We fixed an issue in Investigations that caused attachments to be difficult to read in dark theme.

  • We fixed an issue in Assets and Endpoints where the Create endpoint ID address range panel did not include a close icon.