New
Related Logs Section in User Details: A new Search Related Logs section has been added to the User Details page. Select a log or log set to run a query on a user's activity in that log set. These links only display if the user has related logs.
ABA Detection Rules: This month we added new detection rules for these threats:
- Suspicious Asset Authentications
- Microsoft Defender For Cloud
- Suspicious Ingress Authentications
- Suspicious Network Activity - IDS
- Suspicious Processes - Linux
- Suspicious Processes - Windows
- Suspicious Services - Windows
- Current Events
You can find the latest updates by navigating to the Detection Rules page and filtering by Added in the last 30 days.
Improved
Buttons in Investigations: In Investigations, the Save button for adding a comment has now been moved to the left of the Cancel button, so it's no longer hidden by the Resource Center.
Removal of Mini Map in Investigations Timeline: We removed the mini map on the Investigation Timeline because it didn’t scale with investigations that had a large number of items.
UI Accessibility: We've updated the styling of components in dark theme to make them more readable.
New Log Search Open Preview:
- We updated the query bar behavior and added a tooltip to make it clear that ordering log results by the most recent entry first is limited to searches within the last 30 days.
- We expanded the default log source selector behavior so you have the full context about your query and can take any necessary actions to update your selected logs.
Analysis Table Update: We increased the default amount of results that are displayed in the table view from 10 to 100. This increased visibility will prevent friction when scanning through
groupby
orcalculate
results.Increased parsing for Box.com events: InsightIDR now parses Shield Alert events from Box.com and generates third party alerts based on that data.
Increased processing limits: We've increased the line limit from 2048 to 4096 for the directory watcher and file tailer data sources to be able to process more data.
Fixed
We fixed an issue where Managed Threat Complete customers were unable to access investigations.
We fixed an issue where the Export to PDF button was showing as disabled on the User Details and Cloud Services pages.
We fixed an issue where the
Unknown
disposition was not displaying correctly in the investigation audit log.We fixed an issue where the Assets and Endpoints page incorrectly displayed the titles of restricted assets.
We fixed an issue where the InsightIDR UI did not accurately reflect role-based access control making it look like some users could take actions when in fact they lacked the appropriate permissions.
We fixed an issue where you couldn't select multiple IP addresses when taking action on an investigation.
We fixed an issue where the Monitor Health modal on the Event Sources page didn't scroll properly when the browser window was small.
We fixed an issue in Log Search Open Preview where long LEQL queries caused the query bar to incorrectly expand across other UI elements.