Mar 31, 202320230331

New

  • Related Logs Section in User Details: A new Search Related Logs section has been added to the User Details page. Select a log or log set to run a query on a user's activity in that log set. These links only display if the user has related logs.

  • ABA Detection Rules: This month we added new detection rules for these threats:

    • Suspicious Asset Authentications
    • Microsoft Defender For Cloud
    • Suspicious Ingress Authentications
    • Suspicious Network Activity - IDS
    • Suspicious Processes - Linux
    • Suspicious Processes - Windows
    • Suspicious Services - Windows
    • Current Events

You can find the latest updates by navigating to the Detection Rules page and filtering by Added in the last 30 days.

Improved

  • Buttons in Investigations: In Investigations, the Save button for adding a comment has now been moved to the left of the Cancel button, so it's no longer hidden by the Resource Center.

  • Removal of Mini Map in Investigations Timeline: We removed the mini map on the Investigation Timeline because it didn’t scale with investigations that had a large number of items.

  • UI Accessibility: We've updated the styling of components in dark theme to make them more readable.

  • New Log Search Open Preview:

    • We updated the query bar behavior and added a tooltip to make it clear that ordering log results by the most recent entry first is limited to searches within the last 30 days.
    • We expanded the default log source selector behavior so you have the full context about your query and can take any necessary actions to update your selected logs.
  • Analysis Table Update: We increased the default amount of results that are displayed in the table view from 10 to 100. This increased visibility will prevent friction when scanning through groupby or calculate results.

  • Increased parsing for Box.com events: InsightIDR now parses Shield Alert events from Box.com and generates third party alerts based on that data.

  • Increased processing limits: We've increased the line limit from 2048 to 4096 for the directory watcher and file tailer data sources to be able to process more data.

Fixed

  • We fixed an issue where Managed Threat Complete customers were unable to access investigations.

  • We fixed an issue where the Export to PDF button was showing as disabled on the User Details and Cloud Services pages.

  • We fixed an issue where the Unknown disposition was not displaying correctly in the investigation audit log.

  • We fixed an issue where the Assets and Endpoints page incorrectly displayed the titles of restricted assets.

  • We fixed an issue where the InsightIDR UI did not accurately reflect role-based access control making it look like some users could take actions when in fact they lacked the appropriate permissions.

  • We fixed an issue where you couldn't select multiple IP addresses when taking action on an investigation.

  • We fixed an issue where the Monitor Health modal on the Event Sources page didn't scroll properly when the browser window was small.

  • We fixed an issue in Log Search Open Preview where long LEQL queries caused the query bar to incorrectly expand across other UI elements.