InsightIDR Release Notes / Jun 30, 2023

Jun 30, 202320230630

New

  • Log Search: We made updates to the new Log Search experience:
    • Create detection rules: You can now create basic detection rules (formerly known as custom alerts) directly from queries you run in the new Log Search. This functionality allows you to refine a detection rule query prior to enabling it.
    • Add visualizations to dashboards: You can now take advantage of the speed and usability improvements of the new Log Search interface to refine and tweak visualizations. These visualizations can then be added to dashboards to share insights with other stakeholders.
    • Create and edit saved queries: You can now capture and share useful queries to reduce your time to insight by saving queries in the new Log Search interface.
    • Query bar updates: The Log Search query bar now auto-collapses, providing more screen space to focus on the results from searches.

Improved

  • Enhanced details for alerts in investigations: In Investigation Details, you can now view more complete information about the alerts in an investigation, which provides additional context. We updated the alert evidence panel to include the alert's source event data and the detection rule logic that generated it. You can also now view and create detection rule exceptions directly in an alert.
  • Wrap text in Investigations Evidence: You can now choose to wrap lines of text when viewing the evidence of an investigation, which improves readability.
  • View query time limit in Investigation Details: We’ve added a time limit of 12 months to the Inspect Actor Activity feature in Investigation Details to prevent querying for data that has expired.

Fixed

  • We fixed an issue where the Modify and Close action in an investigation was displaying the wrong information in the success banner. The banner now displays the correct user action.
  • We fixed an issue where the System Created date was rendering incorrectly in Investigation Details. Previously, only the date was showing, and now both the date and time appear.
  • We fixed an issue where failures in the Investigation Details timeline caused the entire page to stop rendering.
  • We fixed an issue that was preventing the Query Endpoints feature from rendering correctly.
  • We fixed an issue where the input field for viewing raw log lines from an event source wasn't visible when using dark theme.
  • We fixed an issue where the Auto Configure event source feature was not working after adding a Credential.
  • We hid the quarantine action on the Asset Details page for non-administrators because this feature is not usable to those users.
  • We fixed an issue where clicking on an example query from the new Log Search Home page did not automatically select the corresponding log set.