InsightIDR Release Notes / Aug 31, 2023

Aug 31, 202320230831

New

  • Custom Detection Rules is in Open Preview: You can now create detection rules that uniquely fit your organization’s security needs. Get started by clicking Create Detection Rule on the Detection Rules page, or by clicking Detection Rules > Custom Detection Rule in Log Search. Read the documentation
  • ABA Detection Rules: This month, we added new detection rules for 4 threats. You can find the latest updates by navigating to the Detection Rules page and filtering by Added in the last 30 days:
    • Suspicious Network Connections
    • Suspicious Process Access
    • Suspicious Registry Events
    • Visibility Monitoring

Improved

  • We added name validation when creating or editing credentials in Settings.
  • We added a help documentation link to the setup pages for Microsoft IIS event sources.
  • We added filtering to the investigations audit log, so you can now see when alerts have been added or removed from an investigation.
  • We improved event sources that use OAuth so that they now check to see if an OAuth token exists before prompting you to create a new one.
  • We added support for the Cisco Meraki Firewall events format from Firmware MX18.101 and newer.
  • We added support to parse the hostname and account name fields for the BlueCoat ProxySG event source.
  • We improved the visual navigation of Log Search so the Search bar is more accessible. You can now run a query or access query actions while the Search bar is collapsed.

Fixed

  • We fixed an issue where log lines with string encoded epoch time stamps could not be added to investigations.
  • We fixed an issue where the Allowlist and Close options did not populate correctly for some investigations.
  • We fixed help documentation links so they now direct to specific event source pages.
  • We fixed an issue where end users without multi-customer investigations had access to multi-customer investigation routes.
  • We fixed an issue so that right clicking and choosing Open in New Tab now works for the multi-customer investigation experience.
  • We added an additional check to ensure that Palo Alto Prisma logs in LEEF format are parsed more consistently.
  • We fixed the SnortIds parser to now parse logs that don’t have a host name in the header and added provider tests.
  • We fixed an active directory race condition that caused events to go to the Unparsed Data log set instead of generic windows.
  • We fixed an issue where the Palo Alto Network event source wasn’t correctly parsing the CONNECTION_STATUS field.
  • We fixed an issue in the Log Search Table view where values wrapped in a cell were expanding when reviewing certain log entries.