InsightIDR Release Notes / Sep 29, 2023

Sep 29, 202320230929

New

  • Single Line log view: You can now view your Log Search query results in a new Single Line format. This provides the ability to scroll across your data horizontally to quickly compare different log events.
  • New Log Search is available in Investigations: When searching logs from Investigation Details, you are now presented with the new Log Search experience to view and gather evidence before adding it to the investigation timeline. This update brings all of the benefits of new Log Search to this flow, including the ability to build queries with the context menu, access to recent and saved queries, and a more user-friendly interface for interacting with your search results.
  • Lock your Log Search display: You can now control how the Log Search layout responds when a query is executed. Instead of automatically closing the log selector and query bar components, you have the choice to fix one or both of these components to your screen so that you can easily make modifications to either area when reviewing results.
  • Assessment Reports for Detections: You can now select the Assess Activity rule action for detection rules and exceptions to generate an Assessment Report after 7 days. Assess Activity allows you to evaluate the activity that a detection rule generates to ensure the rule is not creating unnecessary noise, and evaluate how an exception would affect the number of detections generated to ensure the exception is performing as expected. Read the documentation

Improved

  • Key performance indicator counts for the Insight Agent now include stale agents. Previously, this indicator only counted online and offline agents.
  • We added labels to timeline items in Investigation Details to improve readability.
  • We've removed the User Management component from InsightIDR and added a call to action to notify all customers that they should use the top navigation menus to navigate to the User Management page instead.
  • We now display a notification banner when only part of the timeline data can be retrieved for an investigation.
  • We now poll the investigation timeline for updates after automation actions are manually performed on an investigation.
  • When you view log data in the collapsed or expanded view and click on the time range, the date picker now opens with focus on the time range options. This update allows you to quickly adjust the time that is being searched.

Fixed

  • We fixed an issue that was preventing similar logs from being selected when creating new custom parsers.
  • We fixed an issue where Platform Administrators could not navigate to the Insight Agents page from within the product.
  • We fixed an issue that was preventing automatic configuration of new event sources from working.
  • We fixed an issue that was preventing the Exception and MITRE tabs from showing up for some investigations in Investigation Details.
  • We fixed an issue that was causing the table on the Settings > Network Zones page to refresh.
  • We fixed an issue where some cards on the Users and Accounts page were not horizontally aligned.
  • We fixed a header for "Basic Detection Rules" where it was incorrectly referred to as a "Custom Detection Rule".