InsightIDR Release Notes / Mar 29, 2024

Mar 29, 202420240329

New

  • Log Search Automatic Query Suggestions: As you interact with the query bar, you will now be offered LEQL suggestions. During query construction, the suggestions will narrow based on supported capabilities and syntax. You can use keyboard navigation or mouse selection to drive the building process. When you’re satisfied with the query, use the escape button to quit any remaining suggestions then run the query. With automatic suggestions, you can focus on analyzing results rather than writing queries.
  • Choose the keys you want to display in your query results: Using the select clause, you can now choose what keys to include in your search results. You can also customize the names of the keys and order the display in the results. Queries that leverage the select clause can also be saved as a saved query for a fully customizable viewing experience for selected logs.

Improved

  • Updated versions of the InsightIDR Network Honeypot images are now available, which are based on the Ubuntu 22.0.4 LTS OS version. There is no automatic upgrade path for existing honeypot instances, so the new version must be downloaded and installed on new instances to replace existing instances. Both the OVA virtual machine and the AWS Honeypot AMIs have been updated.
  • We updated the Select a Collector dropdown in the Add/Edit Event Source panel to require a user to manually select a collector rather than defaulting to a collector.
  • We updated the Select a Collector dropdown in the Add/Edit Event Source panel to be more usable and searchable.
  • We updated the Add/Edit Event Source panel to have a more helpful error state.
  • We added a View Detection Rule button for alerts in the investigation details page that opens a new window to the associated detection rule when clicked.
  • We made improvements to our Assess Activity rule action experience, including enhanced filtering and bulk actions in our assessment reports table, providing visibility into In Progress rule assessments for earlier awareness of detection behavior, and easier access to historical reports via a tab on detection rule details.
  • We improved the way we display errors in the Alert Details page when the user doesn't have permissions to access the page.

Fixed

  • We fixed a bug where the Universal Webhook Data Exporter would send users to an error state when configured unexpectedly.
  • We fixed an issue where the Investigation Details page showed an empty state while loading, rather than a loading state.
  • We fixed a text overflow issue on the Data Collection Health tab.