InsightIDR Release Notes / May 31, 2024

May 31, 202420240531

New

  • Alert Triage: MDR customers now have access to Alert Triage. In Alerts, you can gain visibility into all alerts raised in your environment, including the managed alerts that your Rapid7 MDR team is working on.

Improved

  • Deleting variables: When deleting a variable that is also referenced as part of an exception, you can now use a deep link to navigate directly to the related detection rules to understand the dependency and determine next steps.
  • Limit configuration: You can now see what limit configuration was applied to a groupby query in Log Search when scanning results. Using this context combined with the results presented, you can determine if further refinement of limit parameters per group would reveal additional data points.
  • groupby results in Log Search: You can now activate the context menu by right clicking on values from groupby results in Log Search to build queries that only include or exclude the selected values. This approach to filtering allows analysts to spend less time manually editing queries when attempting to focus on specific activities.
  • Settings: We updated the Settings page to have a sleeker, modern design.
  • Universal Webhook Data Exporter: We updated the styling and language of the Universal Webhook Data Exporter drawer.
  • New tooltips: We added clarifying tooltips to the Active Users table and to the User Information section of the User Details page.
  • Fortinet Fortigate: We updated the Listen on Network Port collection method for the Fortinet Fortigate event source to optionally enable for lines missing newline characters.

Fixed

  • We fixed an issue where the timeline chart on Log Search may not complete for long running queries.
  • We fixed an issue where users with Dashboards feature permission were incorrectly prevented from making updates associated with their roles. Customers can now create custom InsightIDR roles that provide access exclusively to log search and dashboard experiences.
  • We fixed an issue where the action dropdown in the PCQ Management table was inaccessible without scrolling. You can now access the action menu updates to update, duplicate or delete existing pre-computed queries.
  • We fixed an issue where the table showing pre-computed queries did not scroll horizontally, preventing access to the rightmost menu on smaller screens.
  • We fixed an issue where empty fields were appearing in the Anomalous Data Transfer tab in the Alert Details drawer.
  • We fixed an issue where the Data Exporters filters were not showing all possible options.
  • We fixed an issue where Investigation Details items would sometimes indicate an associated investigation when there was no associated investigation.
  • We fixed an issue where the Data Collection Health graphs sometimes got stuck in an infinite loop.
  • We added informative tooltips to the User Information section of the User Details page.
  • We fixed an issue where a peek panel related to the Universal Webhook Data Exporter stayed open when other event source peek panels were opened.