Jun 28, 202420240628

New

  • Event Source emails: InsightIDR Administrators now receive daily email alerts if any event sources are in an error state. Go to Settings > User Preferences > Email Notifications to enable or disable InsightIDR email notifications.
  • Analysis page: You can now filter groupby() results on the analysis page in Log Search. You can now quickly isolate specific values (such as hosts, users, or IP addresses) as defined in the groupby() statement without needing to scroll or navigate through paginated results.
  • Time range picker: We added a new Last 3 days option to the time range picker in Log Search.
  • Pre-computed queries: You can now access Rapid7 provided pre-computed queries, in addition to any custom ones, on the PCQ Management page.

Improved

  • Investigation Details: ​​We improved user experience on Investigation Details timeline items by rendering single-action items as a button rather than a dropdown of options.
  • Settings: We updated UI copy in the Settings page for clarity.
  • Saved queries: We updated saved query dropdowns to sort by name of the query, so users can spend less time finding the query they are looking for.

Fixed

  • We fixed an issue where data displayed in the Actor Activity panels in the Investigation Details page wasn't loading filters the data was saved with.
  • We fixed an issue where users could save event sources without adding a connection.
  • We fixed an issue where text wasn't rendered correctly for some Legacy UBA Detection Rules.
  • We fixed an issue where the Automated Alerts table wasn't sortable.
  • We fixed an issue where the Administrator Users table pagination was not updating on navigation through the table.
  • We fixed an issue where the start date was not displayed correctly in the Investigation Details Bulk Close modal.
  • We fixed an issue where actors involved in an investigation weren't appearing in Investigation Details if there was no data in the investigation.
  • We fixed a performance issue with LEQL queries that rely on CIDR notation for IP search. For example, when you search IP ranges using queries, such as where (source_ip=IP(192.168.4.240/32)), you can now expect to see a significant reduction in time to fetch results.