New
- Universal Webhook Data Exporter: We added a link to help documentation to the Universal Webhook Data Exporter, so that you have additional guidance at hand when configuring this data exporter.
- Pre-computed queries: The following have been added to pre-computed queries in Log Search:
- When building dashboard cards, pre-computed queries are now prioritized ahead of regular search queries as the default option. This ensures the card populates with data in the most efficient way. You can still choose to add Log Search queries to dashboard cards for wider feature support. For example, you can use Log Search queries for cards using tables or advanced calculate operators such as
averageormedian, which are not supported in pre-computed queries. - You can now take advantage of the predictably fast retrieval speeds provided by pre-computed queries directly from the Log Search home tab. This brings improved decision making based on environmental trends directly into analyst workflows. You can also leverage the right-click context menu to pivot from the visualizations directly back to the underlying log entries to understand more about particular groups or time periods of concern.
- When building dashboard cards, pre-computed queries are now prioritized ahead of regular search queries as the default option. This ensures the card populates with data in the most efficient way. You can still choose to add Log Search queries to dashboard cards for wider feature support. For example, you can use Log Search queries for cards using tables or advanced calculate operators such as
Improved
- Alert, Investigations, and Detection Rules filters: The Responsibility filter in Alerts, Investigations, and Detection Rules is now called Category. You can filter by either Managed, to see which are managed by Rapid7, or Custom and Contextual, which returns results that you can configure as required or refer to for additional context.
- Log Search filters: You can now filter by pre-computed queries created by Rapid7 or Custom.
- User pages and Investigation Details You can now access the direct log evidence behind any related alert or notable event list on the User pages using the View Log Entry button.
- Notable Events The volume of notable events generated by Legacy Detection Rules has been capped at 10 per 24 hours from the first match. This enhances the signal to noise ratio when reviewing user activity on the investigation timeline.
Fixed
- We fixed an issue where some detection rule modifications could not be deleted.
- We fixed an issue where duplicate key suggestions were displayed from the key dropdown in Log Search query builder. You can now see just the single unique key for each log selection.
- We fixed an issue in Legacy Log Search where
groupbyresults were not being shown unlesscalculatewas included. - We fixed an error where some log exports had invalid dates. You can now see created dates for all exports found in Settings > Log Management > Exports.
- We fixed an issue where certain sequences of characters were not accepted as part of a webhook URL for a basic detection rule.
- We fixed an issue where a blank space at the start of Log Search queries incorrectly flagged the query as invalid.
- We fixed an issue with the query bar height in Log Search obscuring error highlighting. You can now clearly see where any syntax errors have been identified by the query builder.