InsightIDR Release Notes / Nov 29, 2024

Nov 29, 202420241129

New

  • Watchguard XTM Event Source: The Watchguard XTM event source now generates web proxy documents from https-proxy events, in addition to http-proxy events, providing additional insights on activity in your network.
  • Log Search: You can now access statistics about the previous search queries' characteristics directly within Log Search. You now have greater insight into the volume of data searched, duration and index factor achieved.
  • Event Sources: We added new cloud event sources for Google Cloud Security Command Center and AWS GuardDuty.

Improved

  • Fortinet Firewall Event Source: In cases where the dstunauthuser field is absent, product-provided account will now be populated from the unauthuser field.
  • 1Password Event Source: The 1Password event source now does additional parsing of Cloud Service Activity docs.
  • Office 365 Event Source: We made changes to the Office 365 collector integration to alleviate high CPU usage issues under certain circumstances.
  • Palo Alto Networks Cortex XDR Event Source: We added product-provided account and account domain fields to Advanced Malware Documents produced from wildfire threat events. We also updated severity field parsing to make use of an alternative value from the raw log if we can't map if from the value we currently use.
  • collector-component-upgrader-plugin: We updated the collector-component-upgrader-plugin for Java 17. AWS S3 data source: We modified AWS S3 endpoints to match AWS documents.
  • UI changes: We updated the Settings navigation, the User Details page, and the Data Collection page to be more visually modern and enhance clarity.

Fixed

  • We fixed an issue where severity was incorrectly parsed from the severity field and not the category/verdict field for the Palo Alto Networks Data Lake Event Source. Additionally, informational severity logs will no longer parse.
  • We fixed an issue where Netskope logs did not parse if they contained trailing characters.
  • We fixed an issue that caused the connection_status to be incorrectly set in the Fortinet Firewall event source, by adding an additional entry to the Action_status map and some additional functionality.
  • We fixed definition lookups for Windows events to support future operating system updates.
  • We fixed an issue in the Okta Event Source that caused Cloud Service Admin docs to not generate where a source IP was not present.
  • We fixed an issue that helped with AWS token renewal issues related to the AWS CloudTrail Event Source.
  • We fixed an issue where Linux File Integrity Monitoring information on the Settings navigation was not displayed.
  • We fixed an issue where InsightIDR links to the Platform homepage weren't working.
  • We fixed an issue where existing orchestrators could not be found and added to the Onboarding Progress page.
  • We fixed an issue where the Query Actions option was incorrectly disabled. You can now take any relevant query action such as saving it, adding it as a pre-computed query or generating a custom detection rule after executing a query.