Improved
- SentinelOne Event Source: We made improvements to SentinelOne event source parsing, so that Account Info is populated in Third Party Alert docs.
- Crowdstrike Event Source: We made improvements to the CrowdStrike event source parsing, so that hostname is assigned where present.
- Okta Event Source: Third Party Alert Documents are now generated from
security.threat.detectedevents. Additionally, Payload-Giveup rates have been reduced due to additional testing. - Bitdefender Event Source: Source data and account value now populate correctly in
VirusInfectionsDocs,BitDefenderVirusInfectionGenerator, andBitDefenderWebProxyGenerator. - Palo Alto Networks Cortex XDR Event Source: We updated the PAN Cortex XDR Event Source to redirect users to updated help documentation.
- User Details: We updated some cards in the User Details page to be more visually modern and enhance clarity.
- Cloud Integrations Converter App (CICA): Custom Log Parsing is now available in CICA.
Fixed
- An error now appears when a credential issue occurs for the AWS SQS Event Source.
- A fatal error now displays when there is a failure to connect to the LDAP server for the LDAP event source.
- We fixed an issue that could occur when handling too many Windows events. We added logic to request fewer events and retry.
- We fixed an issue where users could not successfully complete Office 365 event source setup because the endpoint call to get the auth confirmation back was unsuccessful due to unencoded brackets in the URL.
- We fixed an issue where users couldn't add a new AWS GuardDuty Event Source.
- We fixed an issue where users weren't being displayed in the Investigation Details Audit Logs panel.