New
- UBA detection rules: This month we have migrated detection rules for 3 third-party sources of alerts. You can find the latest updates by navigating to the Detection Rules page and filtering by Palo Alto Networks Cortex XDR, Microsoft Security, and Microsoft Defender for Endpoint:
- Third Party Alert - Palo Alto Network Traps
- Third Party Alert - Microsoft Azure Security Center
- Third Party Alert - Microsoft Defender ATP
Improved
- Mimecast 2.0 event source: We updated the terminology used in Event Sources > Create Connection to align with the fields Mimecast uses, improving clarity and consistency.
- Investigation Details: We updated the configuration links in Take Action in Investigation Details to take users directly to a new Snippet tab in InsightConnect, that is fully populated and ready for use in configuration.
- Settings: We updated the UI in some pages in the Settings navigation.
- Cato Networks event source: We modified the method of retrieving events from the Cato API by no longer generating markers, which previously allowed it to skip ahead in the queue when retrieving events.
Fixed
- Fixed an issue where undeployed collectors weren't displayed in Settings.
- Fixed an issue where searching for specific event source credentials in Settings incorrectly indicated that no credentials existed.
- Fixed an issue where the Investigation Disposition was not immediately updated after an investigation was closed.
Other Changes
- UBA detection rules: The following detection rules for 6 threats will be retired in 30 days:
- Malicious Hash On Asset
- New Cloud Region Usage Detected
- New Cloud Resource Usage Detected
- New Cloud Service Usage Detected
- New Mobile Device
- Spear Phishing URL Detected