Threat Command
- Trello Alerts: Customers that use Trello project management will likely begin receiving more alerts associated with exposures in this environment. This will help users mitigate security exposure related to Trello projects.
- Faster Alerts Data: The Alerts page now loads customer alert data significantly faster, enabling users to access it more than ten times faster.
- Login Password Length: To enhance safety and protection, the minimum password length (when creating or resetting a user's login password) was increased from six to nine characters. This change applies to all accounts that access Threat Command from the IntSights login page (not to customers that migrated to the Rapid7 Insight Platform). Existing users do not need to make any changes unless their passwords have expired.
- System State Report: A new "Closed by" column was added to the System State report. This column enables seeing the name of the user who closed the alert.
- Simplified Case Creation: Threat Command users with access to the Rapid7 Customer Support portal can now initiate a new support or intelligence case with the click of a button. The "Create a Case" button, in the header of every dashboard page, takes users directly to the Threat Command Service portal where they can choose a topic and create a case.
- Heads Up: System Email Changes: The subject and content of system-sent email messages are changing on May 9; the most relevant information will be easier to access. If users have automation rules in place based on subject or email content, they may need to update automated email filters accordingly.
Vulnerability Risk Analyzer (VRA)
- VRA Integrations Visibility: Users can see when the last successful synchronization of vulnerability management solution integrations took place. This enables improved vulnerability management processes.
- Automatic Alerts for Vulnerabilities: A new, default Alert Profiler rule was added and enabled to automatically trigger alerts for vulnerabilities based on the user's vulnerabilities, populated by 'Technologies in use' assets or integrations.
The rule is enabled for all new users; existing users will be migrated in upcoming versions.
TIP
- IOC Management | IOC Actions were Moved for Easier Access: The recently-added "Cyberterm relation" and "Add to blocklist" actions were moved to a "More" menu. This enables more actions per IOC directly from this page, providing the user a single pane to manage IOCs.
Fixes
Threat Command
| ID | Case | Area | Description |
|---|---|---|---|
| BS-3490 | 03844612 | Custom Query assets | When adding Custom query assets, the "/" symbol is added to the asset value. |
| PLT-293 | - | Tenant modules relations error | When the modules are not aligned between tenants and MSSP, IMP users and MSSP users were shown a non informative error. |
TIP
| ID | Case | Area | Description |
|---|---|---|---|
| TIP-6961 | 04042391 | IOC filtering | On the IOCs page, when filtering IOCs by Killchain phase, incorrect results are returned. |
| IST-699 | 03760797 | IOC groups | When editing IOC groups, an unexpected error is displayed. |