Threat Command
Fewer Positive Alerts for Parked Domains: Alerts will be triggered only once for parked domains that are non-active or for sale. This will reduce false positive alerts for parked domains.
Improved Coverage of Phishing Websites: Rapid7 intelligence analysts are building templates to continuously generate asset-based profiling rules for better coverage of suspicious phishing websites. These new custom queries will be released gradually and will improve the detection coverage for phishing websites.
Improved Phishing Domain Detection: The use of new domain search patterns will yield stronger coverage of suspicious phishing domains.
Remediation Validation Based on Geolocation: Before updating the remediation status, the 'threat existence' tests now consider these geolocation factors:
- 'Countries of activity' asset
- Related trademark
- Company location based on profile
The remediation status in the dashboard will more accurately reflect the customer's request.
Integrations
- Active Directory Continuous Integration: Leaked credentials validation in Active Directory is more stable and robust.
Customers will gain consistent visibility into potential system infiltration risks, allowing smarter decisions and faster actions, including changing passwords, blocking users, and removing permissions.
Fixes
Threat Command
| ID | Case | Area | Description | |
|---|---|---|---|---|
| 1 | PLT-561 | 04231376 | Public API | An error occurs when running the /alerts/report-iocs API call. |
| 2 | CS-2352 | 04550654 04528129 | Leaked Credentials | Duplicate leaked credentials are created. |
| 3 | CS-2357 | 04499378 | Leaked Credentials | CSV reports and emails are not available for some leaked credentials alerts. |
| 4 | PHIS-2537 | 04307613 | Phishing | In the Phishing Watch manager, a subdomain is not properly excluded. |
| 5 | PHIS-2561 | 04497258 | Phishing | The "Exclude domain from monitoring" request is not saved for a website. |
| 6 | PHIS-2585 PHIS-2593 | 0449899704499599 | Phishing | Domain analysis process failure |
Integrations
| ID | Case | Area | Description | |
|---|---|---|---|---|
| 1 | CS-2299 | 04568214 04551426 04551137 04551053 04530644 04530544 04518422 04518399 04500498 | Active Directory Integration | Even though records were exposed, the Active Directory notification shows 0 exposed records. |
| 2 | IST-736 | 04231535 | Active Directory Integration | An incorrect policy was triggered. |
| 3 | 04498790 | 04498790 | Azure Active Directory | The Azure Active Directory validation was stuck in the "in progress" state. |
TIP
| ID | Case | Area | Description | |
|---|---|---|---|---|
| 1 | TIP-5732 | 04483209 | Investigation map | When exporting an Investigation Map as a PDF, the PDF is zoomed-in. The exported file does not match what you see on the screen and parts can be cut off. |