Threat Command
New
- Asset Management | Suggestion Reason: Users can now see the reason why Rapid7 analysts suggested assets in the 'Reason for suggestion' field on the Asset Management page. This enables users to make better informed decisions regarding whether to add or to dismiss a suggested asset.
Improved
- Improved Subdomain Detection: The phishing subdomain detection mechanism has been improved with new search patterns. Users benefit from stronger detection and better coverage for suspicious phishing subdomains.
- Improved Phishing Alerts: Users can receive additional alerts by using the Alert Profiler to detect changes in MX records. This improvement enables customizable alerting for suspicious phishing domains when the MX record has changed.
- Alerts Page Report Filters: Users can now edit the filters for scheduled CSV reports on the Alerts page instead of creating a new report every time a change is required. This saves users time and improves their experience.
Fixed
ID | Case | Area | Description |
---|---|---|---|
IST-795 | 04605600 | Remediation | When exporting alerts to CSV, the "Remediation" column contains incorrect values. |
CS-2387 | 04531057 | Active Directory | AD does not synchronize. |
CS-2461, CS-2463 | 04551094, 04531057 | Active Directory | The AD validation has discrepancies between the record number in the TC alerts and the CSV file. |
CS-2465 | 04530644 | Active Directory | Messages on Leaked Credentials alerts do not represent the information that the AD integration collected. |
PHIS-2625, PHIS-2628 | 04575705, 04600639 | Phishing | Duplicate phishing domain alerts are triggered for the same domain. |
PHIS-2637 | 04603969 | Phishing | Phishing domains Alert Profiler rule syntax issue. |
TIP
New
- IOCs Page | Filter IOCs by File Hash Subtypes: Users can now filter IOCs according to their file hash subtypes (MD5, SHA-1, or SHA-256). This enables users to focus on managing relevant IOCs.
Improved
IOC Popover Improvements: For TC customers that don't have TIP, the IOC popover size was reduced. In addition, the following changes were made in TC alerts:
When hovering over 'Source URL' and related IOCs on the side panel, the data is better aligned.
When hovering over the 'Copy Source URL' icon, the IOC card popover is not displayed.
These changes enable users to work more efficiently.
Additional Support for File Hash Subtypes: File hash subtypes (MD5, SHA-1, or SHA-256) were added to the responses for the following routes:
/public/v3/iocs
/public/v3/iocs/ioc-by-value
/public/v1/iocs/enrich/:iocValue
/public/v1/threat-library/cyber-terms/:cyberTermId/iocs
Users get more information about file hash IOCs through the API responses, allowing them to more easily create action items.
Platform
New
- Release Notes Migration to Rapid7: Threat Command release notes are available on the same external-facing web page as all other Rapid7 product release notes. This makes it easier to access and share Threat Intelligence release notes without logging in to Threat Command.
Fixed
ID | Case | Area | Description |
---|---|---|---|
PLT-693 | 04608791 | Emails | Clicking on a link in Threat Command email notifications requires multiple logins and redirects. |