Threat Command

Improved

Confidential Documents | Improve Analysis Accuracy: The Confidential Documents default Alert Profiler detection algorithm has been split into two rules - one detects DLP assets (enabled by default) and the other detects general DLP in document headers and footers (disabled by default). As a result, customers will see fewer FP Confidential Documents alerts.

ID	Case	Area	Description
CS-2418	04604282	Leaked Credentials	Passwords appear as ‘NULL’.
CS-2505	04741047	Leaked Credentials	The number of exposed records in the alert title and in the attached spreadsheet is inconsistent.
BS-3822	04739207	Alerts Page	Preselected assets are hidden in the Assets filter.
CS-2510	04498790	AD	Active Directory policies do not function correctly.
IST-800	04730391	Remediation email updates	Some email remediation updates are not being sent to customers.

Integrations | Office 365 Integration Renewed: The Microsoft Office 365 integration is fully operational again. Users can see new configuration instructions in the online User Guide.

New Splunk App Version 2.4.0 includes the following improvements:
- Added a Macros Configuration page in UI to update macros.
- Added an "IOC Status" filter in IOCs input configuration page to collect IOC data according to selected IOC status.
- Added an IOC search filter and First Match Time column in the Correlation Details dashboard.
- Updated the IOCs retirement logic to consider IOCLastSeen field for retirement.
- Removed the "Verify SSL Certificate" checkbox from the configuration page.
- Updated the retirement policy of IOCs for IOC type IP, Email, and Hash.
- Added a default value for the index field while creating the input.
- Made the Start date and Report date noneditable while editing input.
- Enhanced the log messages.
  Users can manage IOCs more efficiently through Splunk, while decreasing the FP rate.

ID	Case	Area	Description
TIP-7099	04681646	IOC Sources	IOCs from an uploaded document were not sent to the integration.