Threat Command

Improved

• Confidential Documents | Improve Analysis Accuracy: The Confidential Documents default Alert Profiler detection algorithm has been split into two rules - one detects DLP assets (enabled by default) and the other detects general DLP in document headers and footers (disabled by default). As a result, customers will see fewer FP Confidential Documents alerts.

Fixed

TIP

New

• Integrations | Office 365 Integration Renewed: The Microsoft Office 365 integration is fully operational again. Users can see new configuration instructions in the online User Guide.

Improved

• New Splunk App Version 2.4.0 includes the following improvements:

  • Added a Macros Configuration page in UI to update macros.

  • Added an “IOC Status” filter in IOCs input configuration page to collect IOC data according to selected IOC status.

  • Added an IOC search filter and First Match Time column in the Correlation Details dashboard.

  • Updated the IOCs retirement logic to consider IOCLastSeen field for retirement.

  • Removed the “Verify SSL Certificate” checkbox from the configuration page.

  • Updated the retirement policy of IOCs for IOC type IP, Email, and Hash.

  • Added a default value for the index field while creating the input.

  • Made the Start date and Report date noneditable while editing input.

  • Enhanced the log messages.

    Users can manage IOCs more efficiently through Splunk, while decreasing the FP rate.

Fixed