Aug 01, 2023
This release includes improved analysis accuracy of Confidential Documents alerts, a new version (2.4.0) of the IntSights Splunk App, and the renewed Office 365 Integration.
Threat Command
Improved
- Confidential Documents | Improve Analysis Accuracy: The Confidential Documents default Alert Profiler detection algorithm has been split into two rules - one detects DLP assets (enabled by default) and the other detects general DLP in document headers and footers (disabled by default). As a result, customers will see fewer FP Confidential Documents alerts.
Fixed
| ID | Case | Area | Description | |
|---|---|---|---|---|
| CS-2418 | 04604282 | Leaked Credentials | Passwords appear as ‘NULL’. | |
| CS-2505 | 04741047 | Leaked Credentials | The number of exposed records in the alert title and in the attached spreadsheet is inconsistent. | |
| BS-3822 | 04739207 | Alerts Page | Preselected assets are hidden in the Assets filter. | |
| CS-2510 | 04498790 | AD | Active Directory policies do not function correctly. | |
| IST-800 | 04730391 | Remediation email updates | Some email remediation updates are not being sent to customers. |
TIP
New
- Integrations | Office 365 Integration Renewed: The Microsoft Office 365 integration is fully operational again. Users can see new configuration instructions in the online User Guide.
Improved
- New Splunk App Version 2.4.0 includes the following improvements:
- Added a Macros Configuration page in UI to update macros.
- Added an “IOC Status” filter in IOCs input configuration page to collect IOC data according to selected IOC status.
- Added an IOC search filter and First Match Time column in the Correlation Details dashboard.
- Updated the IOCs retirement logic to consider IOCLastSeen field for retirement.
- Removed the “Verify SSL Certificate” checkbox from the configuration page.
- Updated the retirement policy of IOCs for IOC type IP, Email, and Hash.
- Added a default value for the index field while creating the input.
- Made the Start date and Report date noneditable while editing input.
- Enhanced the log messages.
Users can manage IOCs more efficiently through Splunk, while decreasing the FP rate.
Fixed
| ID | Case | Area | Description | |
|---|---|---|---|---|
| TIP-7099 | 04681646 | IOC Sources | IOCs from an uploaded document were not sent to the integration. |