Release Highlights
🔍 New Incident View — A redesigned interface for more intuitive and efficient incident investigation
🔗 Enhanced Enrichment — Added better support for IPs, URLs and hash-based threat intelligence
📈 Enhanced Log Source Data Accuracy — Delivering more reliable log source statistics and cost calculations
Changes
🏗️ Added Functionality
Introduced a new Incident View for improved investigation workflows
Enhanced Enrichment - Added further support with safety measures for IP-based threat intelligence enrichment.
Incorporated URL and File Hash-based threat intelligence to the overall enrichment for a comprehensive threat analysis.
Extended the threat intelligence context to IP, URL and File Hash scores separately, with threat analysis scores and labels for each entity of the aforementioned IOC types.
Integrated a wide variety of trusted threat analysis providers to the enrichment workflows, specifically:
AlienVault OTX (previously used for IPs, now used for URLs and Hashes)
URL providers: URLHaus, PhishTank
Hash providers: MalwareBazaar, Circl
📊 Improved Features
Refined statistics calculations for more accurate cost insights
Refined filtering logic for Data Collection Rules (DCR) to improve accuracy and performance
Adjusted data types for daily and hourly statistics to improve consistency
Improved UI alignment and layout consistency across views
🛠️ Bug Fixes
Fixed multi-stage incidents to correctly display incidents with multiple alerts.
Fixed incorrect initial budget calculations
Corrected daily statistics collection errors
Resolved issues with hourly statistics subtables
Resolved UI bug affecting future incident display
Fixed alignment issues across multiple UI components