What's so special about 3.0.0?
With Seculyze 3.0.0, we introduce a revamped ML model and a refreshed Incident and Tuning workflow. The key update is moving from a rule-based approach to an alert classification system, providing faster incident resolution, improved security, and reduced operational costs.
Our ML algorithms now analyze and classify individual alerts based on an extensive array of parameters and historical data, specific to each user's unique environment. This significantly reduce the need for manual tuning management whilst providing detailed insights on each alert. Users can now quickly close false positives directly in Seculyze and even opt to auto-close incidents classified as false positives for certain alert types, greatly improving efficiency and reducing the mean time to handle each incident. We've observed significant improvements in efficiency during our testing, all the while beating human analyst's performance measured by efficiency, accuracy and recall rate.
But there's more... Our enhanced Threat Intelligence ML now analyze each individual alert rather than just each incident. This ensures users even deeper accuracy and a better understanding of your environment and systems, providing more comprehensive protection and insight.
Release Highlights
π§ Advanced Machine Learning: Our new ML model classifies alerts with accuracy and minimal recall rate that in our testing has outperformed humans by leveraging extensive historical user-data and a multitude of parameters.
π« Autoclose False Positives: Users can enable Seculyze to automatically close incidents identified as false positives for certain Alert Types, streamlining the workflow and reducing manual intervention.
π‘οΈ Enhanced Threat Intelligence: Significant improvements in threat intelligence capabilities across our MLs and data sources provides deeper insights and better protection against potential threats.
ποΈ Added Functionality:
Tuning Overview Page: Replaces Tuning Rules and Active Tuning Rules pages, adjusted according to feature specifications to enhance user experience and value.
Autoclosed Incidents Page: Newly introduced to improve incident management.
Backend Alert Classification: Added capability to classify individual alerts, enhancing threat intelligence accuracy.
Attention/Action Column: New column in Incident View for quick actions and highlighting important information.
Auto-Close Incidents: Functionality to auto-close incidents identified as false positives for specific alert types.
Machine Learning Algorithms: Implemented for improved alert classification based on historical user data and various parameters.
Dismiss Attention: Users can now dismiss the attention to make the system ignore the analysis results, excluding it from automation, filtrering and sorting.
π Improved Features:
Search functionality enhanced to include searching through the Source Product column.
Several columns renamed: 'Name' to 'Alert Type', 'Amount of False Positives Found' to 'Total False Positives Found', 'Frequency last 30 days' to 'Last 30 Days', 'Analysis False Positive Rate' to 'False Positive Rate', and 'Amount of Entities' to 'Total Unique Entities'.
Column adjustments made: 'False Positive Rate' moved to the right of 'Total False Positives Found', 'Reset Filter' and 'Manual False Positive Rate' columns removed, and column data formatting/text adjusted with all text in "faded main" and numbers in the "main" color.
Data presentation improved in the Incidents/Alerts table
Confirmation/option popup added to the 'Turn on Autoclose' button.
Tuning Impact layout adjusted with correct colors, size, spacing and alignments.
Renamed Date Range selection option 'Last Month" -> 'Last 30 Days'
Default Date range changed from 'Last 7 Days' -> "Last 30 Days"
'Top Tuning Recommendations' component in the dashboard is replaced by the 'Tuning Impact' statistics component.
Attention chips colors, text and sizing adjsuted.
Attention chips on-hover text is now more precise.
Table control alignment reverted, moving the controls below the table header once again.
Box-shadow removed from the table component.
Navigation added to the Autoclosed section in the sidebar.
π οΈ Bug Fixes:
'Status' column renamed to 'Incident Status', correcting data display and filtering issues.
Navigation fixed to ensure the window scrolls to the top when pressing'Incidents' in the sidebar.
Severity Component above the table fixed to ensure correct data display and functionality.
'Dismiss Analysis' functionality ensured to work as intended.
Analysis Component above ATT/ACT fixed to display real data, close as intended, and the overview linked to the "Tuning Overview" page.
Refresh data functionality fixed to ensure it does not reset filters or sorters.
Attention search, filter, and sort functionality ensured to be fully operational.
'New Top Incident' component fixed to work correctly with prioritized grouping and sorting.
Errors fixed to ensure incidents close correctly from the popup.
Incident View functionality ensured to align with design intentions for a positive user experience.
Multiple spacing issues fixed for visual consistency.
Color consistency ensured by using the main color instead of black.
Fixed an issue where the table would sometimes overlay the table headers.
Incident and Autoclosed icons updated to the specified links.
Sidebar icons updated to use 'menu' for 'Incidents' and 'playlist-check' for 'Autoclosed Incidents'.
Table header icon for 'Autoclosed with Seculyze' updated to use 'check'.
Row height consistency ensured, making all rows two chips high and horizontally center-aligned.
Column adjustments made to decrease the default column width of 'Incident', increase 'Incident Status', and decrease and lock the divider column width.
π Known Issues:
We're aware that with any new major update comes kinks, wrinkles and bugs. We're keeping an eye out for any issues that may arise.
We ship this 3.0.0 with the intention of making the user experience even better already in the next couple of patches. Ecp
Closing Incidents: While we've already rolled out a bugfix, we're aware of a potential bug that causes Sentinel to re-open incidents that were closed in Seculyze.
Your insights and feedback have been a major part of what has led to 3.0.0. Our users fuel every new release. So get in touch and share your ideas or let us know what you think!