New Features

  • Case Queue Advanced Filters (ID #7738, #6147, #2434) 
    Analysts working with Cases can now use a sophisticated filtering system including And/Or, and Is/Is Not Operators to display Cases that they want to work on. New filtering options include Alert Name, Product and Time frame.

    A new sorting option allows you to sort the cases according to different criteria.
    A Search bar has also been added to help you quickly find the Cases you are looking for.

    In addition, you can now save these filters for a future occasion and also edit or delete them as required. For more information, please refer to What's on the Case Queue Header
  • Import Export for Visual Families/Ontology in Ontology Settings
    You can now both import and export Visual Families and Ontology (mapping and modeling) items. This provides customers with extra flexibility in sharing between various instances such as staging to production.  
  • Import Export Single Item in IDE (ID #8476) 
    You can now both import and export single or multiple items instead of an entire package in the IDE.  
  • Basic/Advanced Connector Parameters 
    The Connector parameters screen is now divided into Basic (mandatory) parameters and Advanced (optional) parameters. This provides customers with an easier interface with which to work.
  • View cases assigned to individuals by SOC Role (ID #8829) 
    You can now filter cases by SOC role and see cases that are assigned to any individual with that SOC Role as well as cases assigned to the SOC role as a whole.
  • Option to move Alerts to different Cases (ID #5300)
    You can now move an alert to both a new case or an existing case within the same environment. This is useful when you decide to override automated grouping factors and build your own cases. 
  • Merge Cases new functionality (ID #8842, #8532)
    The analyst can now merge cases within the same environment from the Case Queue in the Cases screen. You have the option to select several cases and to choose which case will be the container for the other cases to merge into.
    This functionality is also available from the Search screen. Note that the Maximum Alert Grouping setting applies for merged cases. For more information, What's on the Case Queue Header?
  • Close Alert within an Open Case
    Individual alerts can now be closed within a case (as opposed to being moved to a new closed case). This provides at a glance useful information when looking at a case and seeing which alerts were closed in it and for what reason. For more information, see Alert Options Menu in the Case Screen.
  • Move Cases between Environments
    New Settings options now allow you to move cases in between Environments. This is a useful feature for Enterprise companies that need to share the load between analysts. For more information, see What's on the Cases Screen?
  • Rerun Playbook Manually
    When analyzing a case from the Cases screen, you can now opt to rerun a Playbook up to 9 times. This is useful if circumstances have changed since the Case opened and you want to see new results. Or if the Playbook hadn't finished running and you make some adjustments and then you can rerun it to the end. For more information, see Rerun Playbooks.
  • Up to 9 Playbooks can now be manually attached
    You can now manually attach up to 9 Playbooks to each Alert in a Case.  
  • First name and Last Name displayed uniformly
    The user name will no longer be displayed on the Platform interface. Instead, the user's first and last name will be displayed. 
  • Command Center Redesign
    The login page and the Command Center background have been updated with a brand new snazzy design.
  • Uncheck "Append to all Users and API Keys" by default
    When adding a new environment, all current platform users and API keys will no longer be added by default.

  • Display JSON in JSON format
    Data will be displayed in JSON format in the JSON viewer. In cases where this isn't possible (for example, due to incorrect JSON structure) it will be displayed as string format.