Releases Note Archive

December 20, 2023

Build Number: 7626

Improvements

ENH Alerts: The alerts list now displays a visual indicator when information is loading.
Reports: When scheduling reports, text explaining the ramifications of modifying a report schedule is now displayed.
Users: Session timeouts for inactive users have been refined.

Fixes

Customers: An error that occurred when loading the Customers page has been resolved.
Investigate: Previously, saved investigations that contained the word "error" in any filter failed to load. This issue has been reloved.
Investigate: Previously, when downloading an investigation that included aggregates, the .json file containing the aggregates was not always included. This issue has been reolved.

Novenmber 30, 2023

Build Number: 6712

Improvements

Investigate: Preset investigations are now organized into drop-down lists based on type for easier navigation, and saved queries are now presented in their own organized section.
Users: The Audit Logs section has been added to each Edit User page, enabling you to quickly view recent actions performed by a user.

Fixes

Users: An issue that prevented enabling or disabling MFA users has been resolved.

October 27, 2023

Build Number: 6706

Improvements

Support: You can now click the Support button in the upper-right corner of any page in ActiveEye to access contact information for ActiveEye support.
User Log: When collapsed, the drop-down filters on the User Log page now display a count of how many filters are active.

Fixes

Customers: An issue where filters did not properly display selected or cleared status has been resolved.

September 25, 2023

Build Number: 6691

Improvements

Dashboard: In the Automation section of the dashboard, the "Log y-axis" toggle has been renamed the "Compress Data Range" toggle to better describe its function.

August 31, 2023

Build Number: 6683

New Features

Alerts: The functionality of sorting alerts on the Alerts page has been improved.
Dashboard: Dashboard icons that indicate no detected threats have been enhanced to be more informative.

Improvements

Alerts: You can now use the "contains" operator in conjunction with the Policy field.
Alerts: The current sort order of alerts is now visually indicated in the column headings.
Service Connectors: Additional detail has been added to the ActiveEye interface describing how encryption works in the CloudTrail service connector.

Fixes

Alerts: An issue that could affect pagination on the Alerts page has been resolved.

July 28, 2023

Build Number: 6660

New Features

Users: You can now select your username in the upper-right corner of any page in ActiveEye to display the time of your last login.

Improvements

Alerts: Now, when closing an alert for which a case was required, you can view, edit, or add a case number.

June 29, 2023

Build Number: 6647

New Features

Admin: The Communications feature has been added within the Admin menu. The Communications page displays emails with timestamps, and can be useful in determining what information has been sent to specific users.

Fixes

Alerts: An issue where descriptive error messages did not appear when invalidly attempting to close alerts has been resolved.
Alerts: An issue where the Select All checkbox could not be cleared has been resolved.
Communications: An issue where drop-down lists related to filters did not display correctly has been resolved.
Investigate: An issue that prevented saved wildcard seaches from loading properly has been resolved.
Policies: Previously, if you attempted to create a duplicate Policy Action Rule, no error message was displayed. This issue has been resolved.

May 31, 2023

Build Number: 6628

Improvements

Dashboard: The Credible Threats section has been enhanced with color-coding.
Dashboard: The presentation of resolution times in the Threat Management section has been improved.
Investigate: Wildcard queries are now supported in investigations.
Service Connectors: Informative messages related to active background processes are now displayed when creating and modifying service connectors.

April 27, 2023

Build Number: 6613

Improvements

Dashboard: The inclusive terminology "allow list" and "block list" is now used on the dashboard.
Investigate: If a user attempts to invstigate an alert that is already being investigated, a warning message will now appear.

March 30, 2023

Build Number: 6592

Improvements

Service Connectors: The Cortex service connector has been enhanced so that only the relevant part of the URL must be entered in ActiveEye.

February 28, 2023

Build Number: 6573

Improvements

Alerts: The names of summary boxes have been updated to be more user-friendly.
Users: On the Edit User page, you can now enter or edit a user's country.
User Log: User IP addresses are now tracked in the user log.

Fixes

Communications: An issue where the to-date on the Communications page defaulted to end-of-day has been resolved.
Contacts: Previously, you could create an email contact record that did not contain email addresses. This issue has been resolved.

January 25, 2023

Build Number: 6550

Improvements

Alerts: Additional summary information has been added to the Alert Details page.

December 29, 2022

Build Number: 6542

Improvements

Alerts: When filtering the summary boxes displayed on the Alerts page, summary box options are now arranged by category.
Report Delivery: You can now use contact groups to assign report recipients.

Fixes

Service Connectors: Previously, if you entered filtering information on the Service Connectors page, then navigated away, and then returned by clicking the back button, filtering information would be lost. This issue has been resolved.

Novenmber 30, 2022

Build Number: 6529

Improvements

Alerts: The Alert Monthly Trending module has been added.
Communications: Customers in the Customers filter are now listed in alphabetical order, and you can now filter based on enabled customers.
Customer Notebook: Bulletins on the Customer Notebook page are now organized into groups.
Investigate: New predefined investigations for VESTA have been added.
Report Templates: Global report templates have been added.

Fixes

Communications: Previously, message status details included the date in the timestamp, but not the time. This issue has been resolved.
Communications: Filters now persist when navigating between communications subpages.

October 31, 2022

Build Number: 6506

Improvements

Communications: Message status now appears as a column on the Communications page.
Customer Notebook: The customer notebook feature has been enhanced with simplified ticket info and better editing controls.
Report Delivery: You can now add and remove email recipients on the Report Delivery page.

September 27, 2022

Build Number: 6465

New Features

Admin: The Communications option has been added within the Admin menu. The Communications page displays emails with timestamps, and can be useful in determining what information has been sent to specific users.
Investigations: Selectable field summary options have been added to the VA investigation add/edit pages.
Reports: You can now add a list of email recipients for a report to the Report Schedule section of the Edit Report Template page.

Improvements

Admin: Additional security roles have been added.
Alerts: Alerts on the Alert Matrix page are now more visible.
Contacts: Now, if you select the Send Test Emails button on the page for a contact, the action will be logged.
Customer Notebook: Previously, when a customer bulletin expired, it would no longer appear on the Customer Notebook page. Now, expired customer bulletins will appear for 14 days. Rows containing expired customer bulletins are greyed-out for visibility.
Report Templates: New daily, weekly, and monthly scheduling options have been added to the Edit Report Template page.
Service Connectors: Endpoint selection has been added to applicable Azure and MSFT connectors.

Fixes

ActiveEye: A connectivity issue caused by the Safari browser has been resolved.
Alerts: An issue with the rendering of summary boxes when building queries has been resolved.
Communications: Previously, attempting to sort the contents of the Communications page by status caused an error to occur. This issue has been resolved.
Communications: Previously, attempting to filter the contents of the Communications page by date selection did not return the expected results. This issue has been resolved.
Contacts: Previously, if when attempting to delete a contact with attached policy actions, an error would occur. Now, a message appears stating that the attached policies must be deleted before the contact can be deleted.
Dashboard: Previously, users were not notified if they attempted to create reporting modules with duplicate names. This issue has been resolved.
Login: Previously, an AttributeError could occur when attempting to log out. This issue has been resolved.
Service Connectors: Previously, attempting to create or edit a Crowdstrike connector caused a blank screen to appear. This issue has been resolved.

June 30, 2022

Build Number: 6414

New Features

Dashboard: Admins can now pin up to six investigations to the dashboard landing page. Pinned investigations will be visible on the dashboard for all users within an organization.
Investigations: The Source and Destination Countries section has been added to the Investigate page, displaying a visualization of IP and country data related to each investigation.
Investigations: ASTRO investigate queries have been added to the Pre-Defined Queries section of the Investigate page.
Service Connectors: The AWS Cloudtrail service connector has been added.

Improvements

AERSS: To enhance flexibility when handling events coming into the system, a timezone selector has been added for AERSS service connectors.
Contacts: When viewing contact information, you can now copy a contact's list of email recipients to the clipboard by selecting the copy icon in the Email Recipients section.
Queries: The optional parameter "type" has been added to EVENT type lookups. If the "type" parameter is set, it can take one of four values: "string," "integer," "float," or "boolean."

Fixes

Admin: Previously, a contact's phone number and Email Recipients information could not be edited on the Edit Contact page. This issue has been resolved.
Alerts: Previously, on the Alert Details page, selecting Investigate could cause the Corresponding Events table to reload incorrectly. This issue has been resolved.
Alerts: An issue that occurred if two users simultaneously accessed the same alert has been resolved.
Alerts: Previously, extreme numbers of alert activities could cause the Alert Details page to stop responding. This issue has been resolved.
Alerts: Previously, tickets did not display a system when initially attached to an alert. This issue has been resolved.
Dashboard: Previously, on the Dashboard page, the Alerted Service Connectors section listed policy module names. Now, that section displays service connector module names.
Dashboard: An issue that sometimes caused the dashboard to load slowly has been resolved.
Investigations: Previously, when selecting a saved investigation query on the Investigate page, a blank page sometimes appeared instead of the expected information. This issue has been resolved.
Investigations: Previously, when using the Network Flows pre-defined query, events other than flowlog events were displayed. This issue has been resolved.
Investigations: Previously, running a query containing a term with multiple filters did not return the expected results. This issue has been resolved.
Investigations: Previously, clicking the back button while viewing a saved investigation did not access the previously viewed page. This issue has been resolved.
Login: Previously, when a user logged out and then logged back in, the user was not always returned the last page viewed. This issue has been resolved.
Policies: Previously, a formatting issue could cause duplicate benchmarks to appear on the Policies page. This issue has been resolved.
Policies: An issue that could cause a policy to become unexpectedly disabled has been resolved.

March 31, 2022

Build Number: 6351

New Features

Login: Update login pages and switch to Cognito as our identity provider
Connector: Allow for setting the number of SPAN ports for AENS connectors on the connector edit page
Connector: Added GCP Flow Logs module as an option to add connector screen

"Hostlogs" in the dev notes but I am thinking it is Flow Logs, correct?

Improvements

Platform: Added the page title to the browser tab to help with multiple browser tabs experience
Login Page: Set input autofocus on login pages
Login Page: Styled buttons on login pages to indicate that they are clickable
Forgot Password: Updated forgot password page with password rules and feedback for password rules not met
Alert Listing: Improved error handling for failed alert queries

Fixes

Fixed a custom report processing issue
Fixed Safari display issue on the login screen
Fixed Safari display issue with the Motorola Solutions logo
Fixed various Safari page loading issues
Fixed the autogenerated link on the Alert Details page lining from the QuickView for Domains and FQDNs
Fixed “Top Alert” links on the main dashboard page to include the correct filters when clicking to view on the Alerts Listing page

(from Ryan) for the above, maybe "... the main dashboard page so that, when selected, the correct filters are applied to generate the list of alerts that appears"

Jan. 03, 2022

Build Number: 6316

New Features

Reporting: Improve workflow for custom reporting by making it easier to create and delete report modules
Connector: Addition of API key rotation button to the AERSS service connector update form
Reporting: Remove beta flag from custom reporting

Improvements

Dashboard: Include login validations on dashboard user access map

Fixes

Fix pre-canned investigation page Application Authentication

Nov 18, 2021

Build Number: 6307

New Features

Service Connector: Add Elastic Security connector add/edit screens, in beta
Reporting: User created reports based on saved investigations

Fixes

Fixed problem where malware name is sometimes blank in the file threat list
Display favicon on login pages
AWS connector credentials validation updated to Amazon spec
Event table sorting on investigate pages fixed

Sept 23, 2021

Build Number: 5503

New Features

Policies: Partners now can view all policies regardless of having the connectors needed to use the policy

Improvements

AWS Connector: Making configuration scan option
AERSS Connector: Adding ASTRO connection capabilities.
SOC Alert Listing: Compare feature is now availble on the SOC Alerts Listing
SOC Alert Listing: Custom filters now contain 'contains' and 'does not contain.'
Investigations: Predefined investigations can now be bookmarked.

Fixes

Fixed an event based bug that caused the detail page to crash

Aug 27, 2021

Build Number: 5822

Improvements

SOC Playbooks: Split SOC playbooks into separate global and customer pages
Playbooks: Added grouping capability to playbooks
Playbooks: Added collapse and expand to playbook groups
Playbooks: Added reordering capability within a group
Playbooks: Added reordering capability for groups
MFA Reset: Added helper text for clarification
Threat List: Now requiring malware names for files added to the list
IP Listing: Error checking added to prevent invalid IPs/CIDR ranges from being added to list

Fixes

Fix a bug that caused complex queries to fail
Fix a bug that changed date range when hitting 'compare' and navigating away from the screen

July 29, 2021

Build Number: 5503

New Features

Alerts Listing Page (SOC view): Adding an export option for current results
SOC Investigation: Adding additional investigation capabilities for the SOC

Improvements

SOC Investigation: SOC Investigations can now be bookmarked with persistent data
SOC Investigation: SOC key metrics are now viewable and can be downloaded

Fixes

SOC Metrics: Corrected an issue where incorrect values were being calculated for the metric reporting

July 7, 2021

Build Number: 5503

New Features

Admin Feature: Connectors can now be associated with "Sites" for better alert management
Alert Detail and Investigation: Availble connector services now have a quick link to the investigation screen with filters applied
Alerts Listing: The alert listing can now be downloaded as a CSV file
Dashboard (Alerts): Top counts for now link to the Investigation screen with filter applied

Improvements

AERSS Connector: Renamed the Linux Hostlogs connector to Syslog
Alert Listing Page: Downloaded alert listing now includes intent, strategy, and method
Alert Detail Page: The event id and flow id quickviewers now links to the investigate page with filters applied
Alert Detail Page: Quick detail view added for the sites labels
Alert Detail Page: When clinking on an "Alert History" items it will open a new tab
Investigation Screen: Multiple eventIds can now be included in a single search

Fixes

Fixed a display issue with the site delete dialog.
Fixed an issue where alerts would not display if no filters were applied
Fixed an issue some alerts events would not open on Alerts Detail page

April 29, 2021

Build Number: 5296

New Features

Alert Detail Page: Alerts listed within the "Alert History" can now quick link to that specific alert

Improvements

Alert Detail (AENS): On the alerts detail page for AENS connector events an eventId column has been added
Alert Detail (AENS): On the alerts detal page for AENS connector events there is now a quickview on the eventId showing counts for network and protocols with a link

Fixes

Fixed a linking issue from alert details to the investigation screen
Fixed a sorting issue ont eh alerts listing page.
Fixed an issue with sorting for saved searches

March 17, 2021

Build Number: 5156

New Features

SOC Alerts Searching: Adding the advanced query builder to the SOC Alerts Feed

Improvements

Filtering for Alerts: Adding several new filters to the SOC advanced query builder
New Tab Option: Right clicking now allows users the option to open alert in a new tab (Customer Alerts Page)
Windows: Adding Windows Hostlogs service connector (Beta)
AERSS: AERRS connector form no longer requires IP address selection
AENS: AENS Alerts credentials are no longer required to save/enable/disable
Cortex: Changed FQDN help text in Cortex connector to be accurate to the current process
Filtering on "Does Not Contain":Advance query builder now supports “does not contain” operators for eligible fields

Fixes

Fixed the sort order when reloading or returning to the SOC alerts listing page
Fixed count discrepancy for links from the dashboard to the alerts listing when open for more than 7 days
Fixed count discrepancy for alerts from matrix link to alerts listing
Removing built in escaping for “message” field in the advanced query builder
Fixed bug where alert counts did not match from dashboard to alerts listing page when over a week old
Switch to different underlying database library, which should help the intermittent dashboard crashes
Fixed issue enabling/disabling AEVS connectors without reselecting secondary credential
Playbook trends page now shows all playbooks

February 22, 2021

Build Number: 5069

New Features

Save Alert Queries: You can now save, share, and edit Alert queries to run at any time to check on whenever needed.

Improvements

AERSS Confirmation: Adding confirmation dialog when the network_dhcp setting is updated on an AERSS connector
AERSS Connector: Adding DHCP/static IP selector to the AERSS connector page
AERSS Connector: Adding LSN display to the AERSS connector page
IP Validation: Adding IP validation for advanced query searches
Cisco IOS: Adding Cisco IOS service connector

Fixes

Service connector list page now only shows enabled by default
Fixes error with missing features column and API key on new AERSS connectors

February 5, 2021

Build Number: 4958

New Features

Alerts Query Builder: You can now create complex, and simple, queries to finetune your results on the Alerts Listing page. There is still a quick and easy way to add criteria to your filter your results, bit you can now group criteria and control the parameters on how the filters isolate the alert information you need to see.

Improvements

IP Range in Alerts Search: Allow IP ranges to be filtered on in the advanced query builder
AENS Protocols: Adding AENS Protocols connector (Beta)
AENS Connections: Adding AENS Connections connector (Beta)
GCP Flowlogs: Removes credentials dropdown from GCP Flowlogs connector form
Service Advisory Editor: Adding a new service advisory editor and rendering process
AEVS connector: Adding a secondary credential field to the AEVS connector
Linux Hostlogs: Adding linux hostlogs connector screen (Beta)

Fixes

Fixing an issue with customer alert list sorting on event count

January 5, 2021

Build Number: 4810

Improvements

Update Favicon: Update the favicon to a version that looks better in dark mode
Customer List: Adding a 'Managed' and 'Partner' filter to the customer list
AENS Service Connector: Adding AENS Service Connector interface (Beta)
Crowdstrike: Adding API URL field to Crowdstrike connector
Service Connector: Filter/sort parameters will be saved on the service connector list page
AEVS Service Connector: Adding the AEVS Service Connector interface (Beta)

Fixes

Top Alerted Users box on dashboard will now correctly filter out Info-level items
Fixes an issue where beta connectors were not accessible in production
Fixes the gray screen when navigating to any config findings details page

December 3, 2020

Build Number: 4667

Improvements

Updated Branding: Updated branding area with Motorola Solution brand and updated all partner logos
User Filtering: Adding a user enabled/disabled filter to the user list page

November 17, 2020

Build Number: 4610

Improvements

Fortigate Investigations: Add Fortigate to Investigations (Network Overview)

Fixes

Fix bug with the service connector filter functionality on Connector Health page

November 12, 2020

Build Number: 4585

New Features

Toggle Alert Summary Boxes On or Off: If you need to focus on focus on only a few area of alerts we now provide the ability to turn summary boxes on or off. Not only will this hide the box if you turn it off, but it will not load the extra data which will save you a little page load time.

Improvements

Sortable Summary Boxes on Alerts Listing Page: To help you quickly find the data you need the team has deployed toggle your sorts in the Alert Summary Boxes. Clicking the number sort will toggle between ascending and descending on the values, and the name column will alpha sort in a similar fashion.
Improved Pop-up Menus: Update code to better handle closing popup by clicking off item.

Fixes

Fix bug where SOC alerts feed would not load under certain conditions.
Fix bug compare feature was not functioning as expected on customer alerts page.

November 6, 2020

Build Number: 4540

New Features

CSV format on Customer Logins: You can now export login data to CSV format.

Improvements

Policy - Google Security Command Center: Add Google Security Command Center policies.
Skeleton Loader on Customer Alerts Listing Page: There is now a "skeleton loader" on the Alerts Listing page to indicate when the summary boxes are still loading. This will help when searching on large data sets to know when the summary box information has loaded, as they are the last item to process on the page.
GCC SCC and AERSS Short Names: Now using the "Short Names" for Google Cloud Security Command Center (GCP SCC) and ActiveEye Remote Security Sensor (AERSS) when they appear in filter drop-down menus.
GCC SCC: Google Cloud Security Command Center service connector moved out of beta.
Microsoft Intune: Microsoft Intune service connector moved out of beta.

Fixes

- The link from the user details page to user audit logs now works as intended

November 2, 2020

Build Number: 4518

New Features

Multiple Selection on Customer Alerts Listing: You can now add multiple items as filters from a summary box, and from multiple boxes before refreshing the results which will help on page load issues with large data sets. Apply filters from one or more summary boxes and then hit the search button to wee the results.

Improvements

Refresh Button on Customer Alerts Listing: Addition of a "Refresh" button to allow for updating results without having to change filters or reload the page.
IP and Host Summary Boxes on Customer Alerts Listing: Additional summary boxes added for "Source IP", "Destination IP", "Source Host", and "Destination Host."
AERSS: Adding ActiveEye Remote Security Sensor (AERSS) service connector capabilities (Beta).
GCC SCC: Adding Google Cloud Security Command Center service connector capabilities (Beta).
Microsoft Intune: Adding Microsoft Intune service connector capabilities (Beta).
Fortigate: Adding Fortigate service connector capabilities (Beta).

Build 4472 (2020-10-26)

Changes

Adds domain and FQDN little/bigview to Umbrella and certain Office365 events.
Adds a “Customer Logins” stats page to the Partners menu.

Build 4467 (2020-10-22)

Changes

From the SOC Alerts Feed, removing context menu option to search for related alerts by fileName.

Bug Fixes

Could not create new connectors for Office365, Azure, AzureAD, and AzureAD Logins when no credentials existing.
For partner users, the alerts page would not load due to a server error.

Build 4449 (2020-10-21)

Changes

On customer alerts page, add duser summary box to aggregate counts.

Bug Fixes

Google Cloud and GCP Flowlogs service connectors could not have their ‘enabled’ status changed.

Build 4415 (2020-10-16)

Changes

Added ‘Date Joined’ and ‘Last Login’ dates to the Admin->Users list.
Updated SOC Alert list file hash lookups to use new filehash tables for improved speed.

Bug Fixes

The Alert Matrix Page would crash and show the gray screen of death seemingly randomly throughout the day.
The Alert Matrix counts were inconsistent when clicking through to the alert listing page.

Build 4393 (2020-10-13)

Changes

Adds “Reason” form to recommendation playbooks.
Adds AWS Flowlogs service connector UI, currently in Beta state.
Adds GCP Flowlogs service connector UI, currently in Beta state.

Bug Fixes

Correctly lowercases usernames before submitting them to backend.

Build 4379 (2020-10-09)

Bug Fixes

Alert Matrix Page was timing out due to a slow query.

Build 4377 (2020-10-08)

Changes

Alert detail user popup will now use the alert_users table for faster queries.
Customer alert list page, summary boxes now allow for filtering if single value at a time.
Adds the ability to change credential name and logon name without re-entering the password

Bug Fixes

Fixed connector event query to return events for today.

Build 4298 (2020-09-29)

Changes

Add the capability for ticket templates to have multiple policies associated with them. Includes improvements to the backend and UI in this regard.
Add a link to the playbook in the SOC alert details page under the activity log if the log entry is an orchestration action.
Several usability improvements to the Virtual Analyst Jobs list page.

Build 4285 (2020-09-28)

Changes

Customer Alert List page, added a comparison view between the current date range and a previous date of equal size. Overlays time series data in charts, shows difference between aggregate counts, and includes all alerts from the combined date range.
Defangs ticket template fields.

Bug Fixes

Fixed VirusTotal domain detection lookup feature.

Build 4257 (2020-09-23)

Changes

On the customer alerts listing page, added additional summary boxes for src and dst ips and hosts.
Removed deprecated ZScaler service connector and references to it.

Bug Fixes

Fixed activity log entry for whitelisting files with Carbonblack actions.
Fixed an intermittent issue that results in a gray screen upon login.

Build 4238 (2020-09-18)

Bug Fixes

Fix SOC alerts page to properly load link from alert matrix.

Build 4225 (2020-09-16)

Changes

Split off Azure, AzureAD, and Office365 service connector add pages into their own pages.
Wording changed on help text for Microsoft-related service connector add/edit pages.
Added default names and account priorities on Microsoft-related service connector add pages.
Added AzureAD Logins UI to service connector add/edit pages

Bug Fixes

Corrected the mappings for known malware and blacklisted endpoint investigations templates.
Fixed the investigation pages to show the proper timelines when using a time range from the url.
Fixed validation bypass on service connector fields possible using test credentials button.

Build 4161 (2020-09-10)

Changes

Added two new endpoint investigation templates.
On the customer alert listing page, added alert summary fields below the chart.

Bug Fixes

Fixed an issue where Daily Email Summaries with no attached investigations could not be opened.

Build 4138 (2020-09-09)

Changes

Moved Ticket History (now called Cases) and File Threat List to their own pages off the Admin menu, from the Customer Notebook tabs.
Added a table to view the investigations attached to a daily email summary.
Customer Alert Listing page now has a timeseries chart to show the created alerts for the selected date range.
Adds hover tooltip to filter buttons on Investigate pages.

Bug Fixes

SOC Alerts Feed, when navigating to the alert details and back, it’d forget what page you were on and default back to page 1.
Fixed Okta Identity spelling error on service connectors page.
Fixed bug with the alert counts summary query where the lack of disabled policies would cause a mismatch between format strings and query parameters.
Fixed bug where legend colors on the service connectors metrics page would repeat the same shade of brown - now the colors loop from the beginning of the list.
Fixed an issue where changing a policy action resulted in no feedback.
Fixed an issue where have a disabled user account resulted in a grey screen upon loading.
Fixed an issue where ticket templates that were missing parameters would not be shown at all.

Build 4083 (2020-09-01)

Changes

On customer and SOC alert list page, datepicker can now be applied to the created or the closed date.

Build 4074 (2020-08-31)

Changes

Updated GCP credentials to require a logon name when edited or created.

Bug Fixes

Removes unnecessary error messages generated when no comment was entered during an investigation or close action.
Fixed a bug where user info in the corresponding events table of alert details could not be queried.

Build 4055 (2020-08-27)

New Features

Daily Email Summaries are here! Admins can subscribe to emails including alert, event, case information and more.

Bug Fixes

On the SOC Alerts page, sorting by customer after quick-filtering by analyst no longer causes an error.

Build 4045 (2020-08-26)

Changes

Email validation on the add user screen now tells the user when there are invalid characters in the email string.
Arrays in the investigate view will now render with comma separators.
Add alert closed date to customer and SOC alert listing pages. Remove last event date from customer alert listing.

Build 4013 (2020-08-21)

Bug Fixes

Fixed an issue with policy filters not loading.

Build 4005 (2020-08-20)

Changes

Removed deprecated service connectors and filters - Wazuh, UltraDNS, RecursiveDNS.

Build 3998 (2020-08-19)

Changes

Updated investigate application database screen, changed field db table to tables.
After suppressing an alert any comment will be cleared after submitting.
Add Connector Credentials page for CrowdStrike connectors for proper text with the new OAuth2-based CrowdStrike API.

Bug Fixes

On the alerts tab of the dashboard, link for the total closed count was broken and always showed 0 alerts.

Build 3985 (2020-08-18)

Changes

Alerts dashboard resolution times now adjust to the time range set by the dropdown.

Bug Fixes

Empty white boxes in some custom dashboards will no longer display.
Fixed an issue where the investigate filter builder shows up by default on saved investigations.

Build 3964 (2020-08-13)

Changes

Updated the default investigation filter condition.

Bug Fixes

Fixed an issue where the alert connector column mis-directed users to the wrong page.
Fixed an issue where disabling/inactivating a user wasn't updating completely.

Build 3954 (2020-08-11)

Changes

Moved database investigation screen from host category to application.

Build 3947 (2020-08-06)

Changes

Investigation Screen, endpoint alerts overview, replaced column destination IP with data disposition.

Build 3929 (2020-07-20)

New Beta Feature

Daily Email Summary is available for beta customers.

Changes

Added a new connector type filter to the connector health page.

Bug Fixes

URL search parameters were getting dropped after log-in. Fixed so the url and the parameters will be remembered after returning to the portal from the login screen.

Build 3903 (2020-07-07)

Bug Fixes

Microsoft connectors could not be created, submitting caused the page to crash without the connector being created.

Build 3893 (2020-06-29)

Changes

MySQL connector has been added with updates to support api keys.

Build 3867 (2020-06-23)

Changes

Updated investigate pages for administrative screens by adding source state and city summary boxes.
Added investigate page in the host section for database overview.

Bug Fixes

From alert details page, investigate account link loads with correct customer and account filters set.

Build 3846 (2020-06-17)

Changes

On User Edit page, SOC ability to generate a user password reset link is now limited to the "author" role.

Bug Fixes

On User add and edit pages, added missing toast messages to indicate that the operation was successful.

Build 3823 (2020-06-10)

New Features

On User Edit page, SOC can generate a user password reset link. The link can be sent through RT or other means when the customer can't receive automated emails through sendGrid service.
User dropdown in navbar, new option for user account that allows users to reset their password.
On User Add and Edit pages, admins can validate the email address before creating the user.

Changes

Connector metrics will now remember selected connectors between month/date changes.
Password requirements are now more strict: minimum 10 chars, no password reuse (up to last 5), password dictionary of unallowed words, no personal info from username. Only affects new passwords.

Build 3800 (2020-06-01)

Changes

Users will be redirected to the same page in the original link after authenticating, instead of being redirecting to the dashboard.

Bug Fixes

On the investigation screens for host events, the summary boxes counts were incorrectly showing zero.
Fixed the audit logs for global playbooks to use the users origin client id.
On the SOC alerts feed, and customer alerts pages, the datetime picker was incorrectly converting the date for different time zones.

Build 3781 (2020-05-19)

Changes

On investigate screens, moved summary field grids further up the page so they're below the chart and above the events grid.
On the navbar, added a digital clock to the timezone display in order to better understand the change in timezone.

Bug Fixes

On investigate screens, timezone changes were not reflected in the charts' x-axis, the timestamp filter tag, and the filter menu time input fields. They were instead using the local system timezone.
On investigate screens, filtering from a summary grid for the field src_ip.private was incorrectly returning no results when results existed.
Fixed purpose being set correctly on the feature creation form.
Made sure IP resources trim whitespaces.
Made sure alerts can have their states changed even after they are closed.
On investigate screens, fix label on chart to update when the time zone is changed.

Build 3757 (2020-05-15)

New Features

ActiveEye Service Connector now enabled and available for all users.

Changes

Connector metrics will now show zero bars and related information for them.

Build 3748 (2020-05-14)

New Features

Added comparison view to the investigate pages. Provides way to compare the previous range by overlaying it on top of the current range. Aggregations show the difference in counts instead of the total count.

Changes

Investigate page update: Directory Screen initial query update
Investigate page update: New investigate screen for Cloud Infrastructure Overview
Investigate page update: Update investigate screen Cloud Infrastructure -> Access
Investigate page update: Update investigate screen Cloud Infrastructure -> Errors
Investigate page update: Update investigate screen Cloud Infrastructure -> Alerts
Investigate page update: Update investigate screen Cloud Infrastructure -> Administration

Bug Fixes

Search Results Do Not Display - File Threat List. Pagination was not resetting to page 1 after searching.

Build 3726 (2020-05-13)

Changes

Replace Hostlogs branding with Generic Service Connector in the Service Catalog.
Replace Hostlogs branding with Generic Service Connector in the filters.

Build 3712 (2020-05-12)

Bug Fixes

On the credentials list page, the add credential button was not working.
Fixed a bug that lead to connector health not loading properly when the user was not in the right context.

Build 3689 (2020-05-07)

Changes

Credentials can be downloaded in csv format.
Playbooks trends page now supports filtering by service.
Partner playbook details page shows customer name for the playbook.

Build 3682 (2020-05-06)

Changes

When using customer context switching links, your context will only change if needed.

Bug Fixes

Fixed a broken reference that was causing a BSOD on the Microsoft Security account management page.
Fixed a bug that resulted in searches not properly escaping the queries entered. This lead to broken searches on the alert pages.

Build 3670 (2020-05-04)

Changes

When using customer context switching links, your context will only change if needed.
User log's username column has been updated.
The client short name now must be explicitly 4 characters.
Added a new column on the anomalous events that will allow linking directly to the investigation pages for that connector.

Build 3662 (2020-05-01)

Changes

Selecting a different timezone will now be saved for next time you log-on. This includes page refreshes and opening new tabs.

Bug Fixes

Playbook trends not displaying page navigation other than the first page.

Build 3653 (2020-04-28)

New Features

Playbooks Trends page released. Authors can navigate from the overview page.

Changes

Apply and filter playbooks by connector type.
Added audit links to partner playbook.
Allowed white space to be show in the service advisories.
Added service advisories link to super partners side bar menu.
Playbook details page now includes, an edit button, playbook scope field, and created/updated fields.

Bug Fixes

Fixed threat trends broken customer count query.
Fixed a misspelling of the month of April on some date pickers.

Build 3628 (2020-04-27)

Changes

Change the default 'Priority' value to Low when adding a new service connector.

Build 3608 (2020-04-23)

Changes

Fixed an issue where URLs should be made text and not clickable by default.
Fixed an issue where the apply button for date selection didn't work.

Build 3602 (2020-04-22)

Changes

Made tooltip icons less bold.
Updated metrics link for connector alerts to open in a new tab.
Removed the code42 service connector from the catalog.
Updated connectors and user edit pages to have an audit link for viewing audit files.

Bug Fixes

On Alert Summary page, fix date range filter to work with quick links and remove managed from queries.

Build 3584 (2020-04-21)

New Features

Added tooltips to alert features.
Added dry run feature to the playbooks editor.

Changes

Made external metrics link open in a new tab.
Changed the threat trends to use new strategy/intent/method query.
Added quick filters for 1d, 7d, and 90d ranges on SOC and Customer alert list pages.
The SOC alerts feed date range filter now defaults to 7 days instead of 30 days.
Added action filter to playbooks list page.
For playbooks list page, save filters into breadcrumb in order to return to list page with same search results.
For playbooks list page, alt+click allows new, edit, and details page to open in a new tab. Regular clicks opens in same tab.

Bug Fixes

Fixed playbooks trace page from the gray screen of death.

Build 3545 (2020-04-14)

Changes

Added new playbook functions to query the custom IP threat list.
Added new playbook output actions to update the file and IP threat lists.
Restricted global playbook add, edit, and reordering to author role.
For partner playbooks, added navigation for add and edit instead of using hidden urls.
For partner global playbooks, added icon for easy delete of playbooks by authors.
Removed delete from admin customer playbooks so they are view only.
Check all is now cleared after an action is taken.
Carbon Black Cloud service connector help text has been updated.

Build 3526 (2020-04-09)

Changes

Virtual Analyst Investigations, feature lookups now allow for display names which appear on the alert details page as the labels in the feature section.
Virtual Analyst Investigations, list page is now sortable by columns.
Updated ticket templates to support having subject templates and a compose email shortcut.

Bug Fixes

Updated device columns to support having host name lookups via the little view popup.

Build 3501 (2020-04-07)

Changes

Decreased partners playbook overview page load time.
Added a playbook validation and preview panel for the playbook editor.
Added a user context switching link to the service connector alerts.

Bug Fixes

Fixed an issue where the connector metrics page did not show connectors with duplicate names.
Fixed an issue where the alert details did not return correctly for Carbon Black cloud alerts.

Build 3476 (2020-04-02)

Bug Fixes

Allow all credentials to load on the service connector page.

Build 3468 (2020-04-01)

Changes

Navbar dropdown menus now close when you click outside the dropdown.

Bug Fixes

Investigation Directory Pages, label corrections.

Build 3465 (2020-03-31)

Changes

Added a priority column to the connector health page.

Bug Fixes

Investigation pages, csv download, nested fields like src_ip.address were never populated in the csv file.
File threat list, clicking the alert link would go to the partners details page instead of the customers details page.
Fixed the missing Hostlogs connector id on the service connectors page.

Build 3445 (2020-03-26)

New Features

New Investigation Dashboard for Directory Alert Overview.
New Investigation Dashboard for Directory Login Overview.
New Investigation Dashboard for Directory Administrative Changes.

Changes

Updates for Directory Access investigate dashboard: updated query, event details column, and field summary defaults.
Updates for Directory Overview investigate dashboard: updated query, event details column, and field summary defaults.

Bug Fixes

On Investigate dashboards, removing default field summaries will not remove the grid entirely instead of leaving a white box.
Service Connector Event Counts csv download, date columns were sometimes out of order.
File threat list, clicking on the alert id link would open the file threat editor instead of the alert details page.
Ticket Template edits were not updating the last updated date.

Build 3432 (2020-03-24)

Changes

In addition to viewing the file threat list in the customer notebook, users can now edit, delete, and add file hashes.
Users can no longer email feedback and instead are encouraged to create a task.
Updated the help text for AlienVault Anywhere.

Bug Fixes

Fixed an issue with suppression dialog not sizing properly.
On the investigation pages, fixed source and destination IPs that weren't showing up in the events grid.

Build 3409 (2020-03-23)

Bug Fixes

New-style features weren't rendering for ticket templates.

Build 3402 (2020-03-19)

Changes

New investigation screens added to the catalog, under All Services, new screens for Access, Alerts, and Administrative Changes.
Added get-feature method to DSL validation whitelist.
Added a system/host investigation button to the little view.
Added Service Connector statistics to the Service Connector health page and a link from them to the Service Connector metrics page.
Added more descriptive messages to the Big view when VT or Xforce return no results.
Playbooks can now be filtered by policy to help visualize what playbooks will be affected by policy changes.

Bug Fixes

Fixed an issue where converting a playbook from customer to global could encounter a collision in the order index.
Fixed "null" file hash error when some file hashes are missing on certain events.
Fixed a bug with sorting the "status" column on the VA Jobs page.
Make sure customer switch happens on the link from Service Connector health to the metrics page.
Fixed file hash not showing for Carbon Black.
For some alerts, the alert details page would show a Source IP or Destination IP in the events grid but when the quickview is opened, the IP isn't available for investigation or big view.

Build 3356 (2020-03-13)

New Features

Hadron Service Connector has been added to the connector catalog.

Bug Fixes

Fixed an issue where the SOC could not open a detailed alert page if that alert had no events.
Fixed an issue where certain alerts could not be suppressed properly.
Fixed an issue where the SOC list page context menu did not allow assigned filter to be selected.

Build 3343 (2020-03-12)

Changes

Display VA Investigations in table grouped by investigation type.

Build 3337 (2020-03-11)

Changes

On the Admin user edit page, add option to delete a users MFA enrollment. This will trigger them to enroll in MFA on next login.

Bug Fixes

Unable to delete playbooks.

Build 3330 (2020-03-10)

Changes

Updated login page with MFA cutover announcement.

Build 3323 (2020-03-10)

Bug Fixes

Fix SOC playbook pages for creating and editing playbooks.
On the SOC alerts feed page, fix context menu filters not applying the filters.

Build 3315 (2020-03-09)

New Features

New playbook trace page makes the process of validating changes easier.

Changes

Added new defaults to the SOC analyst filter and scoped it to only analysts available within the selected timeframe.

Bug Fixes

Fixed an issue where IP details on VT and URL details failed to load.
Optimized playbook details page to avoid time outs for playbooks with processed alert counts in the 100s of thousands.
The investigation screen Network DNS Overview wasn't showing the Description column in the events grid.

Build 3283 (2020-03-05)

New Features

On the Connector Metrics page, users can now download a csv for all connector daily event counts.
On the Alert Details page, when adding a filehash to the tracking list, an entry will be added to the alert activity logs.

Changes

All investigate screens under the "Directory" category were updated by adding ”Azure Identity Protection” to the default query.
All investigate screens under the "SIEM" category were updated by adding ”MS Cloud App Security” to the default query.
For Investigation pages, improved sizing of summary field grids with lots of text like "Description" and "UserAgent".

Bug Fixes

For demo account only, the customer notebook page was failing to load.
On the Connector Metrics page, some hourly data was appearing on the daily counts chart and is now excluded.
Ticket templates were erroring when trying to preview or retrieve templates for alerts that don't have events like those for Unavailable Connectors.

Build 3270 (2020-03-04)

New Features

Microsoft Security Service Connector has been added to the connector catalog.

Changes

Add support for file response list checking and Carbon Black actions to playbooks.

Build 3256 (2020-03-03)

New Features

Alerts can be filtered by an analyst on the SOC alerts page.

Changes

Alerts can now be opened in a new tab from the SOC alerts feed.
Jobs are now sorted by the newest first.
Jobs can now be searched.

Bug Fixes

Spinner now correctly shows even when on paged lists that are very long.
On the Ticket Template Edit Page, previewing the template again will clear past errors.

Build 3238 (2020-02-28)

Changes

On the Investigate Catalog, Endpoint Alerts Overview page, corrected field mapping for "System" column in grid and Summary Field grid.

Build 3237 (2020-02-27)

New Features

On Investigate catalog, add new Endpoint Alert Overview screen.
On Investigate catalog, add new Endpoint Access Overview screen.
On Investigate catalog, add new Endpoint Administrative Changes screen.

Changes

On the Connector Metrics, daily and cumulative event count charts, provide better drill down with show/hide all and chart synchronicity.
On Investigate Page, Endpoint Overview, update columns and summary fields.

Build 3210 (2020-02-25)

Bug Fixes

On the Service Connectors Catalog, fixed an issue where service connector logos are squished occasionally.
Alert details page, corresponding events, dst ip column, clicking dst ip icon would open investigation screen in new tab instead of opening in quick view.
Investigate Page, cloud infrastructure, network flows, the filter builder fails to successfully load the list of available network names.

Build 3202 (2020-02-24)

New Features

Added a VA Jobs link to the partner's sidebar section.

Changes

Updated credential creation/edit name to allow up to 40 chars and match connector names.

Bug Fixes

Fixed column sizing issues and linking not going to the write customer context on the connector stats page.
Fixed bread crumbs for super partners.
Fixed an issue where creating a client under a partner did not create the client for that partner.
Fixed multiple sorting arrows being shown as active on alert lists by default.
Fixed an issue where pages on some alerts lists where not shown in the pagination widget.
Make the event.message field available to ticket templates.
On the alert details page, filehash quick view, long file names will now wrap to a new line instead of going off the screen.

Build 3186 (2020-02-21)

Changes

For IP Threat List pages, adjust width of comment column by truncating and making full text visible on hover.

Build 3179 (2020-02-20)

New Features

SOC IP Threat List Management. View, add, and delete IP threats for specific customers or globally.
Customer Admin IP Threat List Management. Users can view, add, and delete IP threats for his or her customer account.

Changes

On investigate pages, max results available to page was 250. Increased to 500.

Bug Fixes

On policy details page, toggling a policy on/off would cause a gray screen of death.

Build 3130 (2020-02-17)

Bug Fixes

Fixed an issue around loading virus total information not displaying results.
Fixed a bug with logging the client create audit information to the correct client id.

Build 3132 (2020-02-11)

Changes

On the SOC alerts feed, remove the last event column from the grid.
Removed case opened from default alert search for SOC alerts feed.
VA Investigations can be attached to policies.
The list of attached VA Investigations appears on policy show pages.

Bug Fixes

Fixed an issue where alert close comments where not displaying the close action first in the activities log.
Fixed an issue where filters for audit logs where not being scoped to the correct data.
Fixed a change to the alerts matrix table that caused old alerts to show up as beyond compliant.

Build 3108 (2020-02-06)

Changes

Browser cache busting for easier transition onto new code after deployments. Page reloads are required but the cache no longer needs manual clearing.
Update All Services Event Count Summary Investigate screen.
Update All Services Host Overview Investigate screen.
Update All Services User Overview Investigate screen.

Build 3091 (2020-02-05)

Bug Fixes

The file hash information view at times would have to much padding.
Corrected an issue where the Carbon Black Service Connector was not always saving the admin and write keys.

Build 3086 (2020-02-04)

New Features

Added Carbon Black actions to be taken on file hashes when applicable.
Added a filter on Virus Total results to only show engines that had detections.

Changes

Added new radio descriptions for all threat lists.

Bug Fixes

Fixed an issue with adding src ip addresses to the custom threat list.

Build 3048 (2020-02-03)

Bug Fixes

On Admin Users Edit page, some users couldn't be disabled. Fixed so all users can be disabled.
Fixed the mapping for malware names being added to the file hash threat list to be the correct "threat_name" field.

Build 3044 (2020-01-30)

Changes

On Customer Notebook, file threat list tab, added ability to download filehashes as csv.

Bug Fixes

On Customer Notebook, file threat list tab, downloaded file was missing customer name.
On Customer Notebook, file threat list tab, the total search results count too high. It was wrongly counting past actions on the same filehash.
Fixed a broken query that preventing certain playbooks from being updated/deleted.

Build 3005 (2020-01-28)

Bug Fixes

Global playbooks were not editable.

Build 2991 (2020-01-24)

Bug Fixes

On alert details page, filehash tracking was not saving the malware name to the file threat list.

Build 2985 (2020-01-23)

New Features

VA Investigation features can be authored from within the dashboard

Changes

New SOC only section to navigation sidebar. Left alerts feed, matrix, playbooks, and customer configuration pages in partners and moved all others to SOC partner section.
On alert details page, added radio button to replace free text comment field for filehash tracking.

Bug Fixes

On alert details page, filehash tracking was failing without an error message. Error fixed and the green success message will appear.
On alert details page, alerts with null activity data will not cause the gray screen of death.

Build 2921 (2020-01-17)

Bug Fixes

Fixed an issue where login failed if the customer's system time was slow. The error appears to the user as a gray screen of death or login loop.

Build 2916 (2020-01-16)

Changes

On the alert details page, added a click to copy icon to get the customer version of the alert details URL. This should be shared not the URL from the browser.

Build 2907 (2020-01-15)

New Features

Added a test button to the Carbon Black service connector.

Bug Fixes

Fixed an issue where toast with super long text could hide the button prompts inside them.

Build 2888 (2020-01-14)

Changes

Added admin role requirement to partner pages. Partner users must also have the admin role to access partner pages.

Bug Fixes

Playbooks should now support showing delete action outcome.
When using the navbar customer switcher, fixed logo issue when changing to a customer of a different partner.
Fixed several minor playbook authoring issues.

Build 2837 (2020-01-06)

Bug Fixes

On investigation pages, fixed issue where removing the timerange filter causes the page to crash.
Fixed an issue with sending test emails to invalid emails on the contact page.
Allow orchestration policies to show even if they don't have a policy or config attached to them.
Fixed an issue where service advisories list would not sort.
Fixed an issue with the sorting of connectors in the connectors filter on the customer list page.

Build 2797 (2019-12-20)

Bug Fixes

Fixed the pagination on the file threat list tab in the customer notebook.

Build 2790 (2019-12-19)

New Features

Added filehash tracking to alert details page to keep a record per customer of filehash actions taken.
Added filehash tracking tab to customer notebook.
OTX Pulse and OTX Tabs added to external lookup view (big-view).

Changes

Updated playbooks to support properly escaped double quotes and backslashes.

Bug Fixes

Alert suppression handles double quotes and backslashes in the alert message properly.

Build 2727 (2019-12-13)

New Features

Adding alert features to SOC alert details page.

Changes

Trimmed whitespace for display name, account number, and external id for all Service Connector new and edit forms.
Changed query to use datatype and eventtype fields instead of srcpn for Cloud Infrastructure Alerts investigation page.

Bug Fixes

Fixed validation of client names to not allow dashes.
Fixed service advisories editor to allow proper editing of advisory descriptions.

Build 2572 (2019-12-09)

Changes

Changed queries on Resolution Trends, Virtual Analyst, Analyst Load, and Alerts Summary pages to exclude alerts that were created when customer was not SOC managed.

Build 2554 (2019-12-03)

Changes

Changed pagination icon for next page to single arrows instead of double arrows.

Bug Fixes

Investigate page for cloud infrastructure errors, filtering-in values from the error message summary table caused the page to crash.

Build 2547 (2019-11-27)

Changes

Tasks types for defects can now be created.

Build 2537 (2019-11-25)

Bug Fixes

The playbooks are now editable and creation works again.
Fixed a couple of issues when a new customer is not created despite feedback saying they are, as well as adding validations for creation of customers.
Fixed an issue where customer bulletins were not editable.
Fixed an issue with the validation of tasks when editing and existing task.
Returning to the alerts list page from the alerts details page was not saving the search parameters.

Build 2501 (2019-11-22)

Bug Fixes

On the customer dashboard, the alert trends chart for the past 1 day option was showing incorrect counts.
On the investigation pages, the chart was rendering very slowly.

Build 2491 (2019-11-21)

Changes

On the customer dashboard, the open alerts counts and the pending alerts counts will now auto-update every minute.
On the customer dashboard, the last "x" number of days selector has been adjusted to ignore alerts and events from today.
User enabled/disabled actions now properly audited.

Bug Fixes

Switching to the Investigate Page from the Alert Details Page was resulting in empty downloads when trying to export events in csv or json.

Build 2453 (2019-11-14)

New Features

Editor for SOC to manage service advisories now in place.

Changes

On the alert details page, the corresponding events now has pagination, search (by description), and a first and last event date and time in the title.
Refactoring the playbook editor to match the rest of the application's forms.

Bug Fixes

Allow for "IN" operators to be used in playbooks.

Build 2416 (2019-11-07)

Changes

Custom summary fields to investigate pages. Add and remove summary grids for given fields.

Bug Fixes

Adjust counts for total alerts on dashboard.

Build 2397 (2019-11-04)

Changes

New Customer Dashboard range selector for 30, 21, 14, 7 and 1 day ranges.
Adding carbon black specific file actions to be taken when an alert is properly read by a corresponding playbook.

Bug Fixes

Customer dashboard not showing alert trend data prior to November 2nd.

Build 2361 (2019-10-29)

Changes

Re-styled customer dashboard and enhancements including alert and event totals, SOC monitoring indicator and last 5 security advisories.
Service advisories now look more stylish and have a nice button.

Bug Fixes

Fixed playbook counts not always being correct.
Fixed playbook activity log to log to the correct account every time.

Build 2336 (2019-10-24)

Changes

Improved formatting and precision of the resolution times on the customer dashboard.

Bug Fixes

Issue where task list was not able to be written into is now resolved.

Build 2328 (2019-10-23)

New Features

Service advisories and their details can now be viewed within ActiveEye (Beta).

Changes

Customer dashboard now includes resolution times below alert counts by severity.

Bug Fixes

Saved investigations were not displaying the summary fields for the field aggregations.

Build 2314 (2019-10-18)

Bug Fixes

Investigate -> User Overview has Source Country column that is showing up blank.

Build 2307 (2019-10-17)

Changes

Saving Investigations now includes the dynamic columns being saved along with the filters.

Build 2290 (2019-10-14)

Changes

Investigation Screens, event details tables, when expanded now show JSON and Table tabs. The table tab has options to filter-in and filter-out values and additionally dynamically add or remove columns to the table.
Add "SOC Managed" customer attribute to UI (list, edit, and add pages).

Bug Fixes

Investigation pages show results from previous page after adding/removing filters or changing the page.

Build 2275 (2019-10-09)

Bug Fixes

Investigation pages csv download would fail in some cases.

Build 2272 (2019-10-08)

Changes

Investigation pages now allow json and csv downloads. Open the advanced menu where the save dashboard options are to download.

Build 2266 (2019-10-07)

Changes

Investigation pages now allow for filtering based on whether a field "exist" or "does not exist".

Bug Fixes

Cloud Infrastructure, Errors investigate page will now load again without errors.
Investigation screens with service connector name summary grid now filters-in and filters-out using the +/- icons again without errors.
Fix errors for High Growth Corp demo users.

Build 2258 (2019-10-02)

Changes

Ability to edit existing filters by clicking on the filter pill and modifying the filter menu.
When using filters for investigation screens, you can now add multiple values for a field.

Bug Fixes

On the SOC alerts page, toggling a filter will no longer hide all filter menus while the results load.
Allow non-manager customers to view their own playbooks.

Build 2242 (2019-09-26)

Changes

Provide more descriptive error message when bucket(external) name for a service provider is already claimed.

Bug Fixes

Fixed an issue where certain Virus Total look ups fail.
Fixed issue where opening customer notebook from alert details page was doing the customer switch but the customer name wasn't updating.
Fixed default filters button on SOC alerts feed page.
For the network flow visualization page, updated query to include GCP applications so they appear in dropdown.

Build 2237 (2019-09-25)

Bug Fixes

Loading saved investigations was causing blank screens.

Build 2231 (2019-09-24)

Changes

Investigation screens now allow for filtering out values from the summary grid and the filter builder.
Added count of executions to the playbooks' list.
Added a new chart for manually closed alerts to the threat trends page.

Build 2221 (2019-09-19)

New Features

Added a ticket history to the customer notebook.
Added new investigation screen Host File Activity

Build 2193 (2019-09-18)

Changes

Added manually closed alerts chart to virtual analyst page.

Bug Fixes

Updated playbook related alerts criteria.
Fixed issues where customer switching wasn't working with customer notebook.
Using the customer switcher will no longer clear the filters when switching on the alerts pages.

Build 2181 (2019-09-16)

New Features

Suppression playbooks now have a link in the activity log.

Changes

Ensure that newly added service connectors can be seen by showing all service connectors in the list.

Bug Fixes

Validate that a service connector has a unique name.
Removed global playbooks from the customer playbooks.
From Alert Details page, clicking on customer notebook will customer switch in the current tab and the newly opened tab.

Build 2165 (2019-09-11)

New Features

Allow playbook priority to be changed by drag and drop.

Bug Fixes

Do not display globally disabled policies.
Fixed validations for playbook editor's priority settings.
From the Virtual Analyst page, removed old activity "Orchestration: Closed as false positive".
Suppression messages are now shorter.

Build 2152 (2019-09-09)

Changes

Added Host Authentication to the investigation catalog.
Updated playbooks to support SOC operations.

Bug Fixes

Added missing customers to customer quick switch in navigation bar.
Fixed duplicate config findings as a result of updating a previously suppressed finding.
Fixed a bug where the contact procedures can get out of order.
Removed the virtual analyst from the closed alerts charts.

Build 2133 (2019-09-06)

Bug Fixes

On the alerts details page, the other alerts by user popup was showing zero for all severities. This has been fixed.

Build 2126 (2019-09-05)

New Features

Customer alerts page now allows filtering by datetime ranges.
Playbook details page now shows the related alerts it has run historically on and the details of the last 50 executions

Changes

Partner menu is freshly re-ordered.

Bug Fixes

Fixed "title" being added when no comment is present on a playbook.
Fixed alert details breadcrumbs so filters are saved when returning to the alerts list page.
Fixed playbook related alerts to be scoped by customer all the time.
Fixed encoding on alert details page for users that have the # symbol in the duser field.

Build 2102 (2019-08-29)

New Features

Customer Switcher, partners can now switch customers by clicking on the current customer name in the navigation bar.

Changes

Changed from tabs to dropdown in generic credentials form. Also added direct navigation to proper credential form from service connector form.

Bug Fixes

Cleaned up help language for Crowdstrike Service Connector.

Build 2085 (2019-08-26)

Bug Fixes

Fixed an issue where playbooks are not displaying all the items.

Beta Features

Playbooks editor updated to support validation at creation time.

Build 2071 (2019-08-22)

New Features

Added datetime filtering to the SOC alerts feed page.

Beta Features

Playbook authoring added.

Build 2059 (2019-08-15)

New Features

Added a 50th percentile "time to close" chart for the resolution trends.

Bug Fixes

Fixed an issue where global playbooks can never expire and not show up.
Added a notification to the UI when a user's auth0 ID is not available.

Build 2047 (2019-08-15)

New Features

Added an expand/collapse to the playbooks to hide large global playbooks.

Changes

Fixed an issue where the contact names are not validated correctly.
Fixed an issue where contact procedures have been incorrectly labeled when in read only mode.

Build 2043 (2019-08-14)

New Features

Added ability to share custom investigate queries with customers.

Changes

Added fourth contact to the contact procedures.
Suppressing alerts now creates a local playbook.

Build 2015 (2019-08-08)

New Features

Added branding for new partner.

Build 2007 (2019-08-07)

New Features

Save investigation dashboards with user defined filters.

Bug Fixes

Fixed alert history showing incorrect counts and being generally slow.
Fixed some breadcrumb dead links.

Build 1985 (2019-08-02)

Bug Fixes

On alert details page, viewing events with long messages gets cut off the edge of the screen.
Alert details hangs when viewing alerts for Azure Security Center alerts.
Cumulative service connector event count chart not counting the first day's items.

Build 1976 (2019-07-30)

New Features

Added Filename Filter List resource group type.
Added a cumulative events chart to the connector metrics page.

Changes

Update cloud infrastructure alert dashboard to support both 'GuardDuty' and 'Azure Security Center'

Bug Fixes

Some policies would not disable when toggled off (ie Logon Violates Country Blacklist (AEC) - Office365).
Top Alerted users on the dashboard is now accurately counting number of alerts and not events.
Fixed an issue with the configuration findings not always showing the correct findings.

Build 1954 (2019-07-24)

New Features

Display application timezone in navbar with ability to temporarily switch timezones.

Bug Fixes

Change srcpn from Okta to IdentityCloud for investigation Directory pages.
Fix date and time displays to match user set time.

Build 1934 (2019-07-23)

New Features

Added Port List resource group type.

Changes

Reformatted the big view for IP addresses to include more relevant information.

Build 1918 (2019-07-18)

New Features

Searching is now available on Service Connectors.
Filtering by service type is now available on Service Connectors.

Changes

Service health information is now available on Service Connectors.
Removed disabled connectors from customers listed Service Connectors.

Build 1898 (2019-07-12)

Changes

Updated Cloud Infrastructure Network investigation dashboard to include GCP.

Build 1894 (2019-07-11)

New Features

Added a tooltip to see the suppressed history for configuration findings.

Changes

Added styling to connector health indicators on matrix page.

Build 1888 (2019-07-10)

Bug Fixes

Alert history table goes off the end of the page.

Build 1882 (2019-07-09)

Changes

Service connector filters now searchable.
VPC name to id added in dropdown.

Build 1856 (2019-06-26)

New Features

Added partner user logs.

Bug Fixes

Fix All Users Investigate dashboard.

Build 1840 (2019-06-25)

New Features

Add managed column for the service health connectors list table.
Connector metrics now enabled for everyone.

Changes

Add extensions for contact phone numbers and a mobile phone number contact type.

Build 1827 (2019-06-18)

New Features

Add filters for the service connectors list page.
Add filters for the service connectors health list page.

Changes

On investigate dashboards, change data point intervals from 10 minutes to 1 day for ranges 7 days or greater.

Bug Fixes

On all investigate dashboards, change chart timezone to local time instead of UTC.
Add subscription field for editing Microsoft service connectors.

Build 1803 (2019-06-13)

Bug Fixes

Fix for creating new users and improved error messaging for duplicate user names.

Build 1794 (2019-06-12)

Changes

Increase size of Error Message summary box on Cloud Infrastructure Errors screen for easier reading.
On Investigation screen, summarize Network Flow Logs summary box values by bytes field instead of events count.
On Investigation screen, display VPC name along with VPC ID.
On the dashboard user access tab, darken and invert the color scale so countries with fewer logins stand out.

Build 1767 (2019-06-10)

Changes

Add contact escalation procedure to the customer notebook.
Generalize endpoint investigate dashboard query.
Add srcpn summary grid to Cloud Infrastructure investigation dashboards.
Add srcApp summary grid to Directory Access investigation dashboard.

Bug Fixes

GCP connector help screen updates.
Fix formatting for task detail viewing.
Exporting config findings was resulting in an error.

Build 1752 (2019-06-09)

Bug Fixes

Fix report pdf download issue.

Build 1718 (2019-06-05)

Bug Fixes

Fixing task list page counts and loading issue.

Build 1696 (2019-06-03)

Bug Fixes

Allow names to be non-unique for contacts.
Enforce validation rules for Microsoft and Google Service Connector forms.

Build 1679 (2019-05-29)

New Features

Expand all/collapse JSON event in alert details.
Added CIS Azure v1.0.0 benchmarks support.

Bug Fixes

Fixed policy breadcrumb.
Fixed Google cloud icon missing from some filters.
Fixed issue where data for contact procedure pages does not load.
Fixed an issue with Escalation Procedures not loading the correct data.

Build 1656 (2019-05-28)

New Features

Contacts include SMS and Phone number types.
Customer escalation page for tracking customer contacts.

Changes

"Policy Actions" has been renamed to "Contacts".

Build 1608 (2019-05-21)

New Features

Host Log Collector added to Service Connector catalog.

Bug Fixes

Fixed task progress updates for customer page.
Fixed config findings filters to carry through to the details page.

Build 1595 (2019-05-20)

Changes

Added background tab to the customer notebook

Bug Fixes

On Config Findings dashboard, remove suppressed config findings from being displayed.
Updated the path to the favicons on the base HTML templates.
Fixed an issue where bulletins could not be created.

Build 1569 (2019-05-16)

Bug Fixes

Fixed Investigate Application Authentication blank screen.
For the Investigate SIEM Recon dashboard, index external_policy_details field so the data will start appearing.

Build 1564 (2019-05-15)

New Features

Carbon Black Response added to Service Connector catalog.
Recon dashboard added to investigate catalog.
Added filters to the task list.

Changes

Added customer notebook name.

Bug Fixes

On alerts details, fix blank screen for certain alerts without file hash.
On Investigate Directory Access Dashboard, change default query to use subcategory instead of category.
On AEC Dashboard, change clicking on the user login maps to bring you to all users overview investigate dashboard.
Fixed an issue where the customer notebook was not accessible from an alert's details page.

Build 1545 (2019-05-13)

Changes

Added progress changing drop down for customer task list.
Added SIEM overview dashboard to the investigate catalog.
Make future dated bulletins grayed out.

Bug Fixes

Fixed issue with dates on bulletins not being updated correctly according to a time zone.
Fixed column widths on bulletins.
Making success toasts the correct color app wide.
From dashboard User Access tab, clicking country from world map correctly sets subcategory filter for investigate dashboard.

Build 1529 (2019-05-09)

New Features

Revamped customer notebook to have bulletins.
Customer task list added.
New Dashboard view added.

Changes

Faster related alerts search for users on alert details page.
Added support for filehash column in alert event details page for the big data view.

Bug Fixes

For default sorting on alerts pages - made priority the default sort.

Build 1498 (2019-05-06)

Changes

Filter entity_risk list to only include managed customers.
Updated font stack to support OS specific fonts.
Added progress and start + end dates to task list.
Added new summary grids to the cloud infrastructure investigate pages.

Bug Fixes

Fixed Ultra DNS validation on enable or disable.
Updated user information to only be called on demand.
Fixed SOC list breadcrumb.
Fixed SOC user URL repeated requests.

Build 1475 (2019-05-01)

Bug Fixes

Fixed threat trends white space issue.
Fixed Microsoft credential validation rule for the secret key.

Build 1456 (2019-04-29)

Bug Fixes

Fixed breadcrumb for customer pages.

Build 1440 (2019-04-26)

New Features

Added big view for IP details.
Added Virtual Analyst reason/recommendations on alert details page and alert list/SOC feed pages.

Changes

Updated field list for IP quickview.

Build 1413 (2019-04-25)

Changes

Improved help text for service connector and credential edit and create forms (Carbon Black, Sophos, GSuite).

Bug Fixes

Removed some excessive grid white spaces.

Build 1371 (2019-04-21)

New Features

Added quick filters to the soc alerts list.

Changes

For investigate pages, clicking and dragging on the charts now allows you to select a new date range.
Added implicit assignments to alerts closed without being assigned.

Build 1336 (2019-04-17)

New Features

On investigation pages shorten long filter names by abbreviating the value.
On investigation pages add additional time range options for 1, 6, and 12 hours.
On investigation pages all dashboards now default to automatically loading 1h of data.

Bug Fixes

User log page loading again.
Updating labels on the threat trends page to be more informative.
Fixing close alerts not loading response categories.
Sort Investigation Dashboards by most recent at top.
Investigate Cloud Infrastructure Network flow dashboard blank screen.

Build 1304 (2019-04-12)

New Features

New investigation catalog with improved dashboard design and performance.

Bug Fixes

Expand rows to show event details on All Users Dashboard.
Show hostnames on Endpoint Overview Host Summary grid.

Build 1274 (2019-04-10)

Bug Fixes

Fix for country whitelist/blacklist resource group appearing.
Fix to add ellipsis to threat trends labels.

Build 1266 (2019-04-09)

New Features

Updating threat trends to include top 20 and external policies.
Updating service connectors to include crowdstrike in beta mode.

Bug Fixes

Updating default link to include low alerts.
Updating styles to fix grid and action button overlaps.

Build 1223 (2019-04-04)

New Features

Added "service disruption" to the close alerts menu.
Made alert priorities the default sort value on the alerts list pages.

Build 1163 (2019-03-28)

Bug Fixes

Fixed some mapping for destination ip's on alert details.

Build 1104 (2019-03-21)

Changes

Close Alert actions have been reordered, and triage action has been removed.
Increasing default pagination size to 100 for Customer list page.

Build 1084 (2019-03-18)

New Features

Adding new close workflow for alerts.

Build 1013 (2019-02-28)

New Features

Adding Charts to Top Threats Partners page to help visualize the top 5 alerts and the customers that are impacted.
Adding customer's name to their notebook.

Bug Fixes

Fix url link for AlienVault Anywhere Alerts on the alert details corresponding events table.
Update the Alerts Matrix Pending section to exclude alerts that are in a closed state.
Fix intermittent issue on config findings details page where custom headers would not appear.
Fix for customer notebook context switching.
Ensure default customer notebook text is correct.

Build 997 (2019-02-25)

New Features

Customer Notebook.
Wazuh and Box service connectors.

Changes

Shorten links in the alerts events table.
Add charting to analyst load page.
Make message field in corresponding events expandable if proper json.
Added method information to AlienVault Alerts.

Build 960 (2019-02-15)

New Features

New Partner page Threats Trends.
New Partner page Analyst Work Load.

Build 953 (2019-02-13)

Bug Fixes

Alerts Matrix counts for New, Triage, and Investigating grids now exclude alerts set to pending customer.

Build 939 (2019-02-12)

Bug Fixes

Alerts Matrix counts for Pending grid were incorrect.

New Features

Ability to add users/ip addresses to custom watch/threat lists from alert details.

Build 919 (2019-02-11)

Changes

Alerts Matrix links now filter by time range so result count on alerts list page matches.

Bug Fixes

Alerts Matrix counts for Pending grid were incorrect.
Fixed missing icons.

New Features

Filter for similar alerts.

Build 919 (2019-02-08)

Bug Fixes

Corrected alerts matrix counts.

New Features

Provide external link to VirusTotal/X-Force sources from alert activity log.
Add account priority column to service connector list page.
Click counts on alerts matrix page to see the alerts. Note the alerts will be sorted by time but not filtered so you'll have to check the alert time for the appropriate alerts for the link.

Build 911 (2019-02-07)

Bug Fixes

Blank alert details on firefox and edge fixed.
Add triage to default filters for SOC alerts feed.
Filtering out unmanaged customers from matrix.
Fix sorting alerts by alert time and assigned to columns.

New Features

The Matrix SLA Overview Page. New partners page for monitoring alert SLA status.
Timezone for alert grid shows local time.
Alert list columns updated.
Urgency score added to alert list.
RT case number is linked in the alert details.

Build 895 (2019-02-06)

Changes

Update alert status from open to new
Ability to assign alerts to other people within your company.

Bug Fixes

Updated ultra dns credentials.
Added Ultra DNS card to service connectors.
Added icons for some filters.

New Features

Ability to configure account priority for service connectors.
Alert urgency is now calculated based off of combination of priority and severity.
Add license indicator to clients' details.
Copy button for zscaler and USM Appliance service connectors.
SOC filter for services.
Filter non-managed customers from SOC alerts feed.
Ability to place alerts into a Triage status.
Ability to assign an alert as pending customer action.
Ability to filter by alerts pending customer action.
On Alert Details page show pending customer status

Build 849 (2019-01-28)

Bug Fixes

Issue with changing customer accounts.
Viewing or downloading reports results in a blank page.
Exporting config findings results in a blank screen.
Investigate screens - 90, 30, 15, 7 links on dashboards now functioning as expected.

New Features

Remove quotes from values when copying to the clipboard.

Build 835 (2019-01-28)

Changes

Renamed Cloud Accounts to Service Connectors.
Updated connector data validation logic/messages.
Refactor for mobile.

Bug Fixes

Clicking checkbox for enabling new customer or existing customer would cause error on page.
Microsoft, create new connector failing when form submitted.
Reenable send test email action.
Fixed rules that had attached policies that were not correctly displaying enabled state.

New Features

Connectors catalog page with new workflow for adding new connectors.
New Connectors
- Alien Vault USM Anywhere
- Alien Vault USM Appliance
- Sophos Cloud Endpoint
- Carbon Black Predictive Security Cloud (PSC)
- Zscaler Cloud
Changed investigate pages to show data for past 24 hours instead of past 7 days.
Documentation added for Connectors
- Alien Vault USM Anywhere
- Alien Vault USM Appliance
- Sophos Cloud Endpoint
- Carbon Black Predictive Security Cloud (PSC)
- Zscaler Cloud

Build 787 (2019-01-14)

Changes

Cloud accounts that are disabled were removed from the sidebar and dashboard filters.
Policy actions now have attached rules and policies shown in their edit dialog.

New Features

New account support for AlienVault USM Anywhere, AlienVault USM Appliance and Google Cloud (GCP).

Build 775 (2019-01-09)

Changes

Removed concept of enabling/disabling for resource groups.
Removed user risk summary tab from the Investigate All page.
Removed disabled cloud accounts from navigation bar and dashboard filters.

Bug Fixes

Investigate button is now enabled when there is a destination IP Address on the Alert Details page.
Alert Details page showing up blank for customers who are not partners.

New Features

Documentation page added