Release 4.3

October 29, 2024

What's New?

Improved UI for Incident Details Page

With this release, we have enhanced the Incident Details page with a more interactive, user-friendly, and efficient user interface.

Benefits

These updates ensure that users of all skill levels can effectively utilize the page, leading to a more inclusive and accessible platform.
The updates aim to streamline reviewing incidents, allowing users to find and comprehend the necessary information more quickly and easily.

Key Points

A streamlined Summary section that offers a more precise categorization, making it easier to view essential information like the Incident ID and current status at a glance
A transition from using Tiles to using Cards, offering a more informative overview with details like Total Events, Associated Users, Associated Processes, and Associated Assets.
These cards are interactive. You can instantly navigate to the corresponding section by clicking on a card.
An enriched Basic Details area now provides comprehensive information about the reporter, reviewers, the current status, and key time stamps for when the incident was created, updated, and reviewed.
The Actions section has been optimized for swift report generation and review initiation.

view incident details page.

New Feature: Export Profile

With this release, we have introduced a new feature to export profiles for enhanced convenience and organization. Now, you can view all profile rules consolidated in a single file, making understanding and managing the entire rule set at once more straightforward. With this update, you can export profiles based on your specific interests, streamlining your workflow and customization process.

You can select multiple profiles and from the Actions menu, choose Export Profile.

Export profile.

New Token for Incident Tab

Token Description Example

Token	Description	Example
reviewedBy. user.name	Use the token to get details of all the incidents based on the reviewer's user name who actually reviewed the incident.	`reviewedBy. user.name: John Doe`

reviewedBy.
user.name

Use the token to get details of all the incidents based on the reviewer's user name who actually reviewed the incident.

reviewedBy. user.name: John Doe

Enhanced Display of FIM Rules for Improved Usability

With this release, we have enhanced how File Integrity Monitoring (FIM) rules are displayed on Event Details page. Previously, only rule names were displayed on Event Details page. It was not clear to users which event triggered a specific rule and what was being monitored. Now, the details of the rule are displayed directly on the user interface. You can click the Rule to see the details.

This enhancement makes it much easier for users to understand the context and specifics of FIM alerts, leading to more efficient monitoring and troubleshooting processes.
To view the details, navigate to the Events tab, select the event, and click View Details from the Quick Actions menu. On the Event Details page, click Rule name. Rule Details are displayed in the right pane.

View Rule details.

Enhancement in Incident Reports

With this release, users can now view additional details regarding Reviews, including the reviewer's identity and the review date. This enhancement is particularly beneficial for auditing purposes.

View Incident Report.

Update in FIM Rule Name Field

With this release, we have enhanced our FIM Rule Name field. You can now use the following special characters in the Name when creating a FIM Rule.

The allowed special characters are: . (Dot), - (Dash), %(Percent), _ (Underscore), # (Hash), & (And), ~(Tilde), [ ](Square Brackets), + (Plus), (Space) and various combinations of these all.

Benefits

By using special characters, you have the flexibility to include more detailed, descriptive, or specific names that accurately reflect the purpose or content of the rule or data entry. This can be particularly beneficial in complex systems where very small distinctions are important.

Enhancement in Editing an Incident

With this release, you can now edit an incident until it reaches a closed state. This means you can easily make adjustments during the editing process if there is a mistake in the reviewer's name or if you need to add additional reviewers. This update aims to improve accuracy in the incident management process.

Editing an incident.

You can modify the current reviewer and include additional reviewers, but you can not change the name of the Incident and any other fields.

Enhancement in Review an Incident

We have enhanced the Review process aimed at improving usability and efficiency. When reviewing an incident, the Incident Details page now provides a more structured and informative view. Users can now filter incidents based on their nature: Host Based, Scan Based, and Container Based. This allows for a more targeted review process. After analyzing the incident details, reviewers can easily share their insights. The process for sharing review elements such as Disposition, Type of Change, Approval Status, and Comment remains as intuitive as before.

View review window.