SOC.OS Release Notes: November 2021
Saved searches, new and improved configurable scoring, threat world map and alert funnel widget.
Saved search queries
The recently introduced Search functionality allows complex searches to be built for your specific requirements and investigations. To enable you to quickly reuse or share the search criteria, we have added the ability to save and load the query, either for a single user or across your entire team. This means that useful searches are accessible with the click of a button, and that whatever data you need can be surfaced right away, ready for investigation or reporting purposes.
We've updated the algorithm used to calculate cluster scores. With this update, our intent was to make our scoring system more configurable by the user, based on your specific priorities. It’s more alert-centric, with the ability to configure scoring boosts based on individual alert types, actioned/ unactioned category, or alert source system. We think that the all-new ability to make changes to the settings will make the scoring, and therefore prioritisation, more intuitive.
Head over to the wiki to read in more detail about how this can be configured to better prioritise your cluster queue.
Integration of SOC.OS wiki into the tool
You can now find the SOC.OS wiki linked in the tool. We’ve added a help menu with links to useful resources and documentation on using SOC.OS, for while you’re using it.
New integrations of source systems:
Improved existing integrations:
- Better mapping of alerts with variable contents, such as IP addresses, hostnames, thresholds etc
- ManageEngine AD better handles JSON threat types
- Help page for new scoring methodology
- Dashboard help page updated to include details and explanations for the new funnel widget
- Updated integration instructions available for Palo Alto and FortiAnalyzer
- Further details added on the visualisation histogram page
- Internal/External entities correctly labelled in data table column header
- Multiple source systems reporting same alert type no longer interferes with column layout of data table
- Fixed issue where occasionally UI would not log a user out after 30 minutes has expired. Now reliably logs out, including across multiple tabs.
As ever, we're excited to continue to develop SOC.OS to meet your needs, and always welcome your input. Please continue to call us or email firstname.lastname@example.org about defects and improvement suggestions, no matter how small or seemingly left field!