The Complete SOC.OS Update: November 2021

AUGUST 24, 2021


SOC.OS Release Notes: November 2021

Saved searches, new and improved configurable scoring, threat world map and alert funnel widget.

Saved search queries 

The recently introduced Search functionality allows complex searches to be built for your specific requirements and investigations. To enable you to quickly reuse or share the search criteria, we have added the ability to save and load the query, either for a single user or across your entire team. This means that useful searches are accessible with the click of a button, and that whatever data you need can be surfaced right away, ready for investigation or reporting purposes.

New scoring

We've updated the algorithm used to calculate cluster scores. With this update, our intent was to make our scoring system more configurable by the user, based on your specific priorities. It’s more alert-centric, with the ability to configure scoring boosts based on individual alert types, actioned/ unactioned category, or alert source system. We think that the all-new ability to make changes to the settings will make the scoring, and therefore prioritisation, more intuitive. 

Head over to the wiki to read in more detail about how this can be configured to better prioritise your cluster queue.

Integration of SOC.OS wiki into the tool 

You can now find the SOC.OS wiki linked in the tool. We’ve added a help menu with links to useful resources and documentation on using SOC.OS, for while you’re using it.


Source Systems 

New integrations of source systems: 

Improved existing integrations: 

  • Better mapping of alerts with variable contents, such as IP addresses, hostnames, thresholds etc 
  • ManageEngine AD better handles JSON threat types

SOC.OS Wiki 

  • Help page for new scoring methodology 
  • Dashboard help page updated to include details and explanations for the new funnel widget 
  • Updated integration instructions available for Palo Alto and FortiAnalyzer 
  • Further details added on the visualisation histogram page

Bug Fixes 

  • Internal/External entities correctly labelled in data table column header 
  • Multiple source systems reporting same alert type no longer interferes with column layout of data table
  •  Fixed issue where occasionally UI would not log a user out after 30 minutes has expired. Now reliably logs out, including across multiple tabs.

As ever, we're excited to continue to develop SOC.OS to meet your needs, and always welcome your input. Please continue to call us or email about defects and improvement suggestions, no matter how small or seemingly left field!

About the author


For more information about SOC.OS, contact