The update to SOC.OS Software came in two parts this time around. Starting with a smaller release than we’ve seen recently, focusing on back end improvements and preparing for future feature releases. Followed by our second upgrade for September, bringing more UI improvements after the earlier back end release. Part two built on the back of the recent SOC.OS Search functionality, introducing it to more locations in the UI, as well as an updated Cluster Overview panel to display a summary more intuitively, and a more detailed drill down in every cluster to assist in your investigations.
Don’t miss out on the continued integration of additional security tools, and feel free to get in touch with any additional tools you would like to integrate.
Updates to the SOC.OS User Interface
We’ve introduced the new Search functionality to the cluster page, allowing the visualisation and data view to be filtered using search queries. This means only the data the user is interested in will load, therefore reducing loading times.
- The new cluster overview panel surfaces the most prevalent alert types, and internal/external entities in the cluster. The alert types and entities are ordered by the number of alerts they are associated with.
- The overview of alert types shows the number of effected internal entities and the number of alerts associated with that alert type.
- The overview of the internal/external entities in the cluster displays the number of alerts associated with each entity as well as the first and last seen date times.
Updates to the API means that we’ve been able to improve suggested terms when performing searches on “Alert Type”.
Began migration of cloud sources ingestion to new infrastructure for improved performance
Introduced auto-scaling to better handle spikes in alert volume
Security and performance updates
New integrations of source systems:
Improved existing integrations:
- Additional threat mapping of FortiAnalyzer alerts
- We’ve improved the Actioned status of MS Azure Security Centre alert category “Antimalware action taken”.
- New tutorial article on interpreting the cluster Visualisation
- Tutorial page for the new Cluster Data View functionality
- Search help page updated with Basic Search explaining the SOC.OS chip search feature
- New ManageEngine integration page
- Further updates and improvements to MS Graph, Trend Micro Apex Central and Fortinet FortiAnalyzer integration pages
- Improved navigation and links throughout the wiki
As ever, we’re excited to continue to develop SOC.OS to meet your needs, and always welcome your input. Please continue to call us or email firstname.lastname@example.org about defects and improvement suggestions, no matter how small or seemingly left field!