The Complete SOC.OS Update: September 2021

  • October 1, 2021
  • Dave Mareels
Image shows rows of hard hats used as protective gear in construction in different colours including white blue red and yellow

The update to SOC.OS Software came in two parts this time around. Starting with a smaller release than we’ve seen recently, focusing on back end improvements and preparing for future feature releases. Followed by our second upgrade for September, bringing more UI improvements after the earlier back end release.  Part two built on the back of the recent SOC.OS Search functionality, introducing it to more locations in the UI, as well as an updated Cluster Overview panel to display a summary more intuitively, and a more detailed drill down in every cluster to assist in your investigations.

Don’t miss out on the continued integration of additional security tools, and feel free to get in touch with any additional tools you would like to integrate.

Updates to the SOC.OS User Interface

Data Grid

We’ve introduced the new Search functionality to the cluster page, allowing the visualisation and data view to be filtered using search queries. This means only the data the user is interested in will load, therefore reducing loading times.

Cluster Overview

  • The new cluster overview panel surfaces the most prevalent alert types, and internal/external entities in the cluster. The alert types and entities are ordered by the number of alerts they are associated with.
  • The overview of alert types shows the number of effected internal entities and the number of alerts associated with that alert type.
  • The overview of the internal/external entities in the cluster displays the number of alerts associated with each entity as well as the first and last seen date times.

Suggested Search

Updates to the API means that we’ve been able to improve suggested terms when performing searches on “Alert Type”.

Non-UI

Began migration of cloud sources ingestion to new infrastructure for improved performance
Introduced auto-scaling to better handle spikes in alert volume
Security and performance updates

Integrations

New integrations of source systems:


Improved existing integrations:

Wiki

Get involved

As ever, we’re excited to continue to develop SOC.OS to meet your needs, and always welcome your input. Please continue to call us or email support@socos.io about defects and improvement suggestions, no matter how small or seemingly left field!

About the author

Dave Mareels

Dave Mareels

CEO

Following a Masters in Mechanical Engineering, Dave joined BAE Systems’ engineering leadership programme working across military aircraft, maritime and cyber domains, before taking on SOC.OS in 2018. When not working, he enjoys travelling, basketball, BBQs and private tutoring.