Version 2.3

What's new in CDC Version 2.3

September 2021

Highlights

• Suggest related incidents for an alert.
• Select which columns are presented in the Alerts and Incidents views.
• New records in the alert timeline.
• Present triage queries results in a clear way in the ChatOps window.
• Incident escalation process can now send reminders to the escalated group if no one is handling the escalation.
• Search alerts and incidents by additional fields.
• Search inside an alert's raw data.
• Sort alerts and incidents by additional columns.
• Open alerts and incidents in a new tab, from the Alerts and Incidents dashboards.
• Ability to order the system report

Related Incidents

Related incidents can suggest to which incident an alert is related. This is based on shared observables and tags between the alert and incidents.

Columns Selection

An option is now available to select which columns will be presented in the Alert and Incident grids. You can customize these as needed.

Alert Evidence

New records have been added to the alert timeline. The system will automatically add records whenever the following events happen:

• An alert is attached to an incident.
• An alert is detached from an incident.
• An owner is assigned.
• An owner is removed.

Table View

You can now view large table results from commands (or automation) in a clear way, inside the ChatOps window.

Incident Escalation

You can define the way you want to get notified when something is escalated. This means that SOC analysts can follow up on an incident that was escalated to a predefined group (for example customers or L2).

Customers (or L2) will get an automatic email and reminders whenever an incident was escalated to them.

Support Incidents and Alerts Search by More Fields

You can search alerts by additional fields, such as Source ID, External ID, and more. The search also support special characters and partial strings.

Search Inside the Raw Data

You can also search by a value in the Raw Data tab.

More Columns to Sort Alerts and Incidents

The Alerts and Incidents views now feature additional columns for sorting.

Open Alerts and Incidents in a New Tab

From the Alerts and Incidents dashboards, you can now open alerts and incidents in a new tab.

Order Reports

It is now possible for an administrator to change the order of the reports in the reports menu.

Bug Fixes

• Limited number of external playbook displayed in the list (CYB-12324)
• Playbooks not added if they contain more than one tag (CYB-12012)
• Alert resolved event is not present on the alert timeline (CYB-11982)
• Server error while detaching alert from an incident (CYB-11689)
• "{{item}} Copied!" appeared while copying the incident ID from global search results (CYB-11646)
• Field "Company" in alert page presented even if company configuration not set (CYB-11619)
• Search alerts by source id with the plus sign ("+") didn't work (CYB-11458)
• Notifications were sent to disabled users (CYB-11441)
• Hidden tabs in PowerBI were exported (CYB-11377)
• 'Mark as done' button under playbook doesn't present after terminating a playbook (CYB-11322)
• Alert reopen reason wasn't present in alert details (CYB-11313)
• Grid of related incidents overlaps the filters section after clicking on column (CYB-11291)
• The new alert indication doesn't disappear when there are no new alerts (CYB-11212)
• The number of related incidents doesn't match the content (CYB-10984)
• Number of observables on the page were incorrect (CYB-10822)
• Changes in incident type weren't reflected in the incidents grid (CYB-9964)
• Drag and drop files box appears when moving text (CYB-9529)
• Detach alert event is not present on alert timeline (CYB-6813)

Known Issues

• Links in alert procedures do not redirect the user (CYB-10694).
• The user icon does not contain name initials (CYB-9101).
• It is possible to add a new AD user with an email that already exists in KeyCloak, but it will not allow login (CYB-5366).