Version 2.7

What's new in CDC Version 2.7

April 2022

Highlights

• New and improved search capabilities
• New visualization for the query engine
• Integrated Help documentation
• SLA calculation based on an alert's creation time
• Display time alignment
• Priority-based incident email notifications
• Adaptive card capability expansion
• Copy and paste date and time in filters
• New integrations

New and Improved Search Capabilities

Our search tool is now more powerful, providing more flexibility and efficiency, and multiple criteria combinations.

For example:
Query/Search: DetectionRule = AO10 AND Severity = HIGH AND ObservableTag ("Tagx","Tagy")

Returns: All alerts with DetectionRule = AO10 AND Severity = HIGH AND ObservableTag = TagX AND ObservableTag = Tagy

You will be able to toggle between the basic search mode (for alerts and incidents grids), and the query language search.

The query language search will be available from the Alerts and Incidents grids, and will be executed on the alerts and incidents data - as well as on the related Observables and Chat.

New Visualization for the Query Engine

You can now get visualization results from the query engine and present it near the result, with the ability to define in the query framework how you want to view the data. This will help you view data from queries in a visual way, for more improved understanding.

You will also be able to download the graph file.

The video below illustrates viewing the results using the table and graph views.

Integrated Help Documentation

When clicking the “Help” link from the left menu, you will now be redirected to the CDC user guide. The user guide enhances the CDC platform, and enables users to be better informed on the CDC's features and capabilities.

The Help link will link to the most updated release notes.

There will also be a "What's New" - where you will be able to see the new features of the latest release that was installed on the platform.

SLA Calculation Based on an Alert's Creation Time

The CDC can now calculate SLA time from creation time - rather than from detection time - in the platform. This change will align with our obligations to our customers.

Display Time Alignment

You can now choose the CDC time zone, enabling easier/more convenient analysis of information. Within your profile settings, you will be able to select the time zone you want to work with. The default time zone will be set to your local time.

When hovering on the timestamp, you will see the time in UTC format.

Priority-Based Incident Email Notifications

You can now receive emails according to their priority, so that you will only get emails with a priority that is important to you. You can define this within Profile > Notifications Settings, including incidents that were:

• Assigned to you
• Created
• Re-opened
• Escalated
• Closed

You will be able to separately select the priority for each type of incident state above. Priority values will be set according to the priority defined in the CDC.

Adaptive Card Capability Expansion

You can now use adaptive cards for writing CLI commands instead of writing it on your own. You can insert the input and then the command will be generated by the CDC,

Copy and Paste Date and Time in Filters

To save time, you can now copy and paste date and time in filters. You can copy and paste the detection time and date in alerts and incidents filters, both in the "From" and "TO" fields.
Copy: click CTRL+A and CTRL+C
Paste: click CTRL+A and CTRL+V

New Integrations

By default, Version 2.7 will incude two additional integrations:

• Shodan - This enriches external IPs with information such as open ports, general information, and vulnerabilities.
• UrlScan - This creates a screen shot of the URL, and is also able to compare it to a screen shot from a week earlier, allowing analysts to quickly identify if the URL has been corrupted.

Bug Fixes

• Page overlaps when creating a condition step in the playbook (CYB-15027).
• Bad alert ID error when applying a filter for observables (CYB-15300).
• When adding a closing reason to a closed incident, an incorrect "Incident is esclated" pop-up message is displayed (CYB-14826).
• When a user takes ownership on an alert from the Alerts grid, the alert is marked as unread (CYB-14396).
• In case of a CTI alert with an IOC observable, the IsIOC field is set to NO in the UI (CYB-15621).
• Historical enrichments were removed from observables (CYB-15498).
• Historical observables without enrichment that had a score of 0 will now be set to null (UCA-8248).

Known Issues

• The Raw Data page disappears if an alert name is long (CYB -15444).
• A page is unresponsive if users click on an alert's collapsed raw data (CYB -15435).