Contents x
      Version 3.4
      • 18 Jan 2024
      • 3 Minutes to read
      • Dark
        Light
      • PDF
      Contents

      Version 3.4

      • Updated on 18 Jan 2024
      • 3 Minutes to read
      • Dark
        Light
      • PDF
      Article Summary

      What's new in CDC Version 3.4

      October 2023

      Highlights

      Alert observable upgrades for all security tool integrations , including the ability to set observable type and extra properties, and extraction handling in list view as separated observable values.

      Email notifications and distribution rules New email notifications and distribution rules, ensuring platform notifications are sent promptly. The new email notification settings includes 'Escalation to group' and 'SLA percentage' rules configuration.

      Incident-centric playbook upgrades include better visibility and control from the incident page, and improvement of termination messages, incident playbooks, and playbook graphs, user action checkbox validation, automation manager sync, and web push connections.

      Security tools integration upgrades with new multi-instance of Splunk integration, MITRE ATT&CK mapping to CDC MITRE ATT&CK fields, and improvements for MS Sentinel update sensor.

      Navigation bar has been completely redesigned with new crisp icons, black background and more logical order.

      Reporting The reporting interface has been enhanced for better user navigation, with a redesigned header, top-located tabs, and new time range selector. Incident and MITRE ATT&CK reports have been refined for greater clarity.


      Alert Observable

      • Added the ability to set the observable type, observable extra properties, and related extra properties for all integrations, including Splunk ES, ThreatConnect TIP, Carbon Black EDR, MS Sentinel, Qradar, and LogRhythm.

      • Updated observable schema:

        • Device Name

        • Source Device

        • Destination Device

        • Account Name

        • Source Account

        • Destination Account

        • Email Subject

        • Email Address

        • Email Recipient

        • Email Sender

        • MAC Address

        • Source MAC Address

        • Destination MAC Address

        • IP Address

        • Source IP

        • Destination IP

        • File Name

        • URL

        • File Path

        • File Hash

      • Added a new feature for handling data extraction from lists as separated observable values.

      • Upgraded the option to disable observable extraction from the 'custom details' section in MS Sentinel integration.

      Alert Classification

      • Introduced a new feature in which the alert classification parameters are not case sensitive, ensuring more accurate results.

      Incident-centric Playbook

      • Introduced a new feature in which the playbook flow is presented on the incident page, providing better visibility and control.

      • Enhanced incident-centric playbook to expand visibility through playbook termination messages and dynamic updates for data changes made in the CDC.

      • Resolved various issues related to playbook graph, user action checkbox validation, automation manager sync, and web push connections.

      Incident Grid

      • Implemented a new view in which the 'Alert updated' column is presented as a default column in the incident grid, enabling better sorting of recent changes and updates in the incident grid.

      Email Distribution Rules

      • New email notifications and distribution rules, ensuring platform notifications are sent promptly. The new email notification settings includes 'Escalation to group' and 'SLA percentage' rules configuration.

      Entity Modeling

      • Entity Modeling now has improved functionality with the ability to import CSV files without data loss, and ensures unique field names per entity type, providing a better experience for mapping custom fields at both alert and incident levels.

      Integration Support

      • Implemented a new feature in which the multi-instance of Splunk integration is available, providing better integration support.

      • Added a new feature in which the ability to map Carbon Black and Splunk’s MITRE ATT&CK framework to CDC MITRE ATT&CK fields is available.

      Public API

      • Introduced a new feature allowing the file description to be retrieved using the Public API.

      Navigation Bar

      • Introduced a new design for the navigation bar, improving the overall look and user experience of the platform.

      Reports

      Full reports release note can be found here.

      Bug Fixes

      • Fixed an issue with the alert grouping system, which was not functioning as expected with the ‘allOf’ operator and no observables.

      • Resolved an issue in which observable extraction fails if no schema is available.

      • Fixed an issue in which the changes made by the user were not updated dynamically in the incident chat, improving the overall chat experience.

      • Resolved an issue in which the MS Sentinel update sensor fails to start if "create_query_filter" is empty, ensuring proper functioning.

      • Fixed the MS Sentinel update sensor issue where updates were not fetched for alerts that were filtered out of CDC, resulting in better Sentinel integration.

      • Fixed the negative MTTR shown in the Alert Report KPI, ensuring better accuracy.

      • Fixed an issue in the Reports section where the historical fix closing reason was not working correctly for incidents.

      Was this article helpful?
      What's Next