- 18 Jan 2024
- 3 Minutes to read
- DarkLight
- PDF
Version 3.4
- Updated on 18 Jan 2024
- 3 Minutes to read
- DarkLight
- PDF
What's new in CDC Version 3.4
October 2023
Highlights
Alert observable upgrades for all security tool integrations , including the ability to set observable type and extra properties, and extraction handling in list view as separated observable values. | |
Email notifications and distribution rules New email notifications and distribution rules, ensuring platform notifications are sent promptly. The new email notification settings includes 'Escalation to group' and 'SLA percentage' rules configuration. | |
Incident-centric playbook upgrades include better visibility and control from the incident page, and improvement of termination messages, incident playbooks, and playbook graphs, user action checkbox validation, automation manager sync, and web push connections. | |
Security tools integration upgrades with new multi-instance of Splunk integration, MITRE ATT&CK mapping to CDC MITRE ATT&CK fields, and improvements for MS Sentinel update sensor. | |
Navigation bar has been completely redesigned with new crisp icons, black background and more logical order. | |
Reporting The reporting interface has been enhanced for better user navigation, with a redesigned header, top-located tabs, and new time range selector. Incident and MITRE ATT&CK reports have been refined for greater clarity. |
Alert Observable
Added the ability to set the observable type, observable extra properties, and related extra properties for all integrations, including Splunk ES, ThreatConnect TIP, Carbon Black EDR, MS Sentinel, Qradar, and LogRhythm.
Updated observable schema:
Device Name
Source Device
Destination Device
Account Name
Source Account
Destination Account
Email Subject
Email Address
Email Recipient
Email Sender
MAC Address
Source MAC Address
Destination MAC Address
IP Address
Source IP
Destination IP
File Name
URL
File Path
File Hash
Added a new feature for handling data extraction from lists as separated observable values.
Upgraded the option to disable observable extraction from the 'custom details' section in MS Sentinel integration.
Alert Classification
Introduced a new feature in which the alert classification parameters are not case sensitive, ensuring more accurate results.
Incident-centric Playbook
Introduced a new feature in which the playbook flow is presented on the incident page, providing better visibility and control.
Enhanced incident-centric playbook to expand visibility through playbook termination messages and dynamic updates for data changes made in the CDC.
Resolved various issues related to playbook graph, user action checkbox validation, automation manager sync, and web push connections.
Incident Grid
Implemented a new view in which the 'Alert updated' column is presented as a default column in the incident grid, enabling better sorting of recent changes and updates in the incident grid.
Email Distribution Rules
New email notifications and distribution rules, ensuring platform notifications are sent promptly. The new email notification settings includes 'Escalation to group' and 'SLA percentage' rules configuration.
Entity Modeling
Entity Modeling now has improved functionality with the ability to import CSV files without data loss, and ensures unique field names per entity type, providing a better experience for mapping custom fields at both alert and incident levels.
Integration Support
Implemented a new feature in which the multi-instance of Splunk integration is available, providing better integration support.
Added a new feature in which the ability to map Carbon Black and Splunk’s MITRE ATT&CK framework to CDC MITRE ATT&CK fields is available.
Public API
Introduced a new feature allowing the file description to be retrieved using the Public API.
Navigation Bar
Introduced a new design for the navigation bar, improving the overall look and user experience of the platform.
Reports
Full reports release note can be found here.
Bug Fixes
Fixed an issue with the alert grouping system, which was not functioning as expected with the ‘allOf’ operator and no observables.
Resolved an issue in which observable extraction fails if no schema is available.
Fixed an issue in which the changes made by the user were not updated dynamically in the incident chat, improving the overall chat experience.
Resolved an issue in which the MS Sentinel update sensor fails to start if "create_query_filter" is empty, ensuring proper functioning.
Fixed the MS Sentinel update sensor issue where updates were not fetched for alerts that were filtered out of CDC, resulting in better Sentinel integration.
Fixed the negative MTTR shown in the Alert Report KPI, ensuring better accuracy.
Fixed an issue in the Reports section where the historical fix closing reason was not working correctly for incidents.