Product Updates

Whatever the problem, Devo SOAR has the answer.  Here is the latest update release notes. Table of ContentsNew in Automation Introducing the latest Devo Soar integration: Absolute Enhancements Devo Connection Devo Integration Microsoft Graph Cybereason Microsoft Defender for Endpoint Bug FixesNew in AutomationIntroducing the latest Devo Soar integration: AbsoluteThe Absolute® Platform leverages a cloud-based, highly-available, and secure multi-tenant architecture across different regions. It’s comprised of various foundational components that power Absolute product features and are being leveraged by the company’s enterprise customers and ecosystem partners alike. EnhancementsDevo ConnectionImproved the process of adding a Devo Connection.Devo IntegrationAdded 1 new action for Devo IntegrationSend a single eventMicrosoft GraphAdded 12 new actions for Microsoft Graph based on passwordMethod, PhoneAuth and Authenticator.CybereasonAdded 2 new actions for Cybereason integration: Get custom reputation Get remediation statusMicrosoft Defender for EndpointDeprecated Submit Indicator action for Microsoft Defender for Endpoint integration and added a new action with added JSON request body field. Bug FixesCredentials stored in Web API integration connection reference values are displayed in errors. We have fixed this now. If someone uploads a CSV which has a missing label row, and they try to create a pie chart, the page breaks. We have fixed this now.

In this release, we have improved the performance of the Triage page when the tags are loaded, deleted Dynamic Lookups from Content Manager, addressed SecOps bugs, and remediated security vulnerabilities. Increase the performance of the Triage pageThe performance of the Triage page is improved when the tags associated with the triggered alerts are loaded. Delete Dynamic Lookups from Content ManagerDynamic Lookups are deleted from the Content Manager because Dynamic Lookups are deprecated. Bug fixesWhen NASS or Autoregister is not working, the API can be deployed. Access to Content Manager correctly works despite an alert is not correctly configured. Entities Map is displayed even when no data are available. When the amount of installable alerts is greater than 1000, it will show all alerts.     Security UpdateMultiple security updates to address potential security risks.

The Devo Exchange team produces a large collection of useful and customer-requested Activeboards, Use Cases, and MITRE Alerts to help you speed up your workflow.  Here are the new additions for September.Table of ContentsNew Activeboards Azure Cloud Sign In AWS Security Lake Web Analytics Office 365 Exchange Office 365 SharePoint Office 365 OneDrive New MITRE Alert Content Packs Remote Access Software Remote Service Session Hijacking Rogue Domain Controller Server Software Component Service Stop Stage Capabilities New Use Case CrowdStrike Detections AB Use case New Synthetic Data Office 365 Management Injection Crowdstrike Injection  New ActiveboardsVisualize your data with style, these Activeboards are great as is or as a starting point for your own Activeboard!Azure Cloud Sign InOpen in  Devo Exchange.AWS Security LakeOpen in  Devo Exchange.Web AnalyticsOpen in  Devo Exchange.Office 365 ExchangeOpen in  Devo Exchange.Office 365 SharePointOpen in  Devo Exchange.Office 365 OneDriveOpen in  Devo Exchange. New MITRE Alert Content PacksImpressively the grand total of MITRE Alerts available on Devo Exchange is now 450!Remote Access SoftwareOpen in Devo Exchange.Remote Service Session HijackingOpen in Devo Exchange.Rogue Domain ControllerOpen in Devo Exchange.Server Software ComponentOpen in Devo Exchange.Service StopOpen in Devo Exchange.Stage CapabilitiesOpen in Devo Exchange. New Use CaseCrowdStrike Detections AB Use caseThis use case allows you to visualize "CrowdStrike Detections Navigator" Activeboard using synthetic sample data.Open in Devo Exchange. New Synthetic DataSynthetic data allows you to simulate data from a source in order to test a companion Activeboard or your own Activeboards.  The data stream can be turned off in Devo Exchange.Office 365 Management InjectionOpen in Devo Exchange.Crowdstrike InjectionOpen in Devo Exchange.

The Integrations team has released a selection of new collectors and updates to existing ones documented below! Speak with your CSM if you need a New Collector or an Update to an existing collector! Table of ContentsNew Collectors Microsoft Defender for IoT Collector v1.0.0b1 Bitwarden Collector v1.0.0b1 MS Graph v1.7.0b1 (new data sources added)  Cyble Vision Collector v1.0.0  Mandiant Advantage Collector v1.0.0b1 on) IBM Cloud VPC Flow v1.0.0b1 IBM Cloud Softlayer v1.0.0b1  IBM Cloud Activity Tracker v1.0.0b1 Updated Collectors Github collector v2.1.0  AWS collector v1.5.0  SentinelOne collector v1.4.0  Recorded Future v1.3.0  Cybereason v1.2.0  OneTrust v1.2.0  AlienVault OTX v1.1.0  Wiz Cloud Security v1.2.0  Cylance v1.1.0  Agari Phishing Defense v1.2.0  JumpCloud v1.1.0  Microsoft Azure Collector v1.7.0  Okta Resources Collector v1.8.0 (new functionality) Microsoft Defender Cloud Apps Collector v1.1.0  Microsoft O365 Message Tracing Collector v2.2.0  Rapid7 InsightVM v1.4.0  Infocyte Collector v1.3.0   New CollectorsMicrosoft Defender for IoT Collector v1.0.0b1Doc Page in progress.Bitwarden Collector v1.0.0b1Doc Page in progress.MS Graph v1.7.0b1 (new data sources added) View information in our Documentation.Cyble Vision Collector v1.0.0 View information in our Documentation.Mandiant Advantage Collector v1.0.0b1Doc Page in progress.IBM Cloud VPC Flow v1.0.0b1Doc Page in progress.IBM Cloud Softlayer v1.0.0b1 Doc Page in progress.IBM Cloud Activity Tracker v1.0.0b1Doc Page in progress. Updated CollectorsGithub collector v2.1.0 View information in our Documentation.AWS collector v1.5.0 View information in our Documentation.SentinelOne collector v1.4.0 View information in our Documentation.Recorded Future v1.3.0 View information in our Documentation.Cybereason v1.2.0 Doc Page in progress.OneTrust v1.2.0 View information in our Documentation.AlienVault OTX v1.1.0 View information in our Documentation.Wiz Cloud Security v1.2.0 View information in our Documentation.Cylance v1.1.0 View information in our Documentation.Agari Phishing Defense v1.2.0 View information in our Documentation.JumpCloud v1.1.0 View information in our Documentation.Microsoft Azure Collector v1.7.0 View information in our Documentation.Okta Resources Collector v1.8.0 (new functionality)View information in our Documentation.Microsoft Defender Cloud Apps Collector v1.1.0 View information in our Documentation.Microsoft O365 Message Tracing Collector v2.2.0 View information in our Documentation.Rapid7 InsightVM v1.4.0 View information in our Documentation.Infocyte Collector v1.3.0 View information in our Documentation. 

Devo Exchange team is happy to bring you the latest update for the MITRE ATT&CK Adviser.  This release brings critical functionality to the MITRE ATT&CK Adviser, allowing the management of multitenant domains. Administrators have a full view of the alert coverage information of each child domain in their portfolio.Release InformationReleased in all Geos.Table of ContentsNew Features Tenant Filter MSSP Support Enhancements New “No Alerts Fired” New notification for missing injections  New FeaturesTenant FilterThis new filter allows MSSP’s to quickly switch between clients.MSSP SupportMSSPs can view the client domain alert coverage they are currently logged in to and get critical insights into the alert landscape for their clients.EnhancementsNew “No Alerts Fired”When the time period selected results in no alerts fired, a new message notification is displayed, guiding you to select a new time period. New notification for missing injectionsThis new notification will inform the user if a log source for an installed alert does not have a log source injection. View the App in Devo Exchange!

A correlation engine with perks!  The new Devo Flow comes packed with new features! Release InformationTime Window: Tuesday September 19, 9:00 AM UTCDuration: 2 HoursImpact: NONE Geo AvailabilityRegion Status GovCloud Released CA Released US Released EU Released APAC Released  Table of ContentsNew Features New Visualization of Publish template results New Functionality for HTTPCall module Enabled Batch Processing of DevoSource module New Actions: Stop & Unload  New FeaturesNew Visualization of Publish template resultsNew look to published template results!  A new window will open with the instances name and the results of the publish.  If there are errors, a new dropdown is available with all the information.New Functionality for HTTPCall moduleTwo new fields are available:Max RetriesYou can enter the number of retries when the response status code is outside the success range of 200-299.  However if you do not want to perform retries, just set the value to 0.Delay between RetriesIf you do define the maximum number of retries, a new field will become available that will allow you to configure the delay between replies in seconds. Enabled Batch Processing of DevoSource moduleYou can now toggle ON to request the stalls and results.  This is possible only once the specified time grouping period has elapsed.  This period defaults to 1 minute if the grouping period is not specified.New Actions: Stop & UnloadWe’ve merged the action of Stop & Unload, now when you click/call the stop action, the context will be unloaded from the server.  As a consequence, the Unload button has been removed from the UI.

The Integrations team has released a selection of new collectors and updates to existing ones documented below!  Documentation pages for these collectors are being updated now.Table Of ContentsNew Collectors Trend Micro Email Security Collector v1.0.0 Workday Collector v1.0.0 Thinkst Canary Collector v1.0.0 Lastpass Collector v1.0.0 Collectors Updates Crowdstrike API Resource Collector v1.4.3b2 Office 365 Exchange Message Tracing v2.1.1 Salesforce Collector v1.6.0 Sophos Central Collector v1.2.0 Trend Micro Vision One Collector v1.1.0 Google Cloud Platform v1.4.0 Gsuite Google Workspace Report v1.8.0 Onelogin Collector v1.2.0 Cisco Meraki Collector v1.4.0 New CollectorsTrend Micro Email Security Collector v1.0.0Trend Micro Email Security screens out malicious senders and analyzes content to filter out spam. It examines sender authenticity and reputation and defends against malicious URLs.Learn more about this collector.Workday Collector v1.0.0Workday is a service that automates the sourcing, aggregation, normalization, and data management of security data across your organization into a security data lake stored in your account.Learn more about this collector.Thinkst Canary Collector v1.0.0Thinkst Canary detects security breaches. Users can order, configure, and deploy their Canary Tokens throughout their network.Learn more about this collector.Lastpass Collector v1.0.0Documentation page coming soon. Collectors UpdatesCrowdstrike API Resource Collector v1.4.3b2A new data source was added.  The documentation page is coming soon.Office 365 Exchange Message Tracing v2.1.1Link to the Documentation page.Salesforce Collector v1.6.0Link to the Documentation page.Sophos Central Collector v1.2.0Link to the Documentation page.Trend Micro Vision One Collector v1.1.0Link to the Documentation page.Google Cloud Platform v1.4.0Link to the Documentation page.Gsuite Google Workspace Report v1.8.0Link to the Documentation page.Onelogin Collector v1.2.0Link to the Documentation page.Cisco Meraki Collector v1.4.0Link to the Documentation page. I will update this page once documentation is live!

Devo Relay 2.5.0 brings updates to Transport Layer Security support, bug fixes, and vulnerability patches!Release informationTime Window:  Tuesday, September 5, 9:00 AM UTCDuration: 1 HourImpact: NONE Table of ContentsSupport for TLS v1.3 Cleaned up Startup Error messages Recovery of Relay service Improved Vulnerability Fixes Support for TLS v1.3With this update, the default send method will be TSL v1.3 instead of TSL v1.2.  As all ELBs already support TLS v1.3, with this change, end-to-end connection can be supported in TLS 1.3. Cleaned up Startup Error messagesConfusing errors on start-up have been cleared up and removed! Recovery of Relay service ImprovedImproved Relay status updating after an abrupt stop.  Killing Relay service with SIGKILL is now handled correctly Vulnerability Fixesguava (CVE-2023-2976) spring-core (CVE-2023-20861, CVE-2023-20863)

 Devo is happy to make available the latest release of the Devo Platform.  This update brings a selection of improvements and bug fixes sourced by our customers!Release InformationTime Window: Thursday August 31, 9:00 AM UTCDuration: 2 HoursImpact: NONE Geo Availability <Region Status CA Released US Released EU Released APACReleased  Table of ContentsNew Features New Data Search Events marked on arrival  Alert Subscription Enhancement Improvements Aggregation Task calendar migrated to Data Search time picker Improved Data Search Copy command Increased Home Widget Accuracy Enhanced LookUp Errors Better handling of large synthesis operations Bug Fixes New FeaturesNew Data Search Events marked on arrivalNew highlights added to new events on both Table View and List view in Data Search. Alert Subscription EnhancementThe user’s email is now displayed on the Alert Subscription page instead of the Username.  This conforms with the consistent behavior through other pages in Devo ensuring an expected experience.  ImprovementsAggregation Task calendar migrated to Data Search time pickerImproved Data Search Copy commandImproved UX with the contextual menu “Copy” reducing the number of mouse clicks required to reach the command. Increased Home Widget AccuracyUnits are now accurately displayed between the volume widget and the shown metric. Both now display the superior binary ingestion size (TiB, GiB, MiB, KiB) over the previously used decimal (TB, GB, MB, KB) representation.  This change ensures clear and correct data visualization for ingestion within your domain. The Event Volume chart on the Home Page is now more accurate due to this change.  The data continues to be accurate, and now the average and limit lines will match the data exactly. Enhanced LookUp ErrorsThe team has made huge efforts to create more detailed error outputs to better diagnose and troubleshoot Lookup issues.   In addition to this, errors are now available in multiple languages, including Catalan!Our goal here is to continuously improve the LookUp experience! Better handling of large synthesis operationsWe’ve increased the size of POST and DELETE requests to accommodate larger synthesis operations.  We also added new error messages with details to help diagnose problems with large synthesis operations.  Bug FixesImprove Autoparser handling of INTEGER types. Improve Aggregation task calendar Fixed an issue with relative dates when using search history Improved ip4 operation handling 

I have created a LINQ Operator Discovery Resource for all Devo users to learn about what operators are available to use for your Data Search Queries.I created two custom pages to contain all this wonderfulness. This resource will let you quickly filter and search for the right operator to fit your needs.  Members of Devo Connect only. The full list of operators and code examples.  I also have it in PDF format attached. Please leave a comment and let me know what you think!To my LINQ Bible group,  thank you for all your help, here is the results!

This is a small update containing Vulnerability fixes and a bug resolution.  The team continues to work on new features, stay tuned! Geo AvailabilityRegion Status CA Released US Released EU Released APAC Released  Table of ContentsBug fix  Vulnerability fixesBug fix Resolved issue that occurred when Alerts were updated by API, uploaded successfully but when viewed individually triggered the error “Oops, something went wrong”.Vulnerability fixesIdentified vulnerabilities were remediated. 

Devo is happy to deliver this new version of the Platform.  Containing new features and improvements to Activeboards. Geo AvailabilityRegion Status CA Released US Released EU Released APAC Released  Table of ContentsNew Features New Activeboard Widget - Calendar Heatmap Improvements Improved Widget - MakersMap New look and usability improvements for Charts Improvements to Export to PDF  New FeaturesNew Activeboard Widget - Calendar HeatmapThe new Calendar Heatmaps represent time-series numerical data through a conventional calendar where each day is shaded on a light to dark gradient based on the sum of the values of the said numerical variable along the day. ImprovementsImproved Widget - MakersMapMakerMap is now using the new Google maps library “@googlemaps/marketclusterer”.  This new library  brings the following improvements:More accurate location icons:  Correct icon placement at all zoom levels. New grouping location functionality: New Design Proportional icon size to the number of locations it represents More than 5 colors possible! A themed color palette is implemented. When several icons overlap, the biggest one is displayed at the foreground. New look and usability improvements for ChartsCharts receive new colors, and legends are now delimited with a background light gray area. Improvements to Export to PDFCleaned up header duplication Improvements to layout

New SOAR release includes new functionality, vulnerability and bug fixes! Geo AvailabilityRegion Status CA Released US Released EU Released APAC Released  Table of ContentsNew features New Actions for Sailpoint New to Zendesk Integration Improvements Bug Fixes New featuresNew Actions for SailpointSailpoint Integration has added 6 new actions:Search List Accounts Delete Account Get Account Activity List Account Activities Get AccountNew to Zendesk IntegrationAdded token-based authentication at the connection level. ImprovementsDestination: Added retries and visibility of the result of forwarding.Improved performance of loading detection under My UseCases section.Disabled Query section when we run/update SQL node.Changed from Python2 to Python3 for vulnerability fix in the following integrations:GRR Nmap UtilitiesCode vulnerability fix by removing the usage of the static jar from:JDBC Microsft SQL ServerBug FixesIf a user’s password expires (per system security settings), or if an admin resets a user’s password and gives them a temporary password, that password can still be used for whatever the user wants in scripting without authorization being denied. We have fixed this now. Update Case/ Create Case action failing for field( type single select) update with an invalid value of integration Case Management. We have fixed this now. Showing proper error message when some error occurs in connecting the server or retrieving the message of integration Exchange (Quarantine Messages).

This release of the Devo Platform addresses customer feedback and bug fixes.Geo AvailabilityRegion Status CA Released US Released EU Released APAC Released  Table of ContentsUpdated Changes to Inactivity System Bug Fixes Data Access Error Alert counters bug Query Dispatcher Error  UpdatedChanges to Inactivity SystemInactivity will now be calculated on all tabs consistently instead of each individual tab. The Inactivity pop-up will be triggered and removed simultaneously on all Devo tabs.Bug FixesData Access ErrorFIXED - Error when editing data access due to inactive domains being selectable.  Inactive domains are now excluded from selection box.Alert counters bugFIXED - Several alerts not showing the counters for each value in fields correctly.Query Dispatcher ErrorFIXED- Bug that caused error code 600 in the Query Dispatcher when opening Data Search from search.

The Integrations team has released in this update, a selection of new collectors and updates to existing ones documented below! Geo availabilityRegion Status CA Released US Released EU Released APAC Released  Table of ContentsNew Collectors Spycloud Collector 1.0.0 Proofpoint CASB Collector 1.0.1 CyberArk EPM Collector 1.0.0 Taxii Collector 1.0.0 Collectors Updated Azure Collector 1.6.0 MS Graph 1.6.2 Google Workplace Alerts (aka Gsuite Alerts) 1.6.0 CrowdStrike API Resource Collector 1.4.2 Spycloud 1.0.1 Okta Collector 1.7.0 Cisco eStreamer collector 1.3.0 Rapid7 Insights 2.0.0 Office 365 Exchange Message Tracing 2.1.0  New CollectorsSpycloud Collector 1.0.0The SpyCloud collector can help fraud prevention teams stay ahead of customer ATO fraud by detecting and resetting exposed consumer passwords early in the breach lifecycle, heading off account takeover attempts. Full details here.Proofpoint CASB Collector 1.0.1Proofpoint Cloud App Security Broker (Proofpoint CASB) helps you secure applications such as Microsoft Office 365, Google Workspace, Box, and more. It gives you people-centric visibility and control over your cloud apps, so you can deploy cloud services with confidence. Full details here.CyberArk EPM Collector 1.0.0CyberArk is an Identity Security Platform that enables secure access for any identity — human or machine — to any resource or environment from anywhere, using any device. Full details here.Taxii Collector 1.0.0Trusted Automated Exchange of Intelligence Information (TAXII™) is an application protocol for exchanging CTI over HTTPS. ​TAXII defines a RESTful API (a set of services and message exchanges) and a set of requirements for TAXII Clients and Servers. Full details here. Collectors UpdatedAzure Collector 1.6.0» DetailsMS Graph 1.6.2» DetailsGoogle Workplace Alerts (aka Gsuite Alerts) 1.6.0» DetailsCrowdStrike API Resource Collector 1.4.2» DetailsSpycloud 1.0.1» DetailsOkta Collector 1.7.0» DetailsCisco eStreamer collector 1.3.0» DetailsRapid7 Insights 2.0.0» DetailsOffice 365 Exchange Message Tracing 2.1.0» Details

Devo Exchange and SciSec Teams hare happy to announce the Content update for July for Devo Exchange! Geo AvailabilityRegion Status CA Released US Released EU Released APAC Released  Table of ContentLookups MitreAlertsExtendedDefinition Activeboards Cloud Azure Summary Office365 Active Directory Proxy Zxcaler Activity Office365 Overview Use Cases Office365 Overview Use Case Content Packs 14 MITRE Tactics Content Packs 97 MITRE Technique Alert Packs  LookupsMitreAlertsExtendedDefinitionThis lookup will allow you to add Alerts to your MITRE ATT&CK Adviser mapped to multiple tactics and techniques.  You can still use SecOpsAlertDescription to and alerts with a single mapping. ActiveboardsCloud Azure SummaryGive a summary to clients about their Azure events like geolocalization, severities, average duration, critical events...Office365 Active DirectoryOverview of Office 365 Active Directory user and login eventsProxy Zxcaler ActivityGeneral overview of Zscaler Proxy solution and activity.Office365 OverviewShows a summary of all Microsoft Office 365 activity: Active Directory, SharePoint, OneDrive, Teams and Exchange. Use CasesOffice365 Overview Use CaseWorks with the Office365 Management Injection synthetic data and the Office365 Overview activeboard Content Packs14 MITRE Tactics Content PacksFull List available here.97 MITRE Technique Alert PacksFull list available here 

This minor update delivers a hotfix for multiple search issues reported by the community. as well as vulnerability fixes that were identified and remediated. Geo AvailabilityRegion Status CA Released US Released EU Released APAC Released  Table of ContentsContent Manager Hotfix Fixed a few vulnerability. Content Manager HotfixRemedied:Uncaught ReferenceRrror Unable to switch to the next page of installed alerts in specific action order. Unable to increase number of rows in specific scenarios.Fixed a few vulnerability. See the release notes in Docs!

The next release of the Devo Product is almost here.   You might have noticed more update announcements more often,  the team is working hard to make sure you have the right information at the right time!   Here are the coming changes to the product! Geo AvailabilityRegion Status CA Released US Released EU Released APAC Released  Table of ContentsNew Features Built-in application preferences at the domain level New Sensitive data handling Deprecated Action Improvements X.509 New status Bug Fixes New FeaturesBuilt-in application preferences at the domain levelAllows the user to manage “application preferences” at the domain level for applications that have built-in preferences. New Sensitive data handlingTo address the problem of sensitive data being exposed to any user role and provide flexibility in audit actions the team has created the following rule:Only hide those parameters coming from requests with URL-encoded content and using HTTP verbs other than “GET”. Deprecated ActionRemoved add data from Dropbox action due to lack of user adoptions. ImprovementsX.509 New statusX.509 Certificates gain new status “Expired” in UI. In addition to this new status expired certificates:Cannot be downloaded. Will display a “---” in all columns except name and dates.Bug FixesFixed User Session invalidates prematurely Fixed Support form Send Fixed incorrect translation into Spanish in Autoparser.  

This Update brings you bug fixes for the new Fields Manager as well as bringing back UI buttons by customer request! Geo AvailabilityRegion Status CA Released US Released EU Released APAC Released  Table of Contents ImprovementsField Options returnDue to customer feedback, the field options return! Bug Fixes Multiple bug fixes related to the Field Viewer.  Keep the feedback coming! 

The Devo SOAR team is happy to present the latest version of SOAR!  AutomationIntroduction of a new integration: Sailpoint Sailpoint Identity Security Cloud Platform is purpose-built for today’s enterprise demands, delivering an intelligent, autonomous identity foundation that securely fuels your business.  EnhancementsWhen editing a stream now point you to which playbook it is for. SentinelOne integration has added 2 new actions: Disconnect from Network and Get Activities Deprecated old URL Scan action and added new one with more detailed output in PhishTank integration. Cybereason integration has added 1 new action: Get AI Hunt MalOp Details In Opensearch integration added explode result field in Run Query action. Bug FixesResulting in more than the expected number of rows when an error is encountered in action Get Report with sha256 hashes of Hybrid Analysis integration. We have fixed this now. Original column name is showing in results even when alias is defined in query in Run Query action of Opensearch integration. We have fixed this now. Use of markdown language in case comments sends the entire thing to commands and the comments do not have the information anymore. We have fixed this now.

This release of the Devo Platform brings you new features to Activeboards, Scheduled reports and User interaction improvements.Geo AvailabilityRegion Status CA Released US Released EU Released APAC Released  Table of contentsNew Features Activeboards Unified Y axis Two new methods added to Activeboads language Improvements Scheduled Reports - Hidden Recipients Scheduled reports - New Information fields Additional Improvements Bug Fixes New FeaturesActiveboards Unified Y axisThis new feature added in the Line/Column/Area widgets, will allow the user to have all the metrics in the same Y axis and with the same scale. The current behavior (a different Y axis/scale for each metric) will be also available.Two new methods added to Activeboads languageMethod Syntax Description Take take (query, N) Takes the first N elements from a data set Sort sort(query, columnName, ‘ASC’ | ‘DESC’) Sorts a dataset by column with ASC/DESC order  ImprovementsScheduled Reports - Hidden RecipientsThe To: field will now display as empty when sending Scheduled reports, maintaining privacy for all users.Scheduled reports - New Information fieldsNew information fields added:Field Name Available in Environment Subject and Content Domain Subject and Content Activeboard Name Content Creation Date Timezone Content (specified in Scheduling) Activeboard ID Content exclusive to error emails  Additional ImprovementsSpeed up Activeboard display times.  When opening activeboards, the default activeboard will be loaded, if no default is set, the first activeboard will be loaded. The full activeboard list can be requested from the Activeboard manager. Added new notification to Clone Activeboard command to notify user when an Activeboard is cloned successfully without opening. Improve Activeboad cloning operation, faster and a new spinner added notifying the user of continued action progress in background. Added a description field max character counter to Create new Activeboard dialog. UX improvements to reordering in Table Widget.Bug FixesFlickering issue fixed with the vertical scrollbar in the Activeboad Manager. Fixed issue with session timeouts Fixed issue with values missing when Menu Always Open was selected.View the full release in Docs!

This release of Security Operations brings in new functionality that improves analyst workflows in the triage and investigations workbenches and updates to the content manager!Geo AvailabilityRegion Status CA Released US Released EU Released APAC Released  Table of ContentsNew features Open in Dedicated tabs Improvements Increased Visible Alerts Content Manager expanded to support All alert types Content Manager Subquery Support Triage Filtering Increased security of investigations and Enigma Endpoints  New featuresOpen in Dedicated tabsWe have enhanced SecOps to allow you to open the entire application and sections in separate tabs, increasing the modularity of your workflow.SecOps - You can open SecOps in a new tab from the General Menu.Alerts from the Triage Page can now be launched in a new tab by right-clicking on the alert and choosing “open in a new tab”.Investigations can be opened in a new tab from the Triage page by right-clicking on the alert and selecting “open in a new tab”.Investigations can also be launched in a new tab from the investigations page by right-clicking on an alert and choosing “open in a new tab”ImprovementsIncreased Visible AlertsWe have increased the visible alerts displayed in the Triage page.View Count No Grouping View 10,20,30,50 (Default 20) Entity Grouping View 5,10,20,30 (Default 10) Alert Type Grouping View 5,10,20 (Default 10) Investigations Table View 5,10,20 (Default 10)  Content Manager expanded to support All alert typesIt is now possible to install all alert types not just “each” from Content Manager.Rolling Deviation Gradient Several EachContent Manager Subquery SupportSubqueries are now supported by adding these parameters:externalOffset internalOffset internalPeriodTriage FilteringTriage can now filter Entities using AND / OR conditions.Increased security of investigations and Enigma EndpointsUpdates to internal APIs are adapted to Devo roles with the associated End Points. Learn more in our Docs page!

The team is on a roll with new features!  This update brings you the Field Viewer, a new feature that allows you to quickly control information and speeds up investigations! Geo Availability                                                                                                                                                                                                                                                                              Region Status CA Released US Released EU Released APAC Released In this ReleaseField ViewerThis new feature shows the list of fields and stat counts for data downloaded to the browser for the query period. The panel remains open and visible at all times until you choose to close it.You can use the Field viewer for two different purposes:Display statistics associated with all the distinct values of the fields Manage those fields in the data search window.Managing Fields allows you to:Order Fields Hide and Show fields Save and Reset field layouts Generate Charts  Learn more about this fantastic feature in our Docs!

Latest version of Devo SOAR brings you new automation integrations as well as a plethora of enhancements. AutomationIntroduction of a new integration: OpenSearch OpenSearch is a family of software consisting of a search engine, and OpenSearch Dashboards, a data visualization dashboard for that search engine. The software started in 2021 as a fork of Elasticsearch and Kibana, with development led by Amazon Web Services.  EnhancementsAdded support for User Forms implementation from SMTP to Microsoft Graph Integration. CrowdStrike Falcon Host (OAuth Based) integration has added Run GraphQL Query action. Zendesk integration has added 3 new actions: List Tickets, Update Ticket and List Comments SMTP integration has added Reply-Tooption in Send Email action. Cybereason integration has added 5 new actions Isolate Malop Machine, Set Reputation, Remediate Items, Retrieve All Malops and Get Malop Details

This update brings you a ton of API improvements, new role permissions and tons of fixes! Region Status GovCloud Released CA Released US Released EU Released APAC Released  Table of contentsAdministration Multitenancy  Aggregation Alerts Summary and Description areas DeepTrace information visual improvements Data Search Depreciated Operations API New features Aggregation Tasks API Lookups API Query API Bug fixes AdministrationRole PermissionsMultitenancy We’ve added a new role permission Multitenancy administration –> Custom data access with Edit mode able to allow/restrict the access to the Administration → Multitenancy → Custom data access tab.AggregationNew Token permission added to allow the use of the new Aggregation Tasks Token (detailed below) AlertsSummary and Description areasWe’ve increased the area width up to a maximum of 90 standard characters (since not all characters are the same size, some lines may show more than 90 characters and others less, depending on the type of characters included in the line). We now display the full content of both areas (Summary and Description).DeepTrace information visual improvementsRenamed the heading “Auto-investigation status” as “Trace status”. Renamed DeepTrace statuses : Status “No trace found” renamed as “No trace”. Status “Success” renamed as “Trace found”. DeepTrace icon moved to the first place in the Actions column. We’ve also made some small improvements to error messages across the platform. Data SearchDepreciated OperationsDepreciated Operation New Equivalent Operation mmcoordinates mm2coordinates mmlatitude mm2latitude mmlongitude mm2longitude mmcity mm2city mmcountry mm2country mmpostalcode mm2postalcode mmregion mm2subdivision1 mm2subdivision2 mmregionname There is no exact equivalent. You can use: Geolocated level 1 Subdivision with Maxmind GeoIP2 (mm2subdivision1) Geolocated Level 2 Subdivision with Maxmind GeoIP2 (mm2subdivision2) mmisp mm2ips mmorg mm2org mmasn mm2asn mmasowner mm2asorg mmspeed mm2con reputation N/A reputationscore N/A sbl N/A  What does Depreciated mean? The operation is still valid, but no longer updated. The operation will not be displayed in the Data search wizard nor in the Smart Editor autocompletion function. When the operation is used in a query, the notification “<ope> operation is deprecated” will be displayed. When you try to edit a query breadcrumb that contains one of those operations, it won’t be allowed and the notification “<ope> operation is deprecated. It can only be edited manually in the query editor” will be displayed. API New featuresAggregation Tasks APIWe’ve added the new token type “Aggregation Tasks API” in Administration → Credentials → Authentication tokens to only manage Aggregation Tasks API.From this release on, the tokens that allow you to manage Aggregation Tasks API are:For new tokens: only the ones created with “Aggregation Tasks API” type. For already-created tokens : all tokens that are currently used to manage Aggregation Tasks API.Furthermore, we’ve added a new role permission with View/Edit modes.Lookups APIAutofill domain in query when it is missing for my.* tablesAutofill domain in query when it is missing for my.* tables. Create/update lookup:Now you can create/upload a lookup from a CSV located in S3. Lookup id in the request body is not required anymore. If not informed, it takes the lookup name and domain from the path.GET lookup/domain and GET lookup/domain/name:Domain owner is not shown for each lookup. Improvements in GET/lookup/job.Lookup ownership vs lookup visibility: A lookup is owned by a domain but it can be created to be visible by other domains. Visibility is assigned when creating/updating a lookup: (i)creator_only: lookup will only be visible by the owner (ii)all-subdomains: only for multitenant admin domains. All domains inside the multitenant will see the lookup. Get list of lookups based on lookup ownership: GET lookup/<domain_name> GET lookup/<domain_name>?owner=THIS_DOMAIN → default value GET lookup/<domain_name>?owner=OTHER_DOMAINS GET lookup/<domain_name>?owner=ANY_DOMAIN Query API Time control support using “timeRangeFilter” configuration: "by" default to “eventdate“. Use “creationdate” for event creation time selection. Optional "allowedLateness": Default to "now" Allows duration expressions like: 1d, 1h, etc. Bug fixesIn Data search, the formatdate operation would display its results according to the computer’s time zone instead of according to the web time zone.. The Alert page vertical scroll wasn’t working correctly, resulting in some alerts not being shown. The Alert page vertical scroll wasn’t always visible. In domains with a large amount of alert sending policies, the Alert policies page was unresponsive at times.  There was an issue that affected Lookups with the same name in different domains, whereby if one was updated then the “last updated” date in both domains would be the same.  Shared Lookups would be incorrectly displayed as private once they were updated.  In the Administration → Users → Access details tab, when searching for a Permission/Activeboard/Lookup/Alert that doesn’t exist, the search box disappears and the following error message was displayed: “There are no Permissions/Activeboards/Lookups/Alerts for the assigned role”