Skip to main content

This update brings you a ton of API improvements, new role permissions and tons of fixes!

 

Region Status
GovCloud Released
CA Released
US Released
EU Released
APAC Released

 

Table of contents

 

Administration

Role Permissions

Multitenancy 

We’ve added a new role permission Multitenancy administration –> Custom data access with Edit mode able to allow/restrict the access to the Administration → Multitenancy → Custom data access tab.

Aggregation

New Token permission added to allow the use of the new Aggregation Tasks Token (detailed below)

 

Alerts

Summary and Description areas

We’ve increased the area width up to a maximum of 90 standard characters (since not all characters are the same size, some lines may show more than 90 characters and others less, depending on the type of characters included in the line). We now display the full content of both areas (Summary and Description).

DeepTrace information visual improvements

  • Renamed the heading “Auto-investigation status” as “Trace status”.
  • Renamed DeepTrace statuses :
    • Status “No trace found” renamed as “No trace”.
    • Status “Success” renamed as “Trace found”.
  • DeepTrace icon moved to the first place in the Actions column. We’ve also made some small improvements to error messages across the platform.

 

Data Search

Depreciated Operations

Depreciated Operation New Equivalent Operation
mmcoordinates mm2coordinates
mmlatitude mm2latitude
mmlongitude mm2longitude
mmcity mm2city
mmcountry mm2country
mmpostalcode

mm2postalcode

mmregion

mm2subdivision1

mm2subdivision2

mmregionname

There is no exact equivalent. You can use:

  • Geolocated level 1 Subdivision with Maxmind GeoIP2 (mm2subdivision1)
  • Geolocated Level 2 Subdivision with Maxmind GeoIP2 (mm2subdivision2)
mmisp mm2ips
mmorg mm2org
mmasn mm2asn
mmasowner mm2asorg
mmspeed mm2con
reputation N/A
reputationscore N/A
sbl N/A

 

What does Depreciated mean?

  • The operation is still valid, but no longer updated.

  • The operation will not be displayed in the Data search wizard nor in the Smart Editor autocompletion function.

  • When the operation is used in a query, the notification “<ope> operation is deprecated” will be displayed.

  • When you try to edit a query breadcrumb that contains one of those operations, it won’t be allowed and the notification “<ope> operation is deprecated. It can only be edited manually in the query editor” will be displayed.

API New features

Aggregation Tasks API

We’ve added the new token type “Aggregation Tasks API” in Administration → Credentials → Authentication tokens to only manage Aggregation Tasks API.

From this release on, the tokens that allow you to manage Aggregation Tasks API are:

  • For new tokens: only the ones created with “Aggregation Tasks API” type.
  • For already-created tokens : all tokens that are currently used to manage Aggregation Tasks API.

Furthermore, we’ve added a new role permission with View/Edit modes.

Lookups API

Autofill domain in query when it is missing for my.* tables

Autofill domain in query when it is missing for my.* tables. Create/update lookup:

  • Now you can create/upload a lookup from a CSV located in S3.
  • Lookup id in the request body is not required anymore. If not informed, it takes the lookup name and domain from the path.

GET lookup/domain and GET lookup/domain/name:

  • Domain owner is not shown for each lookup. Improvements in GET/lookup/job.

Lookup ownership vs lookup visibility:

  • A lookup is owned by a domain but it can be created to be visible by other domains.

  • Visibility is assigned when creating/updating a lookup:
    (i)creator_only: lookup will only be visible by the owner
    (ii)all-subdomains: only for multitenant admin domains. All domains inside the multitenant will see the lookup.

Get list of lookups based on lookup ownership:

  • GET lookup/<domain_name>

  • GET lookup/<domain_name>?owner=THIS_DOMAIN → default value

  • GET lookup/<domain_name>?owner=OTHER_DOMAINS

  • GET lookup/<domain_name>?owner=ANY_DOMAIN

Query API

 

Time control support using “timeRangeFilter” configuration:

  • "by" default to “eventdate“. Use “creationdate” for event creation time selection.

  • Optional "allowedLateness":

    • Default to "now"

    • Allows duration expressions like: 1d, 1h, etc.

Bug fixes

  • In Data search, the formatdate operation would display its results according to the computer’s time zone instead of according to the web time zone..
  • The Alert page vertical scroll wasn’t working correctly, resulting in some alerts not being shown.
  • The Alert page vertical scroll wasn’t always visible.
  • In domains with a large amount of alert sending policies, the Alert policies page was unresponsive at times. 
  • There was an issue that affected Lookups with the same name in different domains, whereby if one was updated then the “last updated” date in both domains would be the same. 
  • Shared Lookups would be incorrectly displayed as private once they were updated. 
  • In the Administration → Users → Access details tab, when searching for a Permission/Activeboard/Lookup/Alert that doesn’t exist, the search box disappears and the following error message was displayed: “There are no Permissions/Activeboards/Lookups/Alerts for the assigned role”
Be the first to reply!