In this release, several new features and functionalities in the Security Operations investigations and triage tabs were released. These accelerate the workflow of the SOC team and simplify your interactions with the Security Operations solution.

New features 

• Artifact storage in investigations for improved analysis and incident response coordination.

• Ability to add custom fields in the investigation for linking with third-party systems.

• Support of markdown and text formatting in alert annotations and investigation comments.

• Ability to change status of alerts from the Triage page (grouped by entity and not grouped views) for improved workflow.

• Human readable text in the Extra Data field in alert details so you can read the data easily, as well as copy and paste it to other systems.

• Improved Error Communications specifying what analysis went wrong.

• New Dialog design, consistent in the entire application.

Bug fixes 

• Isnotnull function was fixed, when running the alerts through SecOps.

• Fixed CrowdStrike settings issue that was not enabling to perform CrowdStrike Falcon enrichments.

• Delete enrichment in investigation detail is fixed.

• Users can now upload the same file twice in an investigation.

• Loading layer in real time for triage and investigation: performance issues are fixed.

• We fixed the alert associations tab in investigations which was not updated correctly when you delete the latest alert in the investigation.