We're excited to announce the latest enhancements and fixes in SIRP version 5.0.4, a minor release with some noteworthy enhancements that customers requested.
Here's what's new in SIRP Version 5.0.4:
Exciting New Features:
Enhancements in the Artifacts List of Containers:
Introduced Search functionality and Pagination for the artifacts list in the Detail view of Containers, improving user experience, load times, and performance. The view is now loaded with a limited number of artifacts under each type with an option for analyst to load the remaining items as well as filter out the list by using the search function.
Customizable Subcategories for Threat Intelligence:
Subcategories are now available for threat intelligence. These subcategories can be separately customized for each tenant and each one is linked to a parent Category.
These subcategories are also made available in the Detail View as well as Threat Intel widgets.
Individual Dashboard Permissions:
We have now introduced permissions that can be set against user roles which would allow users to access specific dashboards only.
Dashboard visibility can be set from Admin > Access Control >Priviliges > Edit Role > Individual Dashboards section
New Dashboard Widgets:
Top 10 Offences - A widget for the Global dashboard displaying the top 10 occurring alerts across all tenants
Offences Trend - A widget for the Global dashboard displaying the trend of alerts across all tenants
Incidents count by Containment and System Cleaned - A widget that displays the count and breakdown of Incidents by two custom Incident fields "Containment" and "System Cleaned"
Investigations Breakdown by Subcategory
Malware Incidents Breakdown by Asset Types - A widget that shows the breakdown of "Malware" category incidents by Asset types tagged in the Incidents
Miscellaneous Enhancements and Bug Fixes:
A new Permission was introduced which can be used to allow/disallow users from changing Disposition in Incident Management
The Bulk Update functionality in the List view of Incident Management is now enhanced and contains all the features of the Comments feature within the Detail View i.e. selection of comment type (Public, Private, or Internal), and the ability to tag a user in the comment.
SLAs are now applicable to both Threat Intel and Vulnerability Cases
A "process recycling" job is now introduced that checks and resets any automation processes that are found to be stuck for a while.
Added a restriction that stops users from changing the disposition of containers (Incident or Investigation) "Alert" if that container already has linked Alerts. The same restriction is also applied in the Playbook's "SIRP - Change Disposition" action.
All SMTP errors are now logged in the Admin > Logs > Error Logs section. This provides an opportunity for the admin to rectify any configurational issues with SMTP.
Apps and Integrations:
Manage Engine Integration updated to fix the parsing issue of the Ticket body when the case is escalated to Manage Engine. Also introduced two new fields "add udf_fields" and "udm_pick_902" as an additional input
Qradar - New action introduced "GET FILTERED OFFENCES WITH EVENTS". This action is used when QRadar is operating in a multi-tenant environment. The action takes "Domain ID" as an input to fetch offenses from a specific domain/tenant.
Enjoy! 💻👋