Release Notes v9.1.1
  • 1 Minute to read
  • Contributors
  • Dark
  • PDF

Release Notes v9.1.1

  • Dark
  • PDF

Release Date: 17/12/2021

What's New?

  1. Introducing Schema on Read capabilities.
  2. Realtime Search Results with Progress Indicator.
  3. Active Threat Content (OTA updates) extended to extractors.
  4. Ability to multi-select and add signals to a case.
  5. Signal listing now shows severity by color code and risk score.
  6. Reintroduced 2FA configurable per organization.
  7. Connectors: S3 Optimized, Snowflake Audit, HaltDOS.
  8. Administration section out of existing DNIF infra management pages.
  9. License Card added to new administration section.
  10. Ability to disable workbooks from streaming and scheduled execution.
  11. Workflow to allow overriding native workbooks and extractors.
  12. Initial release of generic TAXII integration.
  13. RDBMS log shipper available on
  14. System Enforcement for Active Device Licenses.
  15. Filtering in User and Extractor listing.
  16. SAAS: Faster Searches, new MPP Architecture
  17. Support for renaming columns in DQL with AS operator.
  18. Components get additional OFFLINE state between ACTIVE and UNKNOWN.

What's Changed?

  1. Signal processing is now on steroids, able to cope with burst of false positive signals.
  2. Search Block: Stream selection surfaces recent and active streams over inactive ones.
  3. Search Block: Added preset for Recent (last two minutes).
  4. AI Block is now Outlier Block due to shift in roadmap for the same.
  5. Outlier Block adds toggle to allow listing of normal entities alongside outliers.
  6. Enhanced Email Templates for System Communications.
  7. Added delete option for custom extractors.
  8. Users will no longer be able to update native extractors and workbooks in place.
  9. Palo Alto and Fortigate Plugins migrated to Generic SSH Framework.
  10. Ability to copy Device Source on Collection Status page.
  11. Webhook Plugins now allow variable replacement in header field.
  12. SAAS: DQL non-aggregated limit searches will no longer be sorted by default. use first, last instead.
  13. Blocked users from trying to sneak LogEvent into signals.

What's Fixed?

  1. Memory leak in dispatcher process.
  2. Time-lag between data time and signal time affecting workbook timetravel.
  3. Outlier block status shows pending until search stage completed.
  4. Bug in PICO that caused term filtering to not work.
  5. vFields not updated on deleting custom extractors.
  6. Notable events related to connector errors wouldn't coalesce properly.

Was this article helpful?