Milestone 84

What's New

Automation

  • Area 1 Security Integration offers phishing campaign rulesets. These aid research and provide a set of indicators to block using network security edge devices.

Playbook

  • Playbook now allows you to duplicate a node, that will have the identical details as the node that you duplicated.

Enhancements

  • Alerts now have an improved user interface.
    • In Alerts detail page, description field renders as JSON format.
    • Mapped columns render format based on the selected field type (such as Text, Textarea, JSON, Markdown)
    • Additional fields now support JSON format. Earlier, there was a limitation that additional field values were string only; therefore there is a possibility that existing flows might get disrupted.
  • Splunk integration is enhanced with 'Write to Index' action.
  • AWS EKS and AWS EKS (Assumed Role) integrations are enhanced with 'Update Cluster Config' action.

Deprecated Feature from Milestone 86

  • LHUB-20080: Data schema for 'CommandRunSuccess' audit event.
    • The data schema for 'CommandRunSuccess' will now be changed to initiator rather than initiated. Using initiated for ‘CommandRunSuccess' will be deprecated starting with Milestone 86, and there will be errors in your playbooks where this audit event was used.

Bug Fixes

  • GeoIpLookup operator will execute in batches to prevent system memory overload.
  • Case and Alert search query parsing will time out after 5 seconds to avoid becoming stuck indefinitely.