Milestone 86

What's New

Automation

  • Symantec Endpoint Detection and Response (EDR) provides complete protection for all of your traditional and mobile devices across the entire attack chain.
  • AWS IAM (Assumed Role) allows you to centrally manage users, security credentials such as access keys, and permissions that control which AWS resources users and applications can access.

Case Management

  • The case details page enables you to view a list of alerts within the case with a single click. The cases now have a new default tab Linked Alerts that enables you to add and search for alerts based on their IDs.

Enhancements

  • Slack channel can now be enabled or disabled via Case Settings.
  • IBM QRadar integration is enhanced with 'Get Log Source Type by ID', 'Get Offenses by Source Address', 'Get Offenses by Destination Address', and 'Get Domains' actions.
  • The 'Create Ticket' action in ServiceNow integration now allows user-defined custom fields in the Jinja template allowing you to add values in multiple fields.
  • Case Management integration is enhanced with 'Delete Attachment' action.

Deprecated Feature

  • LHUB-22516: Data schema for 'CommandRunSuccess' audit event.
    • The data schema for 'CommandRunSuccess' will now be changed to initiator rather than initiated. Using initiated for ‘CommandRunSuccess' will be deprecated starting with Milestone 86, and there will be errors in your playbooks where this audit event was used.

Bug Fixes

  • When you replace modules in multiple playbooks using the option: “Replace with this in other playbooks”, it used to not carry over integration inputs. We have fixed this and integration inputs will be correctly carried over.
  • Fields with value NULL in the output of python operator used to get incorrectly converted to data type: string. We have fixed this and now those fields will correctly have the data type: NULL.