New Features
New Data Catalog showing lineage of data fields from source to OCSF, Core Data Products (CDP) and Dashboard Views (BDW) schemas.
New Entities page where you can search for the active (most recent records) related to each entity type.
New Data Quality Sankey diagram showing data quality metrics from the data source to destination OCSF tables within the data quality summary page.
A new authentication method AWS Signature Version 4 is added in the DataBee UI, with input fields such as access key, secret key, security token, AWS region, and service name.
Contact Support button which takes you to the Help article is added under the ? menu.
A minimum event count function, where you can set the minimum number of occurrences needed for a link to match on an entity is added for detection chain links.
Support for ImpHash is added within Sigma rules.
Support for the following additional Sigma modifiers is added within Sigma rules.
BASE64
BASE64OFFSET
UTF16LE
UTF16BE
WIDE
UTF16
ASCII
Feature Enhancements
On the entity view timeline, the checkboxes "Include Events from Device Owner" and "Include Events from Owned Devices" are disabled when there is no owner or no owned devices.
In the data sources page, the text "Showing X of Y results" is moved to the row below the drop downs.
The Security Findings option is removed from the default filter list of the timeline tables.
Large numbers displayed in DataBee UI are separated with commas for easier readability.
Word wrap is applied for long feed names.
The pivot to an entity view from the entity search page will set the time context of the page to Now.
The entity management configuration page is now made available for all administrators (Security Hygiene entitlement required to change some configuration options).
The 'id' for a Sigma Detections or Detection Chaining based detection finding is updated to use Sonyflake ID.
Bug fixes
The issue where Snowflake and Databricks are assigned with duplicate IDs is fixed.
The issue causing performance degradation due to excessive processing of serial number and hostname combinations in the correlator is fixed.
The issue where the entity resolution configuration is not working in Databricks is fixed.
The issue in viewing the user details when an owned device does not have a hostname is fixed.
The issue where excessive queries when searching on the device table are causing performance degradation is fixed.
The issue where searching against the ID field in Detection Chains throws an error is fixed.
The issue of the DataBee APM not recording updates is fixed.
The issue where the assets recently accessed is not returning results is fixed.
The issue where the storage usage console gives incorrect data is fixed.
The issue where backtrace is not working when an element is pulled from a merged entity is fixed.
The issue where the data quality trend graph value is always zero is fixed.
The 404 error on the Security page is fixed.
The issue where the Additional Owner on the device entity view is showing a pivot link when no user ID is available is fixed.
The issue in editing an existing Detection Chain links is fixed.
The issue where Detection Chains is not storing the correct modified time is fixed.
The Databricks time format error for owner discovery is fixed.
The issue where Highest Detection Findings From DataBee widget showed some non-DataBee detection findings is fixed.