August 2024

New Features

• New Data Catalog showing lineage of data fields from source to OCSF, Core Data Products (CDP) and Dashboard Views (BDW) schemas.

• New Entities page where you can search for the active (most recent records) related to each entity type.

• New Data Quality Sankey diagram showing data quality metrics from the data source to destination OCSF tables within the data quality summary page.

• A new authentication method AWS Signature Version 4 is added in the DataBee UI, with input fields such as access key, secret key, security token, AWS region, and service name.

• Contact Support button which takes you to the Help article is added under the ? menu.

• A minimum event count function, where you can set the minimum number of occurrences needed for a link to match on an entity is added for detection chain links.

• Support for ImpHash is added within Sigma rules.

• Support for the following additional Sigma modifiers is added within Sigma rules.

  • BASE64

  • BASE64OFFSET

  • UTF16LE

  • UTF16BE

  • WIDE

  • UTF16

  • ASCII

Feature Enhancements

• On the entity view timeline, the checkboxes "Include Events from Device Owner" and "Include Events from Owned Devices" are disabled when there is no owner or no owned devices.

• In the data sources page, the text "Showing X of Y results" is moved to the row below the drop downs.

• The Security Findings option is removed from the default filter list of the timeline tables.

• Large numbers displayed in DataBee UI are separated with commas for easier readability.

• Word wrap is applied for long feed names.

• The pivot to an entity view from the entity search page will set the time context of the page to Now.

• The entity management configuration page is now made available for all administrators (Security Hygiene entitlement required to change some configuration options).

• The 'id' for a Sigma Detections or Detection Chaining based detection finding is updated to use Sonyflake ID.

Bug fixes

• The issue where Snowflake and Databricks are assigned with duplicate IDs is fixed.

• The issue causing performance degradation due to excessive processing of serial number and hostname combinations in the correlator is fixed.

• The issue where the entity resolution configuration is not working in Databricks is fixed.

• The issue in viewing the user details when an owned device does not have a hostname is fixed.

• The issue where excessive queries when searching on the device table are causing performance degradation is fixed.

• The issue where searching against the ID field in Detection Chains throws an error is fixed.

• The issue of the DataBee APM not recording updates is fixed.

• The issue where the assets recently accessed is not returning results is fixed.

• The issue where the storage usage console gives incorrect data is fixed.

• The issue where backtrace is not working when an element is pulled from a merged entity is fixed.

• The issue where the data quality trend graph value is always zero is fixed.

• The 404 error on the Security page is fixed.

• The issue where the Additional Owner on the device entity view is showing a pivot link when no user ID is available is fixed.

• The issue in editing an existing Detection Chain links is fixed.

• The issue where Detection Chains is not storing the correct modified time is fixed.

• The Databricks time format error for owner discovery is fixed.

• The issue where Highest Detection Findings From DataBee widget showed some non-DataBee detection findings is fixed.