January 2025

  • Published on Feb 13, 2025
  • 1 minute(s) read
Prev Next

New Features

  • New health history trendline component in the DataBee UI.

  • The device entity pages display suggested owners along with the potential owners.

  • The CVE/vulnerability findings are extracted from matched events and included in detection chain findings.

  • DataBee-generated Detection Findings Events have been enhanced to include the following:

    • When present in the matching originating event, the following objects are now written to their corresponding evidence items:

      • DNS Query

      • File

      • HTTP Request

      • HTTP Response

      • Job

      • Process

      • Script

    • Mapping of CVEs to Vulnerability Objects in Detection Chains:

      Common Vulnerabilities and Exposures (CVEs) are now mapped to the vulnerability object within detection chains, enhancing the identification and tracking of known security issues.

    • Mapping of Non-MITRE ATT&CK and Non-CVE Tags to Enrichment Objects:

      Tags that do not pertain to MITRE ATT&CK or CVEs are now mapped to the enrichment object, providing additional context and information within detection findings.

Feature Enhancements

  • Tooltips are added for inclusion and exclusion filters in the data source configuration page.

  • A tooltip is added to the 'Add Parameter' options for Basic Search.

  • The Related Node graph now shows the selected owner as well for devices, applications, or products.

  • A potential owner relationship is added to applications/products.

  • In the Data Collector UI, the proxy URL validation is updated to allow only HTTP, and the description under 'Enable Proxy' is removed.

  • The date time picker is updated with a new style making it easier to set custom times.

Bug Fixes

  • The issue where the API version was not populated during step 2 of configuring a data source of the Data Collector ingest type is fixed.

  • The issue where duplicate alerts appeared in the data feed timeline for multiple feeds is fixed.

  • The Out of Memory(OOM) issue observed on Organization Hierarchy ETL within the Core Data Products is fixed.

  • The issue where extra fields were being stored in the configuration management system in the API Time Ingest window component is fixed.

  • The issue causing a server error under some conditions when retrieving feed audit history is fixed.

  • The issue causing the 'Most Common Data Quality Alerts' widget to error is fixed.

  • A JavaScript error that occurs when filtering JSON fields using the 'contains' function on the search page is fixed.

  • The issue where the Create Detection Chain button is visible when the tenant does not have Security Threat Entitlement is fixed.

  • The issue where the detection chaining service failed to retrieve suppressions is fixed.

  • The issue causing Model Not Fitted error in owner discovery is fixed.

  • The issue resulting in some invalid cluster predictions in owner discovery is fixed.