17.3

New Features

Dashboard Auto-Refresh on New Events or Incidents

Previously, users were required to manually refresh the reporting dashboard, or click the Frame 71 (1)-20250529-195945.png button on a persistent "Dashboard Update Available" banner, to view new data. The dashboard now supports live auto-refresh, automatically updating widget visualizations when new events or incidents are detected. This behavior can be enabled via the new Auto-reload on new data toggle.

New Permission Scope: Create New Tag

The ability to create new tags is now restricted to users with the Create New Tag permission. Users without this scope can still add tags to incidents from a predefined list.

Adding the Permission

Navigate to Configuration > Organization Management > Roles > [Select Role] > Details > Operational Modules > Incident.
Select the Create New Tag checkbox to grant the tag-creation permission to the selected role.

Retry Mechanism for Missing Events During Connectivity Interruptions

A new Retry mechanism enables automated retries during connectivity interruptions. It re-fetches event or incident data in chronological order, up to a user-defined limit, after the main ingestion job resumes normal operation.

Enabling the Retry Mechanism

Users can enable the retry mechanism for a new data ingestion job in the following steps:

Select the Initiate the buffer time of the Data Reacquire for <number> minutes after completing the event fetch checkbox to display the retry mechanism checkbox.
Select the Enable data retry <number> times if the ingestion job fails or completes with errors checkbox to activate automated retries for fetching event or incident data.
(Optional) Configure the retry attempt limit (e.g., 5).

If an ingestion fails, the retry mechanism activates automatically. Users can view the retry results upon success by clicking the button.

Enhancements

Email Reporting Across Multiple Sites

Previously, within the Reporting Dashboard module's Email Scheduler sub-feature, users had to create individual email schedules for each site, as there were no options to send a dashboard that included data from multiple sites. This enhancement introduces two new options, "All Internal Sites" and "All Client Sites," enabling users to distribute dashboards with data from all internal or client sites without needing to send them individually.

Customizing Sites for "All Client Sites" and "All Internal Sites" Options

The "All Internal Sites" and "All Client Sites" options will include all sites the dashboard owner has access to at the moment the snapshot is generated. To adjust which sites are included in these options, the settings can be configured in the Organization Management > Users sub-module.

Access Control Applied to User-Based Dropdown Filters

User-related dropdown filters in the Reporting Dashboard have been enhanced to show only users associated with the selected site. This improvement simplifies the filtering process and makes it easier to find relevant users.

Applying User-Based Dropdown Filters

The improvement on the user-related dropdown filters works as follows:

Select a site to view the reporting dashboard.
Click the user-related filter (such as the Incident Owner filter) on a relevant widget.
Choose one or more users associated with the selected site to filter the displayed data.

List of User-Based Dropdown Filters

The following widget column filters are subject to access control:

Event Assigned By
Event Disposed Action By
Event First Assigned By
Event Investigator
Incident Assigned By
Incident Closed By
Incident Creator
Incident Investigation Team
Incident Owner
Incident Reopened By

Utility Commands

New Commands

The following utility commands have been added to this release of D3 SOAR.

Commands	Functionality
Get JSON Of Current Event Automation Rules	Displays Event Automation rules in JSON format. Filters include rule type ("Escalation", "Dismissal", or "All") and the option to filter by active or both active and inactive rules. By default, it retrieves both rule types and only includes active rules.

Integrations

Updated Integrations

The following integrations have been updated in this release of D3 SOAR.

Integration Name	Changes
Cisco Identity Services Engine	New Commands Get Endpoint Details List Endpoints
Cortex XDR	New Commands Get Script Results Get XQL Query Quota Get XQL Query Results Stream Run Script Enhanced Command(s) Isolate Hosts: Updated the request body format to reflect the latest API payload changes. Unisolate Hosts: Updated the request body format to reflect the latest API payload changes.
Freshservice	Enhanced Command(s) Close Tickets: Added the Bypass Mandatory Fields, Resolution Note, and Additional Mandatory Fields parameters. Resolve Tickets: Added the Bypass Mandatory Fields, Resolution Note, and Additional Mandatory Fields parameters. Update Tickets: Added the Bypass Mandatory Fields parameter.
Google Drive	Enhanced Command Upload Files: Users can now upload files from vSOC to a specific folder using the Parent Folder ID parameter.
Microsoft Entra ID Protection (Azure AD Identity Protection)	Enhanced Command Fetch Event: Added the Risk Users dropdown option to the Event Type parameter for the newly added Event Source for Risk User event source.
Office 365	Enhanced Command Fetch Events: Revised the display names for the following built-in field mappings (source fields): $..originalMessageFile[].attachment[].md5 $..originalMessageFile[].attachment[].sha1 $..originalMessageFile[].attachment[].sha256
Stamus Clear NDR	New Command Fetch Incidents
Wiz	Enhanced Command Fetch Event: Updated the command to align with recent API changes.

[data-colorid=mh0yg3h9cl]{color:#101520} html[data-color-mode=dark] [data-colorid=mh0yg3h9cl]{color:#dfe4ef}New Features