14.0.582
What’s new in v14.0.582
New: Multitenancy
The new multi-tenancy feature allows you to share different content types from a single master source to multiple tenant destinations. This feature is perfect for MSSPs to manage clients from different regions and manage content sharing from a single master instance. There are nine types of content you can share:
Event Playbooks
Incident Playbooks
Integration
Utility Commands
Connections
Global List
Event Automation Rules
Incident Forms
Users / Group / Roles
On top of that, there are new system built-in commands to help you manage your tenants.
New: Event Playbooks
With D3’s incident playbooks, you were able to create complex incident workflows with our codeless playbook engine. In the newest version of D3 SOAR, D3’s powerful playbook engine has been improved to support event playbooks. You can now create multiple standardized workflows for ingested events from different integrations and select which playbook to run for each scheduled event ingestion.
General Improvements
Webhook Redesign
The webhook ingestion method allows the Integration to send event or incident data (in JSON format) to be investigated in the system. This allows real-time, controlled event or incident data ingestion for SOC teams, and offers greater flexibility. In this version, we redesigned the UI to make it easier for you to create and manage webhook keys.
Investigation Dashboard Enhancements
The Investigation Dashboard is one of the essential modules every analyst employs during an investigation. We understand the significance of this dashboard and have made big improvements in this version to make it simpler to use.
Dashboard Advanced FiltersYou can now apply advanced filters to incidents within the Incidents tab to help you better search for the relevant incidents: Data Within, Incident Type, Status, Severity, Owner, Tactic, and Technique. | |
Add Custom Columns in DashboardYou can now add custom columns to the event and incident dashboard in the Application Settings. | |
Site List EnhancementThe new site dropdown list allows you to search and bookmark important sites that are important to you. | |
Bulk Action on Events and IncidentsYou can now multi-select and perform bulk actions on multiple events/incidents. | |
New Dashboard ItemsArtifacts and Playbook Errors have been added to the investigation dashboard list. |
Custom Artifacts
In addition to the built-in artifact types offered by D3, you now have the power to create custom artifact types to fit your needs as well. Custom Artifact Types will have user-defined identities, additional fields and relationships, allowing SOC teams to have greater flexibility in artifact detection and organization.
View/Clone Built-In Commands
You can now view the implementation of our built-in commands and clone them if you want to customize the commands.
Playbook Local Shared Data
The local shared data allows you to store data in JSON format for tasks to reuse in a playbook. This storage area is local – data stored here is only accessible by this playbook and this playbook only. This feature may be helpful in situations where there are data (e.g. URL reputations) you want to be accessible by any tasks regardless of their playbook path.
Other Enhancements
Manage email domain whitelist for users' emails
Configure “Shared to Internal Sites” recipient site within connections
Use dynamic placeholders for incident title/description
Ability to dynamically select a dropdown input in a playbook
Improved path picker usability within data formatter
Added new incident metadata fields in a playbook
Revamped user manual site
Integration Enhancements
We are constantly improving our 300+ out-of-the-box integrations to help you build your workflow easier. In this version, we have updated/added 14 of the integrations:
New!
AWS GuardDuty
Google Kubernetes Engine
F5 Load Balancer
Stellar Cyber
Fresh Service
D3 Integration
Enhancements
Docker
Microsoft Sentinel
Zendesk
AWS EC2
Azure Active Directory
Datto Autotask PSA
TheHive
FortiAnalyzer
Qualys