16.7
Incident Workspace Enhancements
Incident Overview: Quick Access Pane
To improve user experience, we are introducing the quick access pane - a faster way of traversing the dashboard located on the right side of the dashboard. You can leap to different sections within the Overview such as Event Summary, Your Pending Tasks, and Tactics & Techniques.
Incident Form Editor
Due to the changes in the quick access panel UI, the Incident Form Editor has also been modified when editing the incident overview.
Playbook Enhancements
Playbook Tasks: Auto Retry on Error Setting
The new "Auto-Retry on Error" function within playbook tasks ensures continued playbook operations by automatically retrying failed tasks. This minimizes the need for manual re-runs and keeps your security workflows moving smoothly. After enabling auto-run, you have the following options to configure for the auto-retry on the error option:
Automatic Retries: Set the playbook to retry a task up to 5 times if it fails.
Customizable Delays: Define specific intervals between retries, with options for seconds, minutes, or hours.
Reporting Dashboard Enhancements
New Widget: Table
With our latest update, the Table Widget has been introduced to enrich your reporting dashboard capabilities. This widget allows for the data to be displayed in a structured table format, offering you the flexibility to customize your view by adding or removing columns according to the fields queried. Due to access control limitations, the Table Widget is not compatible with the email scheduler feature for sharing purposes.
Data Ingestion Enhancements
Data Reacquire Option to Prevent Missed Ingestion Data
The Data Reacquire option automatically schedules a task to re-fetch data after a scheduled task finishes, to be executed at a future time (e.g., 30 or 120 minutes later), ensuring data completeness. It can be enabled through a checkbox on the schedule configuration page. This option, doubling the request count, is recommended for system integrations to capture data not collected by the REST API within the first minute after creation.
Utility Command Enhancements
New Commands
The following utility commands have been added to this release of D3 SOAR.
Commands | Functionality |
---|---|
Create a PDF File from Input HTML | Creates a PDF file from an HTML text input. |
Create Incident With Conditions | Improves event data processing by allowing concurrent task execution and reducing ingestion job times. Configured as the last task in an event playbook, it handles incident creation and escalation sequentially and atomically after the playbook runs, preventing duplicate incidents. This command streamlines the event-to-incident process efficiently. |
Test Search Conditions for Creating Incidents | Find incidents that match the specified search criteria and organize the results by the date and time each incident was created, listing them from earliest to latest. Use this command to verify that the input search conditions are correct for the Create Incident With Conditions command. |
Integrations
Marketplace Home Page
We are excited to launch the first stage of our Integration Marketplace—the new cards UI. The redesigned integrations page provides a clear and concise overview of your integrations with immediate insights into their connection status and available actions. It's the first milestone in our roadmap towards a fully-featured Integration Marketplace, with many enhancements planned for the near future. Stay tuned for more updates as we continue to expand and refine your integration management experience.
New Integrations
The following integrations have been added to this release of D3 SOAR.
Integration Name | Description |
---|---|
HYAS Insight | HYAS Insight is a comprehensive threat intelligence and attribution tool that aids organizations in identifying and understanding cyber threats. It provides detailed insights into the infrastructure and methods used by attackers, enabling faster and more accurate threat detection and response. The platform stands out for its ability to trace and attribute attacks back to their source, offering a critical edge in combating cybercrime. |
HYAS Protect | HYAS Protect is a cybersecurity solution designed to offer proactive defense against digital threats. It utilizes advanced intelligence gathering and analysis techniques to identify and block malicious activities, safeguarding networks and data from cyber attacks. This system is known for its capability to detect threats before they cause harm, ensuring a high level of security for its users. |
Updated Integrations
The following integrations have been updated in this release of D3 SOAR.
Integration Name | Changes |
---|---|
Microsoft Entra ID | The Reset Password command's email notification modified with the following changes:
|
VirusTotal v3 | New command: Retrieve Widget HTML Content |