.png)
16.8.351.17
LAST UPDATED: NOV 27, 2024
New General Features
Configuration Home Dashboard
-20241126-010116.png?inst-v=de6920d7-f4ef-4f82-99b9-655e705989c7)
The home dashboard within the Configuration module provides an intuitive interface to help new users familiarize themselves with the platform. This dashboard serves as a quick-access hub for configuring essential components of the system. From this central location, users can perform on-the-spot actions such as adding incident playbooks, while other options direct users to the relevant sections for configuration tasks.
Read Only License
D3 is introducing a new license type: Read-Only License. This license type is tracked separately from other licenses and provides restricted access capabilities.
Investigation Dashboard
-20241127-004922.png?inst-v=de6920d7-f4ef-4f82-99b9-655e705989c7)
Event (Not controlled by Role Token. Always read-only)
Incident View (Controlled by Role Token)
Pending Task (Controlled by Incident View Role Token).
Playbook Error (Controlled by Incident View Role Token)
Reporting (Controlled by Reporting View Role Token)
-20241127-004400.png?inst-v=de6920d7-f4ef-4f82-99b9-655e705989c7)
Monitor (Controlled by Reporting View Role Token).
-20241127-004604.png?inst-v=de6920d7-f4ef-4f82-99b9-655e705989c7)
Global Navigation Bar
-20241127-000130.png?inst-v=de6920d7-f4ef-4f82-99b9-655e705989c7)
New Incident: Hidden
Chat: Hidden.
Enhancements
Interaction Task
-20241127-192943.png?inst-v=de6920d7-f4ef-4f82-99b9-655e705989c7)
Interactive Tasks have been enhanced beyond basic input options. With the new Question Builder UI, Interactive Tasks now support more input types, including booleans, JSON, numbers, date, time, and combined date and time fields. An additional Reply Channel dropdown gives users the option to send a reply URL to an email, enabling inputs and submissions to complete Interactive Tasks via an external channel.
Interaction Task Question Builder
HTML TEXT RADIO BUTTONS DROPDOWN MENU CHECKBOXES READ-ONLY TEXT
%201-20241127-182223.png?inst-v=de6920d7-f4ef-4f82-99b9-655e705989c7)
Reply Channel
-20241127-194117.png?inst-v=de6920d7-f4ef-4f82-99b9-655e705989c7)
Reply in Pending Task: Inputs and submissions are performed within the Interaction Task Details.
Reply in Email (new): Inputs and submissions are performed through an external link.
-20241127-195902.png?inst-v=de6920d7-f4ef-4f82-99b9-655e705989c7)
-20241127-195506.png?inst-v=de6920d7-f4ef-4f82-99b9-655e705989c7)
Interaction Task Question Builder UI
-20241127-200359.png?inst-v=de6920d7-f4ef-4f82-99b9-655e705989c7)
A Read-Only toggle is now available for all question types, replacing the previous READONLY TEXT question type.
The Read-Only toggle and the Required toggle cannot be enabled simultaneously.
Question order can be rearranged by hovering over the
-20241127-200850.png?inst-v=de6920d7-f4ef-4f82-99b9-655e705989c7)
icon and dragging it to the desired position relative to other questions.
Playbook Task Details
CHECKBOXES RADIO BUTTONS BOOLEAN DROPDOWN MENU
-20241127-193704.png?inst-v=de6920d7-f4ef-4f82-99b9-655e705989c7)
JSON
-20241127-193727.png?inst-v=de6920d7-f4ef-4f82-99b9-655e705989c7)
NUMBER DATE TIME DATE AND TIME
-20241127-193912.png?inst-v=de6920d7-f4ef-4f82-99b9-655e705989c7)
Sample Data Copy Button
-20241127-015602.png?inst-v=de6920d7-f4ef-4f82-99b9-655e705989c7)
Sample input and output data across D3 can now be easily copied using the new copy button, making it more convenient for users to work with examples. This feature streamlines the process of replicating sample data into workflows, reduces manual effort, and minimizes errors when reusing data.
Built-In Artifact Types
-20241127-021330.png?inst-v=de6920d7-f4ef-4f82-99b9-655e705989c7)
There is now a comprehensive view of all artifact types, including both built-in and custom. Built-in artifact types are displayed with distinct visual indicators and cannot be edited. The read-only display for built-in types safeguards essential data from unintended changes, while preserving the familiar UI to ensure a consistent user experience.
Tooltips for Enhanced Data Visibility
-20241127-030135.png?inst-v=de6920d7-f4ef-4f82-99b9-655e705989c7)
A tooltip now appears when table cell values are cut off due to limited horizontal space. This enhancement ensures that users can view the full content of each cell without needing to manually remove columns.
Integrations
New Integrations
Integration Name | Description |
Palo Alto Networks PAN-OS | Facilitates the management of both Palo Alto Networks Firewall and Palo Alto Networks Panorama. |
Exabeam Security Operations Platform | Provides advanced SIEM capabilities powered by scalable security log management, behavioral analytics, and automated threat detection, investigation, and response (TDIR). |
Barracuda Web Application Firewall | Protects applications, APIs, and mobile app backends against a variety of attacks including the OWASP Top 10, zero-day threats, data leakage, and application-layer denial of service (DoS) attacks. By combining signature-based policies and positive security with robust anomaly-detection capabilities, Barracuda Web Application Firewall can defeat today’s most sophisticated attacks targeting web applications. |
Wiz | A unified cloud security platform designed for both cloud security and development teams, offering capabilities for prevention, active detection and response. |
Proofpoint Protection Server | An email security gateway that protects organizations from spam, phishing attacks, and malware threats. With filtering techniques and real-time threat detection, providing comprehensive protection for email communication. This integration can be used to manage your email security gateway appliance. |
Duo Admin | Enables organizations to read their Duo account's authentication logs and administrator logs as well as read or update account settings. To use this integration, access to the Duo Admin API is required. |
SentinelOne Singularity Operations Center | A comprehensive cybersecurity platform designed to deliver unified prevention, detection, and response across a security estate. It streamlines modern endpoint, cloud, and identity protection through a centralized, autonomous solution tailored for enterprise security. The platform leverages advanced static and behavioral AI to enable machine-speed threat detection and response, empowering endpoints and workloads, regardless of their location or connectivity, to act intelligently against cyber threats. |
Updated Integrations
Integration Name | Changes |
VirusTotal v3 | Check IP reputation, Check file reputation, Check URL reputation commands now execute successfully when the queried IP, URL, or file hash is not found in VirusTotal, clearly indicating the item's absence. |
Rapid7 InsightVM | New Commands:
Connection: Introduced an optional connection parameter, 2FA Token, to enable support for two-factor authentication. |
Utility Commands
New Utility Commands
Commands | Functionality |
Modify Incident Form | Modifies the incident forms by either adding or deleting a section. |
Get Site Connections | Retrieves a list of all configured connections for a specified site. The resulting list can be used for tasks such as dynamically selecting a connection name or managing scenarios with multiple connections, allowing for the retrieval of specific information for each connection. |
Updated Utility Commands
Commands | Changes |
Dismiss Event After Creation | A new input parameter, Reason Code, has been introduced to clarify the reason for event dismissal. The available options are: None, False Positive, Testing, and Duplicated. |