16.2.136

Web Server Update Notice: .NET 4.8 Framework Required

Starting with D3 SOAR version 16.2, hosting web servers must be compatible with the .NET 4.8 framework.

• SaaS Clients: No action is required on your part.

• On-Premise Clients: Ensure your hosting web server is updated to support the .NET 4.8 framework. Visit the .NET Framework 4.8 download page, then download and run the .NET 4.8 runtime installer on your server. If internet access is disabled for your server, visit Microsoft .NET Framework 4.8 offline installer for Windows page for more information about the offline installer.

Reporting Dashboard Enhancements

Reporting Dashboards and Widgets: Enhanced Permission Controls

The permission controls have been enhanced for both widgets and dashboards, offering more precise access control. You now have two main ways to configure permissions:

• By Site: Assign permissions based on specific sites. Choose whether each site has viewer or editor permissions. Dive deeper by setting additional permissions by group and role within each site.

• By User: Allocate permissions directly at the user level. Specify whether an individual user has viewer or editor access.

New Private Mode

We've also introduced a Private Mode feature. When activated, only the original creator of a dashboard or widget will have the rights to view and edit it.

Widget Query Builder: Time-Based Filtering by Most Recent Hours

We've updated the widget query builder to include a new time filter feature. You can now focus your queries on data from a minimum time frame of just 1 hour, up to a maximum of 999 hours, for customized, high-precision insights.

Incident Workspace Enhancements

Investigation Tab: Fully Editable Sections

All sections within the Investigation Tab can be directly edited from the user interface, including both HTML and JSON content. All edits are logged by the command center for auditing and traceability.

Overview Tab: Customizable Layouts by Incident Type

The Overview Tab now allows for greater customization across different incident types. You can rearrange or toggle most sections—excluding Key Fields—to fit your needs. For example, you can configure one layout for brute-force incidents and another for malware incidents. To modify these settings, go to Configuration > Incident Form Editor and select the incident type you wish to customize.

Monitor Module Update

In this update, we're introducing a change to the Monitor module's naming convention. When MITRE tactics are enabled within the module, it will now be displayed as MITRE ATT&CK Monitor. Additionally, users who have roles designated with "Client" access permissions for the Managed Security Service Provider (MSSP) portal will now have the capability to view the Monitor module.

Playbook Task Details Enhancement

Pending Playbook Tasks: Expandable HTML Input Fields

We've improved the user experience for pending playbook tasks that require manual HTML input. For example, a playbook with the Send Email utility command prompts analysts to send a summary email to a client. HTML input fields are also common for Interaction Tasks. The input parameter box for such tasks is now expandable, making it easier to interact with.

You can view these playbook task details in the Investigation Workspace under both the Playbook and Pending Task tabs. Additionally, these details can be accessed directly within the playbook editor by clicking on the light bulb icon of a task after test running a playbook.

Application Settings Enhancement

New Web Config Key: HideEventNodesOnLinkAnalysis

We've added a new web config key within the application settings to help you declutter your Link Analysis view in the Incident Workspace. With this new option, you can now choose to hide event nodes.

Utility Commands

The following utility commands have been added to this release of D3 SOAR.

Integrations

Deprecated Integration Commands

The following integration commands have been deprecated in this release of D3 SOAR.