16.2.136
Web Server Update Notice: .NET 4.8 Framework Required
Starting with D3 SOAR version 16.2, hosting web servers must be compatible with the .NET 4.8 framework.
SaaS Clients: No action is required on your part.
On-Premise Clients: Ensure your hosting web server is updated to support the .NET 4.8 framework. Visit the .NET Framework 4.8 download page, then download and run the .NET 4.8 runtime installer on your server. If internet access is disabled for your server, visit Microsoft .NET Framework 4.8 offline installer for Windows page for more information about the offline installer.
Reporting Dashboard Enhancements
Reporting Dashboards and Widgets: Enhanced Permission Controls
The permission controls have been enhanced for both widgets and dashboards, offering more precise access control. You now have two main ways to configure permissions:
By Site: Assign permissions based on specific sites. Choose whether each site has viewer or editor permissions. Dive deeper by setting additional permissions by group and role within each site.
By User: Allocate permissions directly at the user level. Specify whether an individual user has viewer or editor access.
New Private Mode
We've also introduced a Private Mode feature. When activated, only the original creator of a dashboard or widget will have the rights to view and edit it.
Widget Query Builder: Time-Based Filtering by Most Recent Hours
We've updated the widget query builder to include a new time filter feature. You can now focus your queries on data from a minimum time frame of just 1 hour, up to a maximum of 999 hours, for customized, high-precision insights.
Incident Workspace Enhancements
Investigation Tab: Fully Editable Sections
All sections within the Investigation Tab can be directly edited from the user interface, including both HTML and JSON content. All edits are logged by the command center for auditing and traceability.
Overview Tab: Customizable Layouts by Incident Type
The Overview Tab now allows for greater customization across different incident types. You can rearrange or toggle most sections—excluding Key Fields—to fit your needs. For example, you can configure one layout for brute-force incidents and another for malware incidents. To modify these settings, go to Configuration > Incident Form Editor and select the incident type you wish to customize.
Monitor Module Update
In this update, we're introducing a change to the Monitor module's naming convention. When MITRE tactics are enabled within the module, it will now be displayed as MITRE ATT&CK Monitor. Additionally, users who have roles designated with "Client" access permissions for the Managed Security Service Provider (MSSP) portal will now have the capability to view the Monitor module.
Playbook Task Details Enhancement
Pending Playbook Tasks: Expandable HTML Input Fields
We've improved the user experience for pending playbook tasks that require manual HTML input. For example, a playbook with the Send Email utility command prompts analysts to send a summary email to a client. HTML input fields are also common for Interaction Tasks. The input parameter box for such tasks is now expandable, making it easier to interact with.
You can view these playbook task details in the Investigation Workspace under both the Playbook and Pending Task tabs. Additionally, these details can be accessed directly within the playbook editor by clicking on the light bulb icon of a task after test running a playbook.
Application Settings Enhancement
New Web Config Key: HideEventNodesOnLinkAnalysis
We've added a new web config key within the application settings to help you declutter your Link Analysis view in the Incident Workspace. With this new option, you can now choose to hide event nodes.
Utility Commands
The following utility commands have been added to this release of D3 SOAR.
Commands | Functionality |
Add Incident Tags | Adds or overwrites incident tags of the specified incident. |
Remove Incident Tags | Removes incident tags from the specified incident. |
Get PDF File Content | Extracts all text and hyperlinked URLs from PDF files attached as Playbook Files, Artifact Files, or Incident Attachment Files. |
Integrations
Deprecated Integration Commands
The following integration commands have been deprecated in this release of D3 SOAR.
Integration Name | Deprecated Commands |
CrowdStrike Falcon X | All commands have been deprecated. Replaced by the CrowdStrike Falcon Intelligence integration. |