Breadcrumbs

14.0.582

What’s new in v14.0.582

New: Multitenancy

att_4_for_557770.png

The new multi-tenancy feature allows you to share different content types from a single master source to multiple tenant destinations. This feature is perfect for MSSPs to manage clients from different regions and manage content sharing from a single master instance. There are nine types of content you can share:

  1. Event Playbooks

  2. Incident Playbooks

  3. Integration

  4. Utility Commands

  5. Connections

  6. Global List

  7. Event Automation Rules

  8. Incident Forms

  9. Users / Group / Roles

On top of that, there are new system built-in commands to help you manage your tenants.

New: Event Playbooks

att_6_for_557770.png

With D3’s incident playbooks, you were able to create complex incident workflows with our codeless playbook engine. In the newest version of D3 SOAR, D3’s powerful playbook engine has been improved to support event playbooks. You can now create multiple standardized workflows for ingested events from different integrations and select which playbook to run for each scheduled event ingestion.

General Improvements

Webhook Redesign

att_9_for_557770.png

The webhook ingestion method allows the Integration to send event or incident data (in JSON format) to be investigated in the system. This allows real-time, controlled event or incident data ingestion for SOC teams, and offers greater flexibility. In this version, we redesigned the UI to make it easier for you to create and manage webhook keys.

Investigation Dashboard Enhancements

The Investigation Dashboard is one of the essential modules every analyst employs during an investigation. We understand the significance of this dashboard and have made big improvements in this version to make it simpler to use.

att_7_for_557770.png
Dashboard Advanced Filters

You can now apply advanced filters to incidents within the Incidents tab to help you better search for the relevant incidents: Data Within, Incident Type, Status, Severity, Owner, Tactic, and Technique.
att_8_for_557770.png
Add Custom Columns in Dashboard

You can now add custom columns to the event and incident dashboard in the Application Settings.
att_1_for_557770.png
Site List Enhancement

The new site dropdown list allows you to search and bookmark important sites that are important to you.
att_10_for_557770.png
Bulk Action on Events and Incidents

You can now multi-select and perform bulk actions on multiple events/incidents.
att_5_for_557770.png
New Dashboard Items

Artifacts and Playbook Errors have been added to the investigation dashboard list.

Custom Artifacts

att_2_for_557770.png

In addition to the built-in artifact types offered by D3, you now have the power to create custom artifact types to fit your needs as well. Custom Artifact Types will have user-defined identities, additional fields and relationships, allowing SOC teams to have greater flexibility in artifact detection and organization.

View/Clone Built-In Commands

att_11_for_557770.png

You can now view the implementation of our built-in commands and clone them if you want to customize the commands.

Playbook Local Shared Data

att_3_for_557770.png

The local shared data allows you to store data in JSON format for tasks to reuse in a playbook. This storage area is local – data stored here is only accessible by this playbook and this playbook only. This feature may be helpful in situations where there are data (e.g. URL reputations) you want to be accessible by any tasks regardless of their playbook path.


Other Enhancements

  1. Manage email domain whitelist for users' emails

  2. Configure “Shared to Internal Sites” recipient site within connections

  3. Use dynamic placeholders for incident title/description

  4. Ability to dynamically select a dropdown input in a playbook

  5. Improved path picker usability within data formatter

  6. Added new incident metadata fields in a playbook

  7. Revamped user manual site

Integration Enhancements

We are constantly improving our 300+ out-of-the-box integrations to help you build your workflow easier. In this version, we have updated/added 14 of the integrations:

New!

  • AWS GuardDuty

  • Google Kubernetes Engine

  • F5 Load Balancer

  • Stellar Cyber

  • Fresh Service

  • D3 Integration

Enhancements

  • Docker

  • Microsoft Sentinel

  • Zendesk

  • AWS EC2

  • Azure Active Directory

  • Datto Autotask PSA

  • TheHive

  • FortiAnalyzer

  • Qualys