Release Notes 3.1
Features
Feeds Module
The Feeds module has been introduced to CSAP Analyst Portal, under the Management menu. This feature gives users with Admin roles the ability to share security feeds with Members that continuously update with the latest alerts, including feeds from trusted third-party sources. By being able to control multiple sources within one central interface, Admins can expand the information sharing horizon across multiple teams and organizations.
Cyware feeds. The default feeds in CSAP, provided by Cyware. Admins can make these feeds active or inactive, as well as control the distribution of these feeds by specifying the Recipient Groups to which alerts are sent. Members, in turn, can leverage the feedback loop of information by initiating alert-based discussions, and creating and assigning actions to other users. This flexibility of information sharing enables the delivery of critical information in real time.
Partner feeds. Feeds from organizations that are in partnership with Cyware. Through this collaboration, Partner feeds are bundled with CSAP, enabling the sharing of alerts from specialized sources. Similar to Cyware feeds, Admins can enable or disable these feeds for Members, as well as specify distribution by assigning specific Recipient Groups. Available options also include the ability to automatically publish alerts to Members or leave them in draft mode for review, as well as enable or disable email and push notifications.
RSS feeds. Open-source feeds from trusted sources, such as government agencies, security blogs, organizations within the cybersecurity industry, and similar. RSS feeds are broken down by category, and can be individually made active or inactive for Member access in the Feeds module of CSAP Member Portal by Admins. Additionally, Admins have the ability to make all RSS feeds within a category active or inactive, as a bulk action. Feeds that are enabled are visible to Members, who can then subscribe to them for continuous alert delivery.
Dashboard Upgrades
The following features for the Dashboard module are now available:
Auto Scroll. A play button has been introduced that can trigger a series of rotating dashboards as a playlist (for example, for viewing on a screen in an SOC). This enables you to display a complete dashboard on an SOC screen for critical metric sharing, and keep your security team up to date with the latest information.
Schedule Reports. You can now schedule reports, in PDF format, as snapshots of your dashboard. These reports display your dashboard metrics as they appear on your screen at the time the report is run, and allow you to leverage information for offline analysis. You can schedule reports to run at recurring intervals, as well as specify a date and time, time zone, and intended recipients.
Custom Widgets. The ability to create custom widgets for dashboards has been introduced. When creating a custom widget, you can specify a widget title and choose between a chart type or hero, as well as define axial data fields and rename the X axis and Y axis, accordingly. You also have the option to preview your widget before creating it. This feature allows you to represent your metrics to your stakeholders in more meaningful ways, in regards to the data.
View Alerts Related to IoCs
You can now view alerts related to Indicators of Compromise (IoCs). In the Indicators tab of an alert, when you parse an IoC, an icon has been added next to each IoC type that enables you to view all related CSAP alerts in a pop-up window, when clicked. When you click a related alert, it opens in a new screen, thereby providing you with additional context without interrupting your workflow. This enables you to see the impact of an IoC reflected in other alerts, as well as gain critical context for the creation of your alert.
Link Historical Alerts to a New Alert
When creating an alert, you now have the option to link historical alerts that are associated with your information. In the Additional tab, a Linked Alerts field now allows you to search for existing alerts by alert ID, and then add them to your current alert as tags. Once your alert is created, the links appear as metadata alongside your content. This feature is designed to improve situational awareness by enabling you to show a historical roadmap of information associated with current cyber threats and events, and allow Analysts and other stakeholders to draw more complete conclusions from human intelligence.
Groupset for Recipient Groups
You can now associate multiple Recipient Groups within a groupset. In the Settings module, when you click the Groupset tab, you can create a groupset and then add multiple Recipient Groups. You can also include multiple groupsets when creating an alert. This feature eliminates the need to manually add Recipient Groups to each alert, thereby reducing time to distribution for critical information.
Set a Password Policy
CSAP users with Admin roles can now set password policies for all users in the Integrations module, under Authentication Methods. This includes the ability to set customizable criteria, such as password length, the requirement for a password to contain uppercase letters, lowercase letters, or special characters, as well as password expiry, the reminder for a user to reset their password, and password reuse interval. With the ability to set a specific password policy, you can optimize your CSAP instance to better comply with the security policies of your organization.
Enhancements
Doc Library Enhancements
The following enhancements for Doc Library are now available:
Bulk Upload. You can now bulk upload documents that have the same TLP and Recipient Groups. This optimizes the ability to manage uploads by batching similarly-grouped pieces of information for your intended audience.
Alert attribution for documents. When viewing a document, if that document is associated with any alerts, you now have the option to click the Associated Alerts icon to view all alerts to which the document is attached. This gives you more flexibility in retrieving alert information, and insight into how your documents are leveraged in information sharing.
Category Enhancements
The following enhancements for Categories are now available:
Color labels for Categories. You are now able to define color labels for Categories, in order to provide conceptual groupings as visual cues so users can better identify and differentiate between them. You can specify colors by choosing from the color picker, or entering a hexadecimal code.
Descriptions for Categories. When creating or updating Categories, the ability to provide descriptions is now available. By providing a description for a Category, you can define and share its purpose with other stakeholders.
Custom Field Enhancements
The following enhancements for custom fields are now available:
Custom field search. You can now search for custom fields in CSAP Analyst Portal by clicking the Filter icon and specifying your parameters in the Search bar. This is designed to optimize your ability to search for information in a specific module.