Cyware Fusion and Threat Response

Previously, clicking on ‘Export Incidents’ would fetch you a maximum of 5000 records at a time and direct you to the user email to download the report. In addition to that, the export limit was restricted to 5000 records for a one-time download.

We have now increased the limit of export records to a maximum of 25000 thus, providing a high level of output by increasing the export capacity by 500%. With this, the users will now have the ability to obtain all the records in one zip file. For example, if you want to download 50,000 records in a go, one zip file is created, enclosing two excel sheets with a maximum of 25,000 records each.

We have also enhanced the feature to provide a direct download in the user console by eliminating the burden of directing you to the email for the download.

Users will now be able to add a related incident manually under the Incidents -> Connect the Dots section, where the Related Incidents will be available as a component. Users will now see the Connect to Incident slider when they click on the Connect Now or Connect More tab.

Note: The existing Related Incidents tab will be deprecated under Incidents -> Mission Control.

Following are the functionalities added to the Related Incidents under Connect the Dots:

Users can now extract Playbook execution details such as playbooks executed for a specific incident, their last run, title, results, and so on using CFTR’s Open APIs. Users can interact with third-party applications and obtain playbook titles and result in the playbook run logs.

An incident response playbook empowers the teams in handling incidents by quickly responding to security attacks and resolving incidents in real-time. Quickly switching to playbooks to access and evaluate was difficult in the earlier release.

Hence, we have introduced a new Playbook icon that enables Playbook access anywhere within the incident UI during all phases of incident response. To allow easy access, we have located the Playbook icon to the top-right corner of the Incidents UI.

You can now view the Playbook tags under ‘Playbook Run Logs’ and ‘Suggested Playbooks’ to categorize and identify them using filters or choose the most suitable ones for tagging.

You'll now be able to search a Tactic, Technique, or a Sub-technique based on the unique ID allocated as per the MITRE Database.

For example, the Boot or Logon Autostart Execution technique has the ID: T1547, and its sub techniques are identified using concatenated IDs such as T1547.001, T1547.002, T1547.003, etc.

You can update and map tactics or techniques:

Previously, percentage pie was used to display Incident indicators split by ‘Incident Type’. We have now introduced Speedometers to provide a real-time count for an indicator.

Speedometer charts intuitively provide a real-time count of Indicators observed during Incident management. For example, Personally Identifiable Information or Admin Exceptions indicate their maximum value range in the form of a round meter whereas, the dial shows where the score falls across the range on a full circle.

When you select a defined date range in Dashboards, to view the charts display it did not highlight the defined period earlier. We have now updated the default date ranges to display incidents created in a time frame. For example, the last 3 days, the last 24 hrs, etc.

You can hover over the mouse on the default time frame display for date range highlights. This change is applied to the Reports as well.

We have included an additional status named "Resolved" under Actions for the escalations to stop when an incident is considered as resolved. During the incident response process, different teams are involved to complete a particular action and the assigned user can validate and update the incident as "Resolved" before closing it.

We have now included the Merged Incidents tab under Incidents -> Mission Control to associate one or more child incidents with a parent incident and obtain a comprehensive view of the Incidents merged. You can view suggested child incidents for merging using our ML algorithm and pick a merge template to analyze the incident details carefully.

CFTR now helps you assign users to incidents based on their roster availability. Previously, CFTR displayed all the users for ‘Assignment’ in Incidents viewing their roster. But now, you can distinguish their availability as per roster and assign Incidents by checking whether they have logged in and are remaining active.

Note: Users who are not listed in the roster and still available will not be listed under Suggested users.

You can now set custom fields under Form Management and restrict field access based on User Group. User groups specified under 'Restrict Field Access by User Group' will have edit access to the fields configured, while other users who are not provided with the write access can simply view the field as Read-only.

Admins can now restrict assignment permission to certain user groups for the Actions and Incidents module while creating or editing a user group. When the user tries to add a user group to an incident only, the allowed user groups get displayed easing, the access, and assignment. The 'Module/Functionality' tab with the 'View' and 'Create/Update' permission can be enabled or disabled for the user group display while assigning an incident or an action.

We have revamped the Version and License module. You’ll now see the license expiry date, sync now button, a copy icon to copy the license key, show/hide license icon, the Alert Components section displaying the User accounts based on utility in colors, and much more.

You can now filter users based on the ‘Invited’ and ‘Accepted’ status which are available as a quick filter named Invitation Status under User Management.

Until now, when the roster gets updated at intermittent intervals you lose the record of the updated start and end date along with it. We have now made changes to the existing activity logs in the roster to record the current start and end date along with time to help you compare and track the escalation settings.