Release Notes 3.2.0
The new and enhanced version of our fusion and threat response platform, CFTR v3.2.0, comes with advanced capabilities to help your security teams effectively manage threat response.
New Features
Geo Mapping of Incidents
CFTR now seamlessly integrates with Google Maps to provide a geographical context for the incidents in a map view. This integration enables security analysts with the following capabilities:
Link incidents with geographic locations
Monitor all incidents in a specific location and prioritize incident response
Identify the patterns and geographical origins of incidents
For more information on how to generate a Google Maps API key and assign the permissions that are required to integrate with CFTR, see Generate Google Maps API Key.
In addition to the allowed locations that are used for user access controls, administrators can manage geographic locations and specify the exact location using latitudes and longitudes. Administrators can use geographic locations to:
Manage various types of geographic locations that enable users to filter impacted locations based on the type. For example, Head Office, ATM, Data Centre, General, and more.
Manage additional fields to provide important information about geographic locations. For example, Emergency Contact, Email ID, and more.
Import locations into CFTR using the import template and export locations from CFTR.
For more information about geo-mapping of incidents, see this blog.
Import/Export Incident Workflow
CFTR v3.2 supports the import and export of incident workflows that enhance the reusability of the workflows across CFTR instances. For example:
Administrators can export the incident workflows from the UAT instance and reuse them in production.
Managed Security Service Providers (MSSPs) can reuse the incident workflows across the tenants.
For more information about the import/export of incident workflows, see this blog.
App Launcher
Administrators can add applications in the admin panel, such as SIEM, EDR, and TIP, and configure the user groups that can view and open the applications from the App Launcher. This enables users to quickly launch the applications from CFTR.
Export Template for Devices and Users
Administrators can configure export templates for devices and users. The export templates help users to export devices and users with a specific set of data fields.
Connect the Dots Support for Custom Modules
Users can use connect-the-dots in custom modules to gain contextual information about the threat data of the modules. This helps users to analyze the root cause of a threat and manage the threat response effectively. Users can also connect the custom modules to other modules for improved contextual information. For example, users can connect the custom modules, such as IoTs, with incidents and actions.
Enhancements
Incidents Updates
Users can delete untriaged incidents in bulk from the incident listing page.
To prevent unintended merging of incidents, users must provide consent by typing Merge Incidents before merging incidents.
Other Enhancements
By default, the users of the CFTR Admin user group can view and create automation rules in Rule Engine (Beta).
The default backup path of CFTR has been updated to
/apps/cyware/cy-object-store/data/cftr-backup
.Users can use the newly added hero cards in dashboards and reports to get aggregated data of the key metrics, such as Mean Time To Detect and Mean Time To Respond.