Release Notes 3.2.1
We are excited to introduce you to the latest version of CFTR v3.2.1. This release includes a new feature, enhancements, and minor bug fixes.
New Feature
Custom Status for Incidents
In addition to the default incident status, administrators can configure custom status for incidents, such as In Progress, Pending, Awaiting Forensics, and more. This enables the security teams to define fine-grained incident lifecycle management processes. Administrators can also reorder the status to reflect the status sequence in incidents.
Security analysts can use the custom status to move incidents to an appropriate status based on the incident lifecycle management process.
Enhancements
Download Playbook Runlog Data
Users can preview the Orchestrate Playbook run logs data of up to 4 MB or choose to download data for offline analysis if the data exceeds 4 MB.
OpenAPI
Previously, filtering the Open API response data was limited to passing the UUID of the parameters in the query parameters. The Open API endpoints are now enhanced to accept both the UUID and the parameter titles.
For example, to retrieve a list of incidents based on the impacted business unit, users can use the UUID (9750d6df-2d7f-4899-b20d-bfbba0b9084d), or the title of the business unit (Operations) to filter incidents.
Example Request:
GET {{base_url}}/cftrapi/openapi/v1/incident/?AccessID={{open_api_access_id}}&Expires={{expires}}&Signature={{signature}}&business_units=9750d6df-2d7f-4899-b20d-bfbba0b9084d
Or
GET {{base_url}}/cftrapi/openapi/v1/incident/?AccessID={{open_api_access_id}}&Expires={{expires}}&Signature={{signature}}&business_units=OperationsOther Enhancements
Admin Logs in the Admin Panel is now renamed to Audit Logs.
CFTR supports the following newly added out-of-the-box widgets while creating dashboards or reports:
Attack Framework: Top 20 Log Sources
Attack Framework: Top 20 Techniques Used