Skip to main content

Cyware Fusion and Threat Response

Release Notes 3.3.1

July 11, 2023

We are excited to introduce you to the latest version of Cyware Fusion Threat Response (CFTR) v3.3.1.

Automation Management New

To streamline and accelerate incident response, Automation Management enables administrators to associate Orchestrate playbooks and app actions with incident workflows. When an incident is created, CFTR promptly displays the associated automations, allowing users to easily access and trigger them.

For example, to block a malicious IP address, administrators can create an automation using the Block IOC playbook and associate it with an incident workflow. While responding to an incident, if the IP address associated with the incident is identified as malicious, users can trigger the automation to block the IP address directly from the incident summary.

Automation_Mngt_New.png

For more information, see Configure Automation and Run Automation.

Playbook Input Notifications New

Users are now notified via email about Orchestrate Playbooks that require data for the input nodes for execution. Users can access the Playbooks from the email notification and pass input data directly from CFTR, eliminating the need to sign in to Orchestrate.

Notice

This feature requires integration with Orchestrate v3.5.0.0 and later versions.

Rule Engine Enhanced

In addition to the existing triggers such as incident status and workflow changes, administrators can now trigger rules based on updates made to the fields of an incident.

For example, you can configure a rule to pause incidents when the severity field is updated from High to Low.

Rule_Engine_Update.gif

For more information, see Configure Automation Rules.

Incident Merge Template Enhanced

The incident merge templates are now enhanced to facilitate the seamless merging of parent incident data into child incidents. For example, administrators can configure an incident merge template that automatically includes closure comments from the parent incident into all associated child incidents when the parent incident is closed.

Merge_Closure_Comments.gif

For more information, see Configure Templates for Incidents.

Auto-Sync Incident IOCs with CTIX Enhanced

When a new IOC is associated with an incident and is not found in CTIX, CFTR automatically adds the IOC directly in CTIX. This eliminates any redundant effort in manually adding missing IOCs to CTIX.

Extract Threat Intel from Incidents Automatically Enhanced

CFTR performs a comprehensive scan of all text fields when an incident is created and extracts any mentioned IOCs. It automatically links the IOCs to the incident and enriches them using CTIX, providing users with valuable threat intelligence and expediting threat analysis.

2023-07-17_15-08-08__1_.gif

Incidents Enhanced

  • You can access the Playbooks that have failed, are currently running, or require user inputs from the Playbook Execution section of the incident summary.

  • Playbook run logs are now enhanced to display all important details of a run log in one view. You can also search and filter the run logs.

  • The incident overview section displays the number of components in Connect the Dots and IOCs in Threat Intel.