Release Notes 3.1.0
We are excited to introduce you to the new and enhanced version of our latest release Orchestrate - version 3.1.0.
The new release offers many advanced capabilities to help your SOAR teams design and run some of the best in class Security Orchestration and Automation solutions.
New Features
Persistent List and Persistent Nodes (Beta)
Orchestrate introduces a new capability that helps analysts to define and store data in a Persistent List which can then be reused across Playbook nodes, eliminating the need to manually enter data multiple times.
A new node called Persistent Node is now added to the Playbook canvas. Analysts can use persistent nodes to automatically update the data that is defined in a Persistent List.
For example, Analysts can define a list of URLs to scan in a Persistent List. While creating a Playbook, you can retrieve the defined URLs and use them as an input for a node to scan URLs.
Export Run Logs
To enable analysts to perform offline auditing and analysis of the Playbook execution, Orchestrate extends the ability to export Playbook run logs to CSV and XLS formats for the specified date range.
Stay Up-to-date with Web Notifications
With the newly introduced web notifications, analysts can now stay updated with any key activities in the Orchestrate web application. Notifications eliminate the need to access emails or the mobile app each time to view or respond to any key updates.
The two types of notifications include:
Actionable Notifications
Actionable notifications require an input or a response as a text/integer/date to run Playbooks. These notifications are initially available as Pending Actions and then moved to Responded Actions after being responded to.
Informational Notifications
Informational notifications are updates to stay informed about recent activities in Orchestrate such as the status of Playbook execution, system errors, expiry details of webhook and open API, and more.
Enhancements
Sync Device Data from Third Party Applications
In addition to the existing support to sync device data from Qualys to Cyware Fusion and Threat Response (CFTR), Orchestrate now extends the capability to sync device data from Axonius and ServiceNow applications to CFTR. For more information, check our latest blog on Discover a Smarter Way to Synchronize Data with Cyber Fusion Center.
Cyware Agent
The overall performance and efficiency of Cyware Agent executions are improved in this release. Some of the enhancements include:
On-premise installation of Cyware Agent without having the need to connect to the internet.
Ability to install multiple Cyware agents on an on-premise instance depending on the system configurations.
To ease the debugging process, the logging file (debug.log) has been separated into application.log and error.log files for the on-premise instance.
Ability to execute independent nodes of a Playbook asynchronously.
Playbook Execution
The new release comes with enhanced Playbook performance and responsiveness by allowing asynchronous execution of independent nodes of a Playbook.
Addition of default period for Data Purge
The default period for archiving run logs and triggered events is 180 days. Admins can alter the purging period by entering a value between 1 and 365 days in the Configuration settings. After upgrading to the 3.1.0 version, any data older than 180 days is automatically purged at 00:00 UTC.
Usability Enhancements
In our continuous effort to improve the usability of Orchestrate, we have improved a handful of our existing features:
Schedule Playbooks using a Scheduler
We have introduced a new scheduler with a date and time picker to help you easily schedule Playbook executions on a daily, weekly, or monthly basis.
Simplified Webhook URL Generation
Previously, Orchestrate generated the base URL and API token in separate fields, and admins had to combine them to further use it as a Webhook URL. Now we have reduced the effort, as we combine and display the base URL together with the token for users to directly copy and use the webhook URL.
Quick Filter to Check Availability of Updates for Apps
Apps with an update available can now be filtered and viewed using the Updates Available option in the Apps Quick Filters.
Automated Notifications on Expiry of an Instance or Open API
Stay updated on the instance token, Webhook, and Open API Key expiry details via emails and platform/mobile notifications.
Support for Keyboard Shortcuts
Navigation in Apps, Playbooks, and other interfaces gets easier for analysts with the introduction of keyboard shortcuts. The shortcut options are supported on Windows and MacOS. Analysts can view all the keyboard shortcuts using the help center (question mark icon) in the top pane of the platform.
Walkthroughs for Orchestrate features
The walkthroughs available for Orchestrate are further enhanced to help you familiarize yourself with some of the key Orchestrate features.
Other Playbook enhancements include:
Improved performance and responsiveness of a Playbook by allowing asynchronous execution of independent nodes of a Playbook.
Minor improvements in the Playbook canvas and an option to right-click and open a Playbook in a new tab.
Bug Fixes
This release incorporates a few minor bug fixes:
The issue with retaining the original value of a customized node output after adding new nodes is now fixed.
Usability issues related to the admin module filters are now fixed.
SMTP configuration issues during the Orchestrate instance update from 2.x to 3.x are now fixed.