Release Notes 3.2.0
We’re excited to introduce you to Orchestrate 3.2, the new and enhanced version of our orchestration and automation platform with advanced capabilities to help your security teams design and run some of the best in class Security Orchestration and Automation solutions.
Enhancements
Upgraded User Interface for Playbook Canvas
This release comes with a new and improved canvas to enhance the user experience of building Playbooks. The sequence and alignment of the Playbook nodes improve the overall usability.
The Playbook node editor is now available on the right-hand side of the canvas. This makes it easier for analysts to use the canvas as the node selection panel and the node editor are available in a single view.
Activity Logs in Persistent List
With the newly introduced Activity Logs in Persistent Lists, analysts can audit user activities on Persistent Lists to:
Track who created, modified, or deleted a Persistent List (or)
Identify the Playbook which resulted in modifying the Persistent List
Data Sync Enhancements
The following are the enhancements in the Data Sync feature:
Data Sync for Business Units: Data Sync now supports the ability to synchronize user and device data for a business unit configured in CFTR. Business units are internal divisions of an organization such as DevOps, IT Operations, Marketing, and more to meet specific operational requirements. With this enhancement, organizations can segregate the synced data in CFTR based on a business unit for easy access.
Sync User Data: Analysts can now synchronize user-related data from Axonius to CFTR.
Enhancements in Data Sync Run History: The run history of Data Sync has the following enhancements:
The Failed count indicates the total number of records that failed to sync to a destination application. This helps analysts to get a comprehensive view of the synced versus failed records.
The Skipped count indicates the total number of records that are skipped in the current data sync job as they were successfully synced during the last execution.
The Success status indicates that all the records of a data sync job are synced or skipped from the source application to the destination application.
The Partial Success status indicates that only a few records of a data sync job are synced from the source application to the destination application. The remaining records are skipped or failed to sync to the destination application.
The Error status indicates that all the records of a data sync job failed to sync from the source application to the destination application.
Notification Enhancements
Notifications in Orchestrate are upgraded with the following enhancements:
Analysts can configure preferences to receive notifications on the selected platform. For example, receive notifications on errors related to Playbook on Cyware Enterprise mobile app.
Analysts can export a dashboard widget and download it from the informational notifications tab in PNG file format.
Analysts can filter notifications by Playbooks, Run by User, Notification Type, and other filter criteria.
Session Inactivity Timeout
Orchestrate admins can configure the session inactivity timeout period (between 1 minute and 1440 minutes or 24 hours), which indicates the amount of time a user can be inactive, before the session times out and closes. This enhances the security of the Orchestrate platform. The default value of inactivity timeout is 15 minutes.
Usability Enhancements
The usability of Orchestrate is improved with the following enhancements:
Multiple Cyware Agent Instances in a Playbook Node: Analysts can specify multiple Cyware Agent instances in a Playbook node to fetch data from multiple instances of an app without configuring a dedicated Playbook node for each Cyware Agent instance.
For example, analysts can use two Cyware Agent instances to fetch data from a development environment and a production environment.
Notify Users of Cyware Agent Failure: Admins can now receive timely updates of Cyware Agent polling errors via email notifications. This helps admins to stay up-to-date on Cyware Agent failures and troubleshoot instantly.
Update in Default Period to Purge Logs: From Orchestrate 3.2.0 version onwards, the default period to purge logs related to run logs, triggered events, and Cyware agent tasks is updated to 10 days. Admins can configure the duration to purge logs in the range of 1 day to 180 days.
After upgrading an existing Orchestrate instance to the latest 3.2.0 version, if the configured duration to purge logs in the previous version is more than 180 days, then it is automatically reset to 180 days after the upgrade.
Custom Code Editor Enhancements:
The custom code editor in Playbooks and Apps now supports an extra module json2html. This helps analysts to convert JSON objects to an HTML table.
The Python IDE editor for custom apps provides suggestions to auto-fill code while editing and helps save time.
View Associated Cyware Playbooks of an App: Cyware Playbooks associated with an app can be viewed from the app listing page. This helps analysts to leverage out-of-the-box Playbooks for an app.
Enhanced Interface of the App Details Page:
The app information section is upgraded and includes key details of an app such as the app category and documentation URL.
The app details page is improved with a slight rearrangement of the elements displayed such as overview, actions, instances, and Playbooks to make them more accessible.
Access Run Logs from Playbook Overview: The Playbook canvas also includes the Playbook Overview section that provides an option to access Run Logs easily. This eliminates the need to switch to the main menu to view the Run Logs of a Playbook.
View Sub-Playbooks: A sub-playbook associated with a master Playbook can be opened in a new tab from the Playbook canvas.
Bug Fixes
The issue related to a Cyware Agent instance creating more than one cron expression to perform Cyware Agent Tasks is now resolved.
The issue related to secondary Cyware Agents being active and performing Cyware Agent Tasks is now resolved.