v3.0

Published: 19.10.2024

New Features

• Added GRC "Risk Management". Templates comes from CLAPI to GRC – Risk Management Template. On organization level User can create Risk registry entry from Template or manually by tap Create button in GRC – Risk Management. Risk Management entry can be related to other system object: Controls, Incidents, Classification Rules, Notable Events, Discovered Assets, ToDos, Evidence, Defined Assets, Assessment Activity. It can be added/edited on ‘Main Related Objects’ tab. Risk Score is calculated based on Impact parameters on Risk Scoring tab and scores some of Related Objects.

• Added "Scenario rule" type to Classification rules. Basic Scenario rules come from CLAPI together with Classification rules, but user can create his own on Artifact Classification – Query Based Classification tab. Analysis based on Scenario rules was added to Notable events to separate tab.

• Added "NMAP Script Scan Result". NMAP Script Scan Rules come from CLAPI to Artifact Collection Parameters – NMAP Script Scan Rules. User can set a Policy (Module – Scenario and Network Discovery, Type – IP Scan & Penetration Testing), select Scanner Host, IP Blocks and test level (Execute Standard Scenario Tests and/or Execute Brute Password Tests). Scanning results will be written to Analysis and Investigation – Threat Analysis - NMAP Script Scan Result.

• Added service desk "Activities" to GRC Parameters. Relationship was added with related to To-Do, Assessment Activities and Risk Management records.

• Added "Windows Local Administrators" and "Windows Local Users" grids. They register events when the administrators logged in to the agent. When the Windows Autoruns & Process Analysis is active, user and group information will be collected. Grids added to Windows menu in Analysis and Investigation.

• Added "Active Directory Roles" and "Active Directory Role Members" grids to Threat Hunting > Analysis & Investigation > Asset. Used for more detailed analysis of the Active Directory.

• Added “Security Control Results” for MacOS data.

• Added a "Restricted Artifact Name" property to list types. After adding and setting list of visibility new Artifact name added to right-click menu to "List Management" items in the selected grids.

• New "Asset overview" and "User overview" dashboards are added under Home tab. The dashboards visualize statistics on devices and users related to the organization.

• New "Shadow IT" dashboard is added under Home tab. Includes data from Windows Applications, Linux DEB Packages, Linux RPM Packages, macOS Applications, Discovered Devices, Windows Processes, Windows Threat Monitor grids. For these grids added aggregation and the ability to conveniently present information by selecting the necessary columns.

• Added "Role management" under “Organization and User settings” in MSSP. Roles defined in "Role management" can be assigned to a user in the Organization Management.

• Added "Re-Initialized DB Migration" on MSSP level (Organization Management). In case when we have a problem with DB structure (table or column is missed) we can fix the database structure using this button without losing data.

• Added "Existing Data Management" part to Setting and Reporting – Organization Settings. User can select a table and remove all data from it by tap Delete All Existing Data.

• Added "Re-Initialize Policies" button to Setting and Reporting – Organization Settings - State & Caches Management part. By tap on "Re-Initialize Policies" button all organization Policies will be deleted, and then will be created from scratch according to Default policy list and assigned to the appropriated groups.

• Added "AI Cache" table on MSSP level to Threat Intelligence Settings.

• Sophos was added as the primary Categorization resource.

Improvements

• MSSP menu is reordered.

• Improved Active Directory Analysis in relationship with Device Management and added Azure analysis.

• Removed Sensor settings from Setting and Reporting – Agent setting.

• “Threat overview” dashboard was improved by removing “Alerts by rule name” chart and adding “My Assignments” grid.

• Removed the Map Component and IP Requests by Country for Threat Intel dashboard.

• Improved Windows Sysmon Analysis policy. Added "Enable Sysmon Data Collection" checkbox that Default Unchecked. Added sending Sysmon data on predefined server.

• Improved Aggregation window. Added Checkmark on first column and “Exclude” from list button. Added “New Classification Rule from Row Values” and “Append to a Classification Rule from Row Values”. Fixed opening aggregation result by tap on count link in aggregation row.

• Improved Reports list by adding “Run every” column.

• Improved User Defined Classification Rules – Rule priority is starting from 100000.

• Improved ToDo. Added Actions "Assign User", "Assign Group", "Add to My Day", "Set As Important" and relationship with Incident, Assessment Activity, Risk Management.

• Improved Windows Remediation Jobs. Add "Command” Field and “Choose Artifact Type for Parameter Helpers” to Windows Remediation Jobs.

• Removed Hardening Kitty Log Files.

• Improved commands for uninstalling Windows Agent: --uninstallall (removes ICSF agent and PM); --uninstallallwithsysmon (removes all and sysmon).

• Improved “Event Log” by adding Signin, Create/Edit/Delete Policy, Settings/Reporting Save event types. Also added details on these events, aggregation and updated UI.

• Improved Device Management grid. Added function running rules and lists from the grid. Added “Domain” column.

• Improved Classification Rules. Added asset roles & user roles for rules. Added values for "Importance Level".

• Improved “Active Directory Users”. Added “Domain Username” column.

• Optimized system load during Threat monitoring.

• Improved Linux & MAC agents with ARM Support.

• Improved name for Linux and MacOS: Agent Name – CyberCyteAgent, Service Name – CyberCyteAgentService.

• Improved Shell History AI risk scoring.