3 1 Breach Detection System Release Notes

3 1 Breach Detection System Release Notes



  • Amazing new navigation menu and dashboard to match day to day operation workflow and provide intuitive navigation
  • 4 new detections to further enhance cyber safety
  • 5+ new data source capability added to gain even more visibility over the environment
  • 5 new Threat Hunting view for easier and quicker investigation
  • 2 more compliance reports
  • Various improvements on stability, security, and performance of the platform

New User Interface 

  • Completely re-designed menu structure to reflect the workflows and interactions observed  on enterprise and MSSP environments
  • Global navigation bar moved from left to top
  • Improved dashboard to further highlight the important metrics and data points for admins to  have the pulse on their business and take immediate action with ease
  • Tab menu views are replaced with menu list pop-up presentation
  • Unified the dropdown menu designs based on our design system
  • User interface colors are revisited to match the company colors.
  • Spanish is added to the available language set for the user interface (Beta)

New Detections 

  • Exploited C&C Connections: A reverse connection detected from an asset to an IP address that had previously been seen having an exploit attempt to the same asset
  • Exploited Vulnerabilities: An exploit attempt is detected to an asset that had previously been seen having a vulnerability against the same kind of exploit
  • Application Anomaly: Anomalous application connection detected from private (internal assets) to public (internet)
  • Data Ingestion Anomaly: Anomalous data volume (either low or high) detected coming from a data sensor to the data processor
  • Improved malware detection functionality with AV and Machine Learning.  

More Data Ingestion With More Control 

  • Application whitelisting option is added for metadata ingestion over sensors for admins to determine if they want to get the data only for desired applications
  • IP net-mask option is added to define a range of network in Data Filter (old name: User Defined Applications) at once instead of entering IPs one by one
  • Added data sensor support to collecting logs from JSON file. An example application of this kind of integration is Sophos Central (Endpoint Manager)
  • Log forwarder performance is improved more than 5x due to changes in the communication protocol
  • Cisco Umbrella logs ingestion has been added as beta functionality
  • Imperva WAF logs ingestion has been added to the platform
  • Sophos XG Firewall logs ingestion has been added to the platform
  • Crowdstrike logs ingestion has been added as beta functionality
  • CarbonBlack logs ingestion has been added as beta functionality

Improvements over Automated Threat Hunting 

  • Re-architected backend to provide better performance and flexibility
  • Improved configuration menu for easier usage

More Threat Hunting Views 

  • DNS analysis view to investigate the DNS traffic records with highlight to recently registered domain names
  • Linux server commands analysis view to investigate the commands run on Linux servers
  • Okta logs analysis view to investigate user and application authentication records
  • Vulnerability scan view to investigate the vulnerability scans over assets
  • Vulnerability event view to investigate found vulnerabilities over assets
  • Firewall event view is improved with more charts and datapoint for easier investigation over visualization

Two more PCI compliance report added to the platform for admins to keep an eye and report on vulnerability scans as well as found vulnerabilities on their environment

Improved Data Enrichment and Visualization 

  • The new data source has been integrated for geolocation for even better results
  • Improved data normalization for username to serve unified views and enable unified queries over Windows and Office365 events
  • Username and Hostname filters added to the "Advanced Options" view of global quick filters to allow admins to focus the entire view based on a selected user or a selected asset
  • Also, username information is added to the summary section of the event details view for quick reference

More on High Availability, Improved Resilience 
  • High availability is improved with the ability to buffer data on data analyzer in case there is an issue with the data lake
  • Linux and Windows agent sensors can now buffer data in case there is an issue with data processor communication

And more 

  • Improved system security with revisited data in use encryption and credentials security
  • Improved mail server configuration options to cover a wide range of mail server settings possible to have on enterprise environment

    • Related Articles

    • Office 365 Integration with Breach Detection Service (Latest Version)

      Overview Office 365 is a critical part of your infrastructure. The Pulse Breach Detection platform provides API based integration with Office 365 & Azure AD to provide visibility into system changes, file sharing and authentication related events ...
    • AWS Cloudtrail Integration Guide With Breach Detection

      Overview AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account. With CloudTrail, you can log, continuously monitor, and retain account activity related to actions across your AWS ...
    • CyFlare Detection List & MITRE ATT&CK Framework Mapping

      Purpose This document identifies the detections that are available to CyFlare clients from the identified managed security services.  Filters & Definitions State - This represents whether the default mode for the detection. It may be On or Off by ...
    • XDR: Deploying the Linux Agent Sensor - Ubuntu/CentOS/RedHat/Debian Deployment

      Table of contents Overview  The Linux Agent on the servers has the capability to detect various events. Due to the nature of the agent and complexity of what needs to be seen from the server is crucial. The Linux Agent gives us the scope in the ...
    • Alienvault-Advisory

        SolarWinds Orion Supply Chain Attack                        Detections in AT&T Unified Security Management™ and IoCs in the AT&T Alien Labs Open Threat Exchange™ December 16, 2020, 11:15am (CST) TLP: Amber Dear USM Customer, The details of this ...