New Delimiters Options (ID #6961)
In previous versions, the comma delimiter that separated entities ingested into the Siemplify platform was defined by default. The comma delimiter could be enabled/disabled in the main config or the Database at customer request – depending on which Siemplify version they were running.
With this Release, the Admin can control which delimiters (if any) should be used for specific entity fields. This is defined in the Event Configuration screen.
In addition, the Siemplify Create Entity action has a new Delimiter field which enables the security engineer to define ingesting entities separated by specific delimiter characters when creating a Playbook.
For more information, please refer here
Enforce Strong Password
From now on, when setting a new password, the password must meet the following requirements:
- Include a minimum of 10 characters
- Include 1 or more capital letter
- Include 1 or more special characters
- Not include the username
Option to Pause/Resume SLA at different stages
For SOC Managers, when the alert is being handled outside of the organization, they now have the ability to pause the SLA during various stages of the case handling. The Pause and Resume actions can be manually selected from the Alert “three dot” menu, and can also be controlled automatically through Playbook Actions. Audit messages mentioning the pausing and resuming of the SLA count will appear on the Case Wall.
Option to cancel XSS block
In order to allow customers to use scripts within HTML such as in the Announcements feature, we have added an option to cancel the XSS blocking feature.
To cancel XSS:
- Navigate to the config.json file in /opt/siemplify/siemplify_web/dist/assets/conf
- In the General section area, locate the _infoDisclaimer field and change the value to false.
Enhancements for Offline Marketplace
From this Release onwards, for customers using the offline option to download integrations, there will no longer be a need to choose which integrations will be imported into the marketplace. Now, the entire bundle will be downloaded. Note that importing content will not change any of your existing integrations.
Large content can now be read on the Platform (ID #6761, #7071)
Support for incoming content (such as Insights and Action Results) now allows up to 25,000 characters by default to be displayed on the screen. Content larger than that will still be available for download. You can also configure the content to be up to 200,000 characters in the MaximumCharactersGeneralResult field in the configuration table in the Database.
Keep Existing Entries by Default when Importing Data
When importing CSV files into the following Settings screens: Tags, Domains, Custom lists, SLA – the Keep Existing Entries is now the default option.
New Case Close Reason Added
A new option “Inconclusive” has been added to the Siemplify platform as a potential reason for closing a case.
HA Upgrade from 5.5.3 to 5.6.2
The HA upgrade to 5.6.2 now uses a case graph migration tool. For more information, speak to your Customer Success agent.
Maximum number of alerts that can be grouped in a case increased to 100
This feature was designed to enable large amounts of alerts in a single case. As best practice, Siemplify does not recommend grouping more than 20 alerts together in a case as this may cause delays for the analyst in closing cases with large amounts of data (playbooks, entities, events, etc.) From the system side, this large volume might slow the run time of different actions on the case level.
In order to change the number of grouped alerts to 100, the Admin must change the value to any number up to 100 in the MaximumConfigurableAlertsGrouping field in the Database. Once done, you can change the “Max. alerts grouped into a Case” value in the Settings > Advanced > Alerts Grouping screen.
Auditing: include action identifiers
In order to support auditing/logging user-sensitive action with impact on users, data and assets, identifiers have now been added to all relevant actions. This can be seen in a new column entitled Activity Item in the Settings > Advanced > Audit screen.
The following items will have identifiers:
|AddOrUpdateGroupPermission||New Group: permissionGroup|
|AddOrUpdatePermittedGroupsSettings||New Group: permittedGroup|
|SaveWorkflowDefinitions||Playbook: Playbook Name|
|RemoveApiKeyRecord||API Key: Application Name|
|UpdateCustomIntegration||Integration: Integration Name/ID|
Auditing: include full export of all user activities
Siemplify now supports a full export of ALL user activities in the last 7 days. To export this information in a CSV file, click the Export to CSV button in the Settings > Advanced Audit Screen. For customers looking for audit activities over a larger scale of time, please contact your Customer Success rep who will automate the procedure for you.
Need more help with this?
Click here to open a Support ticket