New Delimiters Options (ID #6961)
In previous versions, the comma delimiter that separated entities ingested into the Siemplify platform was defined by default. The comma delimiter could be enabled/disabled in the main config or the Database at customer request – depending on which Siemplify version they were running.

With this Release, the Admin can control which delimiters (if any) should be used for specific entity fields. This is defined in the Event Configuration screen.
In addition, the Siemplify Create Entity action has a new Delimiter field which enables the security engineer to define ingesting entities separated by specific delimiter characters when creating a Playbook.
For more information, please refer here

Enforce Strong Password
From now on, when setting a new password, the password must meet the following requirements:

  • Include a minimum of 10 characters
  • Include 1 or more capital letter
  • Include 1 or more special characters
  • Not include the username

Option to Pause/Resume SLA at different stages
For SOC Managers, when the alert is being handled outside of the organization, they now have the ability to pause the SLA during various stages of the case handling. The Pause and Resume actions can be manually selected from the Alert “three dot” menu, and can also be controlled automatically through Playbook Actions. Audit messages mentioning the pausing and resuming of the SLA count will appear on the Case Wall.

Option to cancel XSS block
In order to allow customers to use scripts within HTML such as in the Announcements feature, we have added an option to cancel the XSS blocking feature.
To cancel XSS:

  1. Navigate to the config.json file in /opt/siemplify/siemplify_web/dist/assets/conf
  2. In the General section area, locate the _infoDisclaimer field and change the value to false.

Enhancements for Offline Marketplace
From this Release onwards, for customers using the offline option to download integrations, there will no longer be a need to choose which integrations will be imported into the marketplace. Now, the entire bundle will be downloaded. Note that importing content will not change any of your existing integrations.

Large content can now be read on the Platform (ID #6761, #7071)
Support for incoming content (such as Insights and Action Results) now allows up to 25,000 characters by default to be displayed on the screen. Content larger than that will still be available for download. You can also configure the content to be up to 200,000 characters in the MaximumCharactersGeneralResult field in the configuration table in the Database.

Keep Existing Entries by Default when Importing Data
When importing CSV files into the following Settings screens: Tags, Domains, Custom lists, SLA – the Keep Existing Entries is now the default option.

New Case Close Reason Added
A new option “Inconclusive” has been added to the Siemplify platform as a potential reason for closing a case.

HA Upgrade from 5.5.3 to 5.6.2
The HA upgrade to 5.6.2 now uses a case graph migration tool. For more information, speak to your Customer Success agent.

Maximum number of alerts that can be grouped in a case increased to 100
This feature was designed to enable large amounts of alerts in a single case. As best practice, Siemplify does not recommend grouping more than 20 alerts together in a case as this may cause delays for the analyst in closing cases with large amounts of data (playbooks, entities, events, etc.)  From the system side, this large volume might slow the run time of different actions on the case level.
In order to change the number of grouped alerts to 100, the Admin must change the value to any number up to 100 in the MaximumConfigurableAlertsGrouping field in the Database. Once done, you can change the “Max. alerts grouped into a Case” value in the Settings > Advanced > Alerts Grouping screen.

Auditing: include action identifiers
In order to support auditing/logging user-sensitive action with impact on users, data and assets, identifiers have now been added to all relevant actions. This can be seen in a new column entitled Activity Item in the Settings > Advanced > Audit screen.
The following items will have identifiers:

Activity Activity Item
AddOrUpdateConnector Connector: ConnectorID
AddOrUpdateGroupPermission New Group: permissionGroup
AddOrUpdatePermittedGroupsSettings New Group: permittedGroup
AddOrUpdateUserProfile User: UserName
SaveWorkflowDefinitions Playbook: Playbook Name
CloseAlert AlertID: AlertID
CloseCase CaseID: CaseID
CreateCase CaseIDs: CaseIDs
CreateWarRoomAuditor User: UserName
DeleteAgent Agent: AgentID
DeleteConnector Connector: ConnectorID
DeletePermissions Group: PermissionGroup
DeletePublishers Publishers: PublisherID
RemoveApiKeyRecord API Key: Application Name
UpdateConnectorFromIde Connector: ConnectorID
UpdateCustomIntegration Integration: Integration Name/ID
UpdateWarRoomAuditor User: username

Auditing: include full export of all user activities
Siemplify now supports a full export of ALL user activities in the last 7 days. To export this information in a CSV file, click the Export to CSV button in the Settings > Advanced Audit Screen. For customers looking for audit activities over a larger scale of time, please contact your Customer Success rep who will automate the procedure for you.

Need more help with this?
Click here to open a Support ticket

Thanks for your feedback.