July 21, 2020
Tabs in the Investigate menu
The Investigate menu has tabs to navigate between multiple queries. A new tab button added in the toolbar section of the Investigate menu. Clicking the new tab button opens a new tab where you can enter new queries without loosing the previous queries and results. For more information, see Investigate.
Event builder enhancements
Grouping categories added to event/alert rules while creating them through event rule builder. The existing 'Category' field is renamed to 'Framework' and revamped as Auto-complete field. Two new fields 'Category 1' and 'Category 2' added. For more information, see Event rules.
Alerts in disabled state
Added an option in the Event rule builder section to create an alert in disabled state. For more information, see Event rules.
New editable field
The Configure alert field is now editable for the default event rules (builder type). You can uncheck the Create alert rule checkbox to delete the associated alert rule. For more information, see Event rules > Default event rules.
Process tree
A new tab Process tree added in the Alert details section. It allows you to investigate suspicious processes in a graphical representation. For more information, see Alert details.
Pivot queries
Pivot queries added in the Alert details metadata section. Clicking a pivot query displays a summarized pivot query job results. For more information, see Alert details.
AWS integration
Added a new option to enable/disable AWS services and set their frequencies. For more information, see AWS.
The following customer related issues were also addressed in this release
ENG-9251 : Fixed the error with Centos vulnerability reports.