Release notes

Release Notes

June 30, 2017


New
Sensor health enhancements and improved monitoring so Perchy’s caretakers can respond quicker to sensors that are having issues.
  • Detection graph to see traffic level trends
  • Warning/down state for unchanging detection counts
  • Private IPs counts: how many unique IPs in each of the private IP blocks has a sensor seen (You have 1000 hosts on your network, but Perch is only seeing 10 of them)
New
Perchy gets better at communicating with users: action notification review and cleanup
  • More notifications, for both success and errors
  • Standard success/error look
New
New suppression scopes:
  • Global: SOC can suppress for all users at once
  • Community: SOC and community admins can suppress an indicator for an entire community
  • (coming soon, work complete, in-review and testing) by-IP: suppress for a single IP
Bugfix
Corrected the Community Dashboard Daily Events indicator counts so that they’re:
  • Storing the indicator counts
  • Computing the count correctly
Bugfix
Sorting by CIDR/subnet now sorts more naturally
Bugfix
Improved handling for observables that are missing intel data
Bugfix
Long comments have had a good talking to and have agreed to stay inside their comment panel better
Bugfix
Several minor bugs and tweaks corrected caused by database migrations & updates
Note
The ’all-natural’ performance enhancing supplements we’ve been feeding Perchy are paying off, his brain is bigger and better than ever!
  • Lots of expensive tech words = faster databases = more responsive Perch = happier users
  • Infrastructure work to ensure that as Perchy’s flock grows (and it is growing!), he can still respond to all of the data as fast as possible!
  • Migration to ElasticSearch 5
Note
Relational DB hardware upgrade and addition of read replica
Note
We’re making strong progress toward Perchy-bana, internal POC and development is promising

Release Notes

June 30, 2017


New
Sensor health enhancements and improved monitoring so Perchy’s caretakers can respond quicker to sensors that are having issues.
  • Detection graph to see traffic level trends
  • Warning/down state for unchanging detection counts
  • Private IPs counts: how many unique IPs in each of the private IP blocks has a sensor seen (You have 1000 hosts on your network, but Perch is only seeing 10 of them)


New
Perchy gets better at communicating with users: action notification review and cleanup
  • More notifications, for both success and errors
  • Standard success/error look


New
New suppression scopes:
  • Global: SOC can suppress for all users at once
  • Community: SOC and community admins can suppress an indicator for an entire community
  • (coming soon, work complete, in-review and testing) by-IP: suppress for a single IP


Bugfix
Corrected the Community Dashboard Daily Events indicator counts so that they’re:
  • Storing the indicator counts
  • Computing the count correctly


Bugfix
Sorting by CIDR/subnet now sorts more naturally


Bugfix
Improved handling for observables that are missing intel data


Bugfix
Long comments have had a good talking to and have agreed to stay inside their comment panel better


Bugfix
Several minor bugs and tweaks corrected caused by database migrations & updates


Note
The ’all-natural’ performance enhancing supplements we’ve been feeding Perchy are paying off, his brain is bigger and better than ever!
  • Lots of expensive tech words = faster databases = more responsive Perch = happier users
  • Infrastructure work to ensure that as Perchy’s flock grows (and it is growing!), he can still respond to all of the data as fast as possible!
  • Migration to ElasticSearch 5


Note
Relational DB hardware upgrade and addition of read replica


Note
We’re making strong progress toward Perchy-bana, internal POC and development is promising


Release Notes

June 2, 2017


New
Public Backtest API
  • Manage API token and credentials in Perch
  • Get token, backtest observables, profit!
New
(Soon) Additional suppression scopes:
  • Global: the Perch SOC will be able to suppress false positives for every group in a single action; we’ll be able to clean up the noisy, false positive intel more quickly so that the gems with real value can shine through.
  • Community: community leaders will be able to groom their own intel from within Perch; a community that preens together, stays together, right?
  • Individual Host: have a single host that you know triggers a FP, but you don’t want to completely ignore the indicator for other hosts? Now you can suppress an event for just one of them.
New
Sensor Health Summary:
  • Consolidated view of all of your group’s sensors and their health
  • Warnings for low resources and abnormal conditions:
    • Old rules and low rule counts
    • Sensor not uploading data
    • In the Admin menu: Sensor Summary
New
Emerging Threats (and Pro) selectable feeds
New
Unmonitored network filtering at the sensor
  • Perch takes the list of unmonitored network subnets for your group and sends it to the sensor so that it knows to ignore those networks in its detections.
  • Results in less work for the sensor, allowing us to do more with the hardware; less data sent to Perch, less outgoing network traffic for you, and less to process and store for us! It’s a genuine win-win paradigm-shifting value add, look at all this synergy! Give Canute and Chris a raise, this is amazing!
New
Alert filtering now considers subnet names
New
(Soon) Restart tours: watch them again and again with your friends and family!
New
Touch ups and polish here and there; retry button added to the end of the signup process when there is an error registering.
Bugfix
User group page no longer shows all of the groups from all of your communities, but only those you are actually a member of.
Note
Perch reaches it’s 1000th build and Perchy has his first birthday!

Release Notes

June 2, 2017


New
Public Backtest API
  • Manage API token and credentials in Perch
  • Get token, backtest observables, profit!


New
(Soon) Additional suppression scopes:
  • Global: the Perch SOC will be able to suppress false positives for every group in a single action; we’ll be able to clean up the noisy, false positive intel more quickly so that the gems with real value can shine through.
  • Community: community leaders will be able to groom their own intel from within Perch; a community that preens together, stays together, right?
  • Individual Host: have a single host that you know triggers a FP, but you don’t want to completely ignore the indicator for other hosts? Now you can suppress an event for just one of them.


New
Sensor Health Summary:
  • Consolidated view of all of your group’s sensors and their health
  • Warnings for low resources and abnormal conditions:
    • Old rules and low rule counts
    • Sensor not uploading data
    • In the Admin menu: Sensor Summary


New
Emerging Threats (and Pro) selectable feeds


New
Unmonitored network filtering at the sensor
  • Perch takes the list of unmonitored network subnets for your group and sends it to the sensor so that it knows to ignore those networks in its detections.
  • Results in less work for the sensor, allowing us to do more with the hardware; less data sent to Perch, less outgoing network traffic for you, and less to process and store for us! It’s a genuine win-win paradigm-shifting value add, look at all this synergy! Give Canute and Chris a raise, this is amazing!


New
Alert filtering now considers subnet names


New
(Soon) Restart tours: watch them again and again with your friends and family!


New
Touch ups and polish here and there; retry button added to the end of the signup process when there is an error registering.


Bugfix
User group page no longer shows all of the groups from all of your communities, but only those you are actually a member of.


Note
Perch reaches it’s 1000th build and Perchy has his first birthday!