Release notes

Release Notes

July 28, 2017


New
Dashboard: Now you can see both the active alerts and the things that have been suppressed since you were gone.


New
Support for international postal codes in sensor setup - Perch learns to be a more equal opportunity guardian of the galaxy; no matter where your sensor is (as long as it’s not the middle of the desert), Perch can put you on the cyber-security map.


New
Perchybana is live! Impress friends and neighbors with your network traffic insights. Be the life of any party by tracing netflow and diagnosing malware infections.


New
Alert review pagination, improved alert performance throughout Perch - people like books, books have pages, therefore people like pages. Now Perch has pages on its alert panels, therefore people will like Perch’s alert panels.


Bugfix
Sensor config - edge cases: more resiliency and error correction in uncommon install use cases, more ‘self-healing’ functionality to adjust for common problems.


Bugfix
Alert ‘all targets’ now pulls from the right data source - it used to come from column A, now it comes from column B. Same data, but easier/faster to query.


Bugfix
Show error message if user tries to create a subnet with a name that is too long - focus groups seem to indicate that users do not enjoy functionality that silently fails, so we’ve added a meaningful error message. Who would have known?


Bugfix
Backtest now returns group matches.


Note
We love feedback from our users! If you see something that’s not right, or have an idea to make Perch even more awesomer, report it to info@perchsecurity.com


Release Notes

July 14, 2017


New
New button next to alert IP addresses to copy to clipboard (without port number)
New
Improved sensor health network host count
  • Shows last 48 hours only (instead of all time)
  • Updates in real-time (instead of once daily)
New
Cisco Talos community created – get an oink code here: https://www.snort.org/ (third party, not affiliated with Perch)
New
Suppress by IP: you can now apply a suppression to a single host. Global, community, team, host; so many yummy suppression flavors to choose from.
New
Replaced Community Dashboard - Trending Indicators data with a top 5 list of indicators in a community with the highest unsuppressed alert counts, over the last 30 days.
New
General stability improvements to our sensors and improvements to health reporting; keeping Perchy’s eyes and ears clean and in top shape so we can See Farther.
New
Community feed list ‘Select All’: we think that having to click 100+ checkboxes is lame, too.
Bugfix
Due to the sheer number of individual sightings associated with some alerts, our ‘alert by host’ functionality on the alert review page had to be disabled temporarily so that we could re-architect some of the data that it used.
Bugfix
Fixed: signup process would allow a new user to skip creating a group, which causes all kinds of paperwork issues for sweet, old Fran in the back office. Per Fran’s rules, all new users must now either create a new group or join an existing one before they’re allowed inside Perchy’s exquisite garden.
Bugfix
Secret communities were re-classified SO secret than even Perchy had no idea which was which and started assigning groups to the wrong secret communities. We’ve given Our Great Leader access to the secret community codes and peace is restored to the galaxy, for now.
Bugfix
Fixed: Existing users that received an email invite to another group should now be able to use the invite link to join the group.
Bugfix
Fixed: Buttons that would allow multiple submissions of an action if the button was clicked rapidly (e.g. double-click). Dr. Perchy, PhB(ird), recommends that users limit coffee intake.
Bugfix
Fixes and tweaks to our sensor network and monitoring configurations
Note
Perchy-bana POC is complete, was successful, and we’re building out the QA infrastructure for its initial internal release and testing.
Note
Perch core relational database infrastructure went through another major upgrade with the addition of a read-replica, multi-db configuration, multi-port fuel injector, and twin-turbo blower. VTEC just kicked in, yo!
Note
Hired custodial cron jobs to vacuum and clean up the database nightly. Tried to get the office custodial staff to do it, but they mumbled something about union regulations and overtime.
Note
Nuked certain parts of our BigData infrastructure from orbit and replaced it with something better. Things work like they did before, but they cost less, run smoother, and allow us to scale better in the future.

Release Notes

July 14, 2017


New
New button next to alert IP addresses to copy to clipboard (without port number)


New
Improved sensor health network host count
  • Shows last 48 hours only (instead of all time)
  • Updates in real-time (instead of once daily)


New
Cisco Talos community created – get an oink code here: https://www.snort.org/ (third party, not affiliated with Perch)


New
Suppress by IP: you can now apply a suppression to a single host. Global, community, team, host; so many yummy suppression flavors to choose from.


New
Replaced Community Dashboard - Trending Indicators data with a top 5 list of indicators in a community with the highest unsuppressed alert counts, over the last 30 days.


New
General stability improvements to our sensors and improvements to health reporting; keeping Perchy’s eyes and ears clean and in top shape so we can See Farther.


New
Community feed list ‘Select All’: we think that having to click 100+ checkboxes is lame, too.


Bugfix
Due to the sheer number of individual sightings associated with some alerts, our ‘alert by host’ functionality on the alert review page had to be disabled temporarily so that we could re-architect some of the data that it used.


Bugfix
Fixed: signup process would allow a new user to skip creating a group, which causes all kinds of paperwork issues for sweet, old Fran in the back office. Per Fran’s rules, all new users must now either create a new group or join an existing one before they’re allowed inside Perchy’s exquisite garden.


Bugfix
Secret communities were re-classified SO secret than even Perchy had no idea which was which and started assigning groups to the wrong secret communities. We’ve given Our Great Leader access to the secret community codes and peace is restored to the galaxy, for now.


Bugfix
Fixed: Existing users that received an email invite to another group should now be able to use the invite link to join the group.


Bugfix
Fixed: Buttons that would allow multiple submissions of an action if the button was clicked rapidly (e.g. double-click). Dr. Perchy, PhB(ird), recommends that users limit coffee intake.


Bugfix
Fixes and tweaks to our sensor network and monitoring configurations


Note
Perchy-bana POC is complete, was successful, and we’re building out the QA infrastructure for its initial internal release and testing.


Note
Perch core relational database infrastructure went through another major upgrade with the addition of a read-replica, multi-db configuration, multi-port fuel injector, and twin-turbo blower. VTEC just kicked in, yo!


Note
Hired custodial cron jobs to vacuum and clean up the database nightly. Tried to get the office custodial staff to do it, but they mumbled something about union regulations and overtime.


Note
Nuked certain parts of our BigData infrastructure from orbit and replaced it with something better. Things work like they did before, but they cost less, run smoother, and allow us to scale better in the future.


Release Notes

June 30, 2017


New
Sensor health enhancements and improved monitoring so Perchy’s caretakers can respond quicker to sensors that are having issues.
  • Detection graph to see traffic level trends
  • Warning/down state for unchanging detection counts
  • Private IPs counts: how many unique IPs in each of the private IP blocks has a sensor seen (You have 1000 hosts on your network, but Perch is only seeing 10 of them)
New
Perchy gets better at communicating with users: action notification review and cleanup
  • More notifications, for both success and errors
  • Standard success/error look
New
New suppression scopes:
  • Global: SOC can suppress for all users at once
  • Community: SOC and community admins can suppress an indicator for an entire community
  • (coming soon, work complete, in-review and testing) by-IP: suppress for a single IP
Bugfix
Corrected the Community Dashboard Daily Events indicator counts so that they’re:
  • Storing the indicator counts
  • Computing the count correctly
Bugfix
Sorting by CIDR/subnet now sorts more naturally
Bugfix
Improved handling for observables that are missing intel data
Bugfix
Long comments have had a good talking to and have agreed to stay inside their comment panel better
Bugfix
Several minor bugs and tweaks corrected caused by database migrations & updates
Note
The ’all-natural’ performance enhancing supplements we’ve been feeding Perchy are paying off, his brain is bigger and better than ever!
  • Lots of expensive tech words = faster databases = more responsive Perch = happier users
  • Infrastructure work to ensure that as Perchy’s flock grows (and it is growing!), he can still respond to all of the data as fast as possible!
  • Migration to ElasticSearch 5
Note
Relational DB hardware upgrade and addition of read replica
Note
We’re making strong progress toward Perchy-bana, internal POC and development is promising

Release Notes

June 30, 2017


New
Sensor health enhancements and improved monitoring so Perchy’s caretakers can respond quicker to sensors that are having issues.
  • Detection graph to see traffic level trends
  • Warning/down state for unchanging detection counts
  • Private IPs counts: how many unique IPs in each of the private IP blocks has a sensor seen (You have 1000 hosts on your network, but Perch is only seeing 10 of them)


New
Perchy gets better at communicating with users: action notification review and cleanup
  • More notifications, for both success and errors
  • Standard success/error look


New
New suppression scopes:
  • Global: SOC can suppress for all users at once
  • Community: SOC and community admins can suppress an indicator for an entire community
  • (coming soon, work complete, in-review and testing) by-IP: suppress for a single IP


Bugfix
Corrected the Community Dashboard Daily Events indicator counts so that they’re:
  • Storing the indicator counts
  • Computing the count correctly


Bugfix
Sorting by CIDR/subnet now sorts more naturally


Bugfix
Improved handling for observables that are missing intel data


Bugfix
Long comments have had a good talking to and have agreed to stay inside their comment panel better


Bugfix
Several minor bugs and tweaks corrected caused by database migrations & updates


Note
The ’all-natural’ performance enhancing supplements we’ve been feeding Perchy are paying off, his brain is bigger and better than ever!
  • Lots of expensive tech words = faster databases = more responsive Perch = happier users
  • Infrastructure work to ensure that as Perchy’s flock grows (and it is growing!), he can still respond to all of the data as fast as possible!
  • Migration to ElasticSearch 5


Note
Relational DB hardware upgrade and addition of read replica


Note
We’re making strong progress toward Perchy-bana, internal POC and development is promising


Release Notes

June 2, 2017


New
Public Backtest API
  • Manage API token and credentials in Perch
  • Get token, backtest observables, profit!
New
(Soon) Additional suppression scopes:
  • Global: the Perch SOC will be able to suppress false positives for every group in a single action; we’ll be able to clean up the noisy, false positive intel more quickly so that the gems with real value can shine through.
  • Community: community leaders will be able to groom their own intel from within Perch; a community that preens together, stays together, right?
  • Individual Host: have a single host that you know triggers a FP, but you don’t want to completely ignore the indicator for other hosts? Now you can suppress an event for just one of them.
New
Sensor Health Summary:
  • Consolidated view of all of your group’s sensors and their health
  • Warnings for low resources and abnormal conditions:
    • Old rules and low rule counts
    • Sensor not uploading data
    • In the Admin menu: Sensor Summary
New
Emerging Threats (and Pro) selectable feeds
New
Unmonitored network filtering at the sensor
  • Perch takes the list of unmonitored network subnets for your group and sends it to the sensor so that it knows to ignore those networks in its detections.
  • Results in less work for the sensor, allowing us to do more with the hardware; less data sent to Perch, less outgoing network traffic for you, and less to process and store for us! It’s a genuine win-win paradigm-shifting value add, look at all this synergy! Give Canute and Chris a raise, this is amazing!
New
Alert filtering now considers subnet names
New
(Soon) Restart tours: watch them again and again with your friends and family!
New
Touch ups and polish here and there; retry button added to the end of the signup process when there is an error registering.
Bugfix
User group page no longer shows all of the groups from all of your communities, but only those you are actually a member of.
Note
Perch reaches it’s 1000th build and Perchy has his first birthday!

Release Notes

June 2, 2017


New
Public Backtest API
  • Manage API token and credentials in Perch
  • Get token, backtest observables, profit!


New
(Soon) Additional suppression scopes:
  • Global: the Perch SOC will be able to suppress false positives for every group in a single action; we’ll be able to clean up the noisy, false positive intel more quickly so that the gems with real value can shine through.
  • Community: community leaders will be able to groom their own intel from within Perch; a community that preens together, stays together, right?
  • Individual Host: have a single host that you know triggers a FP, but you don’t want to completely ignore the indicator for other hosts? Now you can suppress an event for just one of them.


New
Sensor Health Summary:
  • Consolidated view of all of your group’s sensors and their health
  • Warnings for low resources and abnormal conditions:
    • Old rules and low rule counts
    • Sensor not uploading data
    • In the Admin menu: Sensor Summary


New
Emerging Threats (and Pro) selectable feeds


New
Unmonitored network filtering at the sensor
  • Perch takes the list of unmonitored network subnets for your group and sends it to the sensor so that it knows to ignore those networks in its detections.
  • Results in less work for the sensor, allowing us to do more with the hardware; less data sent to Perch, less outgoing network traffic for you, and less to process and store for us! It’s a genuine win-win paradigm-shifting value add, look at all this synergy! Give Canute and Chris a raise, this is amazing!


New
Alert filtering now considers subnet names


New
(Soon) Restart tours: watch them again and again with your friends and family!


New
Touch ups and polish here and there; retry button added to the end of the signup process when there is an error registering.


Bugfix
User group page no longer shows all of the groups from all of your communities, but only those you are actually a member of.


Note
Perch reaches it’s 1000th build and Perchy has his first birthday!