Release Notes

December 1, 2017
star
New - Group owners & admins: if you leave a community, all open alerts for that community will now be removed. A warning message to this effect has been added to the ‘Leave Community’ confirmation check.

star
New - Added scope and reason detail to suppressions display

bug_report
BUG FIX - Dashboard alert panel was trying to load 100 alerts, but only needs to show three - it should load much faster now.

bug_report
BUG FIX - Indicator history tabs - cleaned up display a bit and added missing loading spinners

label
Note - We’re close to releasing the changes to the public API for Perch alerts and bulk intel creation. We want it to be well documented and usable on release, we’re hoping you’ll think it was worth the wait!

label
Note - Our work on an internal CSV intel format and loading tool is finished and we’re working with a couple of customers to iterate on it before we release to everyone.

November 20, 2017
star
New - Alert History - alerts come in, get triaged, and closed - then you never see them again… until now! We’ve added a new tab on the Alert Review page where you can review all of your closed alerts. You’ll see additional information about the suppression that closed the alert and can jump to the indicator detail page.

star
New - Public API improvements: create bulk intel, list alerts, documentation, Python client library. We want people using and sharing our data, we’re listening closely to our users’ requests and are working on providing a simple, clear way to interact with Perch via API.

star
New - Minor improvement to Search so that it includes indicators that contain observables that contain the search term, instead of just searching the body of the indicator.

bug_report
BUG FIX - Application tour should now skip admin-only steps for non-admin users.

bug_report
BUG FIX - Clicking the comment delete button should now actually delete the comment.

bug_report
BUG FIX - Indicator history event ordering makes more sense now - we have to load the indicator before we can detect on it.

bug_report
BUG FIX - Alerts by Host - columns scroll independently so that picking an host far down the list doesn’t require you to scroll all the way back to the top to see the alerts for that host.

label
Note - We’re working on a CSV format and Python tool to bulk load intel into Perch

November 10, 2017
star
New - Login History now shows country flag with tooltip next to the IP address - Hey, wait a minute, when did Sally move to China?!?

star
New - Added company name to sensor health page - it’s not always easy to remember that ‘angry_carrot’ belongs to Acme Bank & Trust.

star
New - (Very Soon) Indicator detail history - shows a timeline of an indicator’s history, when the intel was produced, when it was first sighted in Perch, and when your group has alerted on and suppressed the indicator. Like a social media timeline, but with less propaganda and more threat intel.

bug_report
BUG FIX - Suppressions that would close multiple alerts now remove all of the affected alerts from the UI, instead of just the alert that the suppression was created from (affects Community/Global suppressions)

bug_report
BUG FIX - Improved but not completely fixed indicator detail page ‘produced’ and ‘first/last sightings’ timestamps not having values.

bug_report
BUG FIX - ‘Content’ type observables now display a CSV list of content values instead of an empty value

bug_report
BUG FIX - Community Dashboard latest indicators was not showing the last page of the available indicators

bug_report
BUG FIX - Status update emails now show the name of the user that made the status change instead of always showing it was from Perch SOC.

label
Note - Indicator detail tabs re-ordered - supplies were running low

label
Note - We’re making adjustments to remove many of the scrolling panels on some of the pages. This should result in a more natural scrolling experience and improved scrolling navigation throughout the app.
October 20, 2017
star
New - Group users can change status on events, just like SOC - you can now change the status on an event by using a selector where the status appears
  • Remember: when you’re on the alert review page, alerts are grouped per-tab by status. Changing the status on an alert there will automatically move it to the appropriate tab; it’s not gone, just moved to a different tab.

star
New - Email notifications when someone first sights indicators you create!
  • Only sent the first time the intel is sighted.
  • If you’d prefer not to receive these notifications, you can turn them off in your user profile settings.
  • Periodic email reports about intel you’ve created is coming soon.

star
New - Indicator detail design pass
  • New graphs
  • Faster loading
  • More coming soon!

bug_report
BUG FIX - Removed SOC logins from team login history - they log in a LOT and it clutters up the view for actual group members

bug_report
BUG FIX - Assorted minor tweaks and fixes

label
Note - Community Dashboard recent indicators load much faster

label
Note - Improvements to rule creation monitoring and diagnostics

October 6, 2017
star
New - Palo Alto Firewall AddOn - Found a bad actor with Perch? Want to also block it on your firewall? Just check a box while you’re remediating and Perch will send it to the firewall for you.
  • Manage (including manually adding) firewall blocking through Perch admin panels

star
New - Perch.help - Having trouble getting around Perch town? We’ve launched a new site to bring together all the best tips and tricks for getting the most out of Perch. Have a topic not covered on the site that you’d love to know more about? Let us know.

star
New - (Very soon) User login history - Group admins have a menu item to see the login history for the team’s members; users have a new tab on their profile page to see their own login history.

bug_report
BUG FIX - Subnet tags are now displayed on public IPs

bug_report
BUG FIX - Community Dashboard - community files panel now updates correctly when you switch communities; this was purely a visual bug, no files were shared between communities.

bug_report
BUG FIX - Community Dashboard - top analysts panel no longer shows analysts with zero points; if there are no analysts with points, you’ll see a friendly, informative message.

bug_report
BUG FIX - General visual cleanup: aligned some buttons here, tweaked a message there.

label
Note - Snooze suppressions have been removed. We want to keep Perch simple and easy to use; Snooze suppressions weren’t pulling their weight in the relationship and we decided they needed to go. It’s not you Snooze suppressions, it’s us. We’re sure you’ll find somebody nice.

label
Note - Port numbers removed from alert Perchybana links: we found that just using the targets and time window gave the best visibility into the traffic relevant to investigating the alert.

label
Note - Infrastructure upgraded to Python 3.6; other third-party libraries updated to latest and greatest. Keeping Perchy healthy and well preened lets him focus on watching your networks with confidence.

September 29, 2017
star
New - Added intel produced or loaded time (depending on which is available) to the alert display
star
New - SOC/MSSP CRM: keep track of group contact info inside Perch, available to staff/MSSPs on the suppression modals, so that it’s handy if you need to escalate to the customer
star
New - (Very Soon) Palo Alto firewall integration - click a button in Perch to have an IP, url, or domain automatically sent to your firewall.
star
New - Better default sorting on admin pages - you mean sorting by database ID isn’t useful to users?!?
bug_report
BUG FIX - Added missing port columns to Perchybana links
bug_report
BUG FIX - Fixed dashboard most recent suppressions not always updating when they should
bug_report
BUG FIX - Fixed page styling to get rid of extra, but pointless scrollbars
bug_report
BUG FIX - Group settings should all be editable now
bug_report
BUG FIX - Sensor health detection count graph Y-Axis labels now show ‘file size’ (x.xGB) numbers, instead of raw byte counts
bug_report
BUG FIX - Indicators now show more observables, up to 1000 (up from 200).
bug_report
BUG FIX - API users no longer appear in the group’s user management list (you can still find your API user info on the group settings pages)
bug_report
BUG FIX - Fixed the group setup page in the signup flow showing the “This field is required” error as soon as the page shows, instead of only when the data needed to be validated
bug_report
BUG FIX - Fixed large, fixed size alert panel on the indicator detail page
bug_report
BUG FIX - Added a check and a useful error message when the user’s browser doesn’t support WebGL

label
Note - Performance pass, improved caching of frequently used data
label
Note - Sensor health diagnostic commands and raw health removed for non-staff. No one enjoys seeing how the sausage is made!
label
Note - Improved tracking and logging for failed logins; tweaks to how failed logins are communicated to staff
label
Note - Alert row visual tweaking: less vertical space between data, more vertical space between rows.
label
Note - Improved automatic staff notification when new users and groups join

August 28, 2017
star
New - Perchybana really loves all the recent attention. To help you really appreciate her beauty, we’ve added a convenient button on each alert that will take you directly to Perchybana with the data filtered just to that alert’s details. Triage alerts just like the pros.

star
New - Paginate all the things! We’ve revamped how we handle larger data sets in Perch and how that data is fetched from our servers:
  • Pagination added to: the Community Dashboard recent indicators so you can check out all that juicy community intel (last 10,000 indicators only, for now), not just the most recent 5.
  • Another pass at Alert Review: suppressing an alert no longer completely refreshes the alert list; if the suppression partially suppresses an event, such as with an IP-based suppression, the event will be updated with the unsuppressed information.
  • Suppression Review pagination: suppressions still don’t load as fast as we’d like, but now the review page only shows 25 at a time, so the delay is more manageable. We’re still going to take another pass at making suppressions load faster in the near future.

star
New - Public-to-public alert monitoring:
  • You can now tell Perch that you’d like to see alerts from specific public subnets. If an alert contains a public IP that is in a monitored subnet, it will now show up in Perch. (Previously, Perch would intentionally ignore all public-public alerts.

star
New - Sensor intel optimizations
  • We’re able to use the data we’ve collected to optimize which intel we send down to your sensors. This results in fewer false positives from the sensor (and less bandwidth used) and opens up opportunities to ensure that the most relevant intel is prioritized more often.

bug_report
BUG FIX - Fixed several edge-case issues with Perchybana link:
  • Mixed start/end dates
  • Port-less (e.g. ICMP) alerts
  • Missing fields for certain common ports.

bug_report
BUG FIX - Our No Suppression Left Behind campaign continues! The previous fix for the ‘global/community’ suppressions showing as ‘Unknown [null]’ was FAKE NEWS! SHAMEFUL! So we fixed it again, for reals this time.

label
Note - Code base maintenance. Perchy can be a messy bird at times and he works best in a clean cage.

label
Note - (Coming Soon) Perch Help website
  • Since the initial launch of Perch, we’ve learned a ton about what it takes for our users to get the most value from Perch and we want to share that with any many of our customers as we can. We’re collecting that information, FAQs, and other tidbits of info into a new, mobile-friendly help website.

August 11, 2017
star
New - Perchybana per-user saved searches - Decorating her nest with all manner of brightly colored bits of user configuration, now each of our users can have their very own Perchybana configuration - including their own saved searches.

star
New - Group selection on suppression review
  • Suppressions load slowly, we know; this is the first step in fixing that
  • More coming soon.

star
New - In this month’s edition of Sensor Health magazine:
  • New health details
  • Graph scales that make sense
  • CPU info display
  • And the displayed detection drop percentage precision increased by 100% (Re: now we show two decimal places instead of one.)

star
New - New end of signup flair - not so exciting for existing customers, but now every new sign up gets a free puppy! Ok, no free puppy, but there are some digital fireworks. And a sad Perchy if things go wrong.

star
New - Enhanced sensor health evaluation
  • No one is happy when sensors aren’t able to do their thing. We’re making our sensor reporting more robust and being more aggressive about what conditions we monitor. Our periodic sensor health reports contain more details and warn about more conditions.

star
New - Indicators you’ve created now link to the object detail page so that you can see all of the details about your creation. You’re proud of what you’ve created, you want to see it out there among all the other wild indicators doing its thing. We want those special moments with your indicator to be easier, so now you can jump right to the details page for indicators you’ve created, by clicking on their title from the Sharing ➔ Your Indicators page.

bug_report
BUG FIX - Improved load performance of object detail page, separated sections to load independently - same bat time, same bat channel, same bat data; just served up differently so that the page loads a little better/faster.

bug_report
BUG FIX - Community tags for the communities you’ve shared an indicator with can be clicked to take you to that community’s dash. Community tags should all work the same, but we keep finding the old ones hiding in corners. If you find one that you click on, but it doesn’t take you to the communtiy dashboard, report it!

bug_report
BUG FIX - Global/Community suppressions no longer appear under the ‘Unknown [null]’ group - As part of our No Suppression Left Behind campaign, we’ve ensured that every suppression gets a proper section title, regardless of socioeconomic background, race, creed, or actual group membership. #EqualityForAllSuppressions

label
Note - Improved internal tools to ensure our customers are having a positive Perchy experience. We’re looking for patterns that warn us that someone’s having a not-so-great experience with Perch, so that we can proactively reach out, figure out what’s not right, and get it fixed ASAP.

July 28, 2017
star
New - Dashboard: Now you can see both the active alerts and the things that have been suppressed since you were gone.

star
New - Support for international postal codes in sensor setup - Perch learns to be a more equal opportunity guardian of the galaxy; no matter where your sensor is (as long as it’s not the middle of the desert), Perch can put you on the cyber-security map.

star
New - Perchybana is live! Impress friends and neighbors with your network traffic insights. Be the life of any party by tracing netflow and diagnosing malware infections.

star
New - Alert review pagination, improved alert performance throughout Perch - people like books, books have pages, therefore people like pages. Now Perch has pages on its alert panels, therefore people will like Perch’s alert panels.

bug_report
BUG FIX - Sensor config - edge cases: more resiliency and error correction in uncommon install use cases, more ‘self-healing’ functionality to adjust for common problems.

bug_report
BUG FIX - Alert ‘all targets’ now pulls from the right data source - it used to come from column A, now it comes from column B. Same data, but easier/faster to query.

bug_report
BUG FIX - Show error message if user tries to create a subnet with a name that is too long - focus groups seem to indicate that users do not enjoy functionality that silently fails, so we’ve added a meaningful error message. Who would have known?

bug_report
BUG FIX - Backtest now returns group matches.

label
Note - We love feedback from our users! If you see something that’s not right, or have an idea to make Perch even more awesomer, report it to info@perchsecurity.com
July 14, 2017
star
New - New button next to alert IP addresses to copy to clipboard (without port number)
star
New - Improved sensor health network host count
  • Shows last 48 hours only (instead of all time)
  • Updates in real-time (instead of once daily)
star
New - Cisco Talos community created – get an oink code here: https://www.snort.org/ (third party, not affiliated with Perch)
star
New - Suppress by IP: you can now apply a suppression to a single host. Global, community, team, host; so many yummy suppression flavors to choose from.
star
New - Replaced Community Dashboard - Trending Indicators data with a top 5 list of indicators in a community with the highest unsuppressed alert counts, over the last 30 days.
star
New - General stability improvements to our sensors and improvements to health reporting; keeping Perchy’s eyes and ears clean and in top shape so we can See Farther.
star
New - Community feed list ‘Select All’: we think that having to click 100+ checkboxes is lame, too.
bug_report
BUG FIX - Due to the sheer number of individual sightings associated with some alerts, our ‘alert by host’ functionality on the alert review page had to be disabled temporarily so that we could re-architect some of the data that it used.
bug_report
BUG FIX - Fixed: signup process would allow a new user to skip creating a group, which causes all kinds of paperwork issues for sweet, old Fran in the back office. Per Fran’s rules, all new users must now either create a new group or join an existing one before they’re allowed inside Perchy’s exquisite garden.

bug_report
BUG FIX - Secret communities were re-classified SO secret than even Perchy had no idea which was which and started assigning groups to the wrong secret communities. We’ve given Our Great Leader access to the secret community codes and peace is restored to the galaxy, for now.

bug_report
BUG FIX - Fixed: Existing users that received an email invite to another group should now be able to use the invite link to join the group.
bug_report
BUG FIX - Fixed: Buttons that would allow multiple submissions of an action if the button was clicked rapidly (e.g. double-click). Dr. Perchy, PhB(ird), recommends that users limit coffee intake.
bug_report
BUG FIX - Fixes and tweaks to our sensor network and monitoring configurations
label
Note - Perchy-bana POC is complete, was successful, and we’re building out the QA infrastructure for its initial internal release and testing.
label
Note - Perch core relational database infrastructure went through another major upgrade with the addition of a read-replica, multi-db configuration, multi-port fuel injector, and twin-turbo blower. VTEC just kicked in, yo!
label
Note - Hired custodial cron jobs to vacuum and clean up the database nightly. Tried to get the office custodial staff to do it, but they mumbled something about union regulations and overtime.
label
Note - Nuked certain parts of our BigData infrastructure from orbit and replaced it with something better. Things work like they did before, but they cost less, run smoother, and allow us to scale better in the future.
June 30, 2017
star
New - Sensor health enhancements and improved monitoring so Perchy’s caretakers can respond quicker to sensors that are having issues.
  • Detection graph to see traffic level trends
  • Warning/down state for unchanging detection counts
  • Private IPs counts: how many unique IPs in each of the private IP blocks has a sensor seen (You have 1000 hosts on your network, but Perch is only seeing 10 of them)

star
New - Perchy gets better at communicating with users: action notification review and cleanup
  • More notifications, for both success and errors
  • Standard success/error look

star
New - New suppression scopes:
  • Global: SOC can suppress for all users at once
  • Community: SOC and community admins can suppress an indicator for an entire community
  • (coming soon, work complete, in-review and testing) by-IP: suppress for a single IP

bug_report
BUG FIX - Corrected the Community Dashboard Daily Events indicator counts so that they’re:
  • Storing the indicator counts
  • Computing the count correctly

bug_report
BUG FIX - Sorting by CIDR/subnet now sorts more naturally

bug_report
BUG FIX - Improved handling for observables that are missing intel data
bug_report
BUG FIX - Long comments have had a good talking to and have agreed to stay inside their comment panel better
bug_report
BUG FIX - Several minor bugs and tweaks corrected caused by database migrations & updates
label
Note - The ’all-natural’ performance enhancing supplements we’ve been feeding Perchy are paying off, his brain is bigger and better than ever!
  • Lots of expensive tech words = faster databases = more responsive Perch = happier users
  • Infrastructure work to ensure that as Perchy’s flock grows (and it is growing!), he can still respond to all of the data as fast as possible!
  • Migration to ElasticSearch 5

label
Note - Relational DB hardware upgrade and addition of read replica

label
Note - We’re making strong progress toward Perchy-bana, internal POC and development is promising
June 2, 2017
star
New - Public Backtest API
  • Manage API token and credentials in Perch
  • Get token, backtest observables, profit!

star
New - (Soon) Additional suppression scopes:
  • Global: the Perch SOC will be able to suppress false positives for every group in a single action; we’ll be able to clean up the noisy, false positive intel more quickly so that the gems with real value can shine through.
  • Community: community leaders will be able to groom their own intel from within Perch; a community that preens together, stays together, right?
  • Individual Host: have a single host that you know triggers a FP, but you don’t want to completely ignore the indicator for other hosts? Now you can suppress an event for just one of them.

star
New - Sensor Health Summary:
  • Consolidated view of all of your group’s sensors and their health
  • Warnings for low resources and abnormal conditions:
    • Old rules and low rule counts
    • Sensor not uploading data
    • In the Admin menu: Sensor Summary

star
New - Emerging Threats (and Pro) selectable feeds

star
New - Unmonitored network filtering at the sensor
  • Perch takes the list of unmonitored network subnets for your group and sends it to the sensor so that it knows to ignore those networks in its detections.
  • Results in less work for the sensor, allowing us to do more with the hardware; less data sent to Perch, less outgoing network traffic for you, and less to process and store for us! It’s a genuine win-win paradigm-shifting value add, look at all this synergy! Give Canute and Chris a raise, this is amazing!

star
New - Alert filtering now considers subnet names

star
New - (Soon) Restart tours: watch them again and again with your friends and family!
star
New - Touch ups and polish here and there; retry button added to the end of the signup process when there is an error registering.

bug_report
BUG FIX - User group page no longer shows all of the groups from all of your communities, but only those you are actually a member of.

label
Note - Perch reaches it’s 1000th build and Perchy has his first birthday!