Release Notes

October 5, 2018
New
  • Email: Added SLA info to emails and migrated to new email-service

Bugfix
  • DB: Fixed database migration conflicts
  • Email: Fix for weekly email summary not sending
  • Sensor: Fix sensor health page and add MSSP permissions

August 24, 2018
New
  • Added the ability to change an alert from “Escalated” to another status from the Dashboard
  • Added the time remaining to triage an alert and fulfill the applied SLA for MSSP users
  • Added SLA management for MSSP users
  • Added webhook support for Alerts ( Beta )
  • Added MS-ISAC and NCU-ISAO communities ( Beta )

Note
  • The new and improved Alerts list is now live and the old Alerts list has been removed

July 27, 2018
New
  • Added API support for MSSPs and upcoming SLA management
  • Added a new Organization Settings ( Beta )
  • Added specialized rule files for Tiny Form Factor sensors
  • Updated the Escalated Alerts color to a friendlier shade of yellow

Bugfix
  • Fixed a bug when joining communities during the sign up process
  • Fixed a bug with firewall blacklist options on the Alerts ( Beta ) suppression modal
  • Fixed a bug with IPs not populating in the Alerts ( Beta ) False Positive Modal

Note
  • Removed deprecated API endpoints for rule files
  • Updated weekly emails to use an improved, automated process

July 13, 2018
New
  • Improve the usability of the new Analyzers section in Alert details
  • Enhance the MSSP Analyst Activity report with new metrics and improvements

Bugfix
  • Fix a bug preventing some suppressions from being created on the new Alerts Beta page
  • Prevent the app from going blank when unhandled exceptions occur
  • Fix an issue with some servers not rotating logs, resulting in slow or inconsistent response times

Note
We’ve been working on major infrastructure enhancements that will enable us to release some exciting new features over the next several months - stay tuned!

June 29, 2018
New
  • Add firewall support to the new Alerts Beta page
  • Improve the user experience around group and community-level suppression
  • Add single and multi-organization support for MSSP users in the new Alerts Detail page
  • Add a “related alerts” section to the Alert Detail page for quickly viewing other alerts created by a specific indicator

Bugfix
  • Fix an issue causing incorrect alert counts on the Indicator Detail page
  • Fix some issues that occurred during the registration process
  • Fix some Perchybana queries that respond slowly or with an error
  • Fix an issue where some alerts would not remove themselves from the Alert List page after suppression
  • Fix some sensors that would report invalid timestamps on some network traffic

Note
We are still actively enhancing the new Alerts Beta and Alert Detail pages. If you have suggestions or questions, please reach out to the team in SquawkBox.

May 18, 2018
New
Login and Signup flows have received a facelift and refactoring, to go along with OUR NEW PUBLIC WEBSITE!
New
The punch++ community configuration has been given an additional + and is working once more
New
Pagination and search added to login history views, because some people log in a lot
New
Alert indicator detail and Perchybana buttons now open in new tabs, instead of the current tab. Now feel like a real security pro by having 50 tabs open at once!
New
New alerts list is in beta - we’re trialling it internally with our own SOC team to make sure it has all the bells and whistles that our power users will need to triage their own alerts!
New
Cortex integration is in beta - the moving parts are mostly in place and we’re working out the details about how to handle user configurable settings and API keys. We’re very excited about the potential between a Perch/Cortex integration and have all kinds of cool ideas how to work it into the Perch app, stay tuned!
New
Community sightings public API is in beta - currently testing with some select internal customers!
New
User submission of raw sensor rules is in early functional stages - we’ve have the functional parts in place, but there’s some wrinkles we need to iron out first before we release to the general public.
Bugfix
The group invite process has had a couple minor bugs fixed that was preventing some user’s from using their invite codes.
Bugfix
Invites to existing teams no longer prompt the new user to set up a sensor before using Perch.
Bugfix
Existing Perch users that are already logged into Perch can now use the group invite link from the email
Bugfix
Community suppression view all page rows per page now actually changes the number of rows shown per page.
Bugfix
Group invite modal now clears invite email addresses between openings
Bugfix
The cancel button on the MFA entry page during login works once more
Bugfix
Community file lists now correctly update when switching between communities
Bugfix
Copy to clipboard buttons should no longer force the page to scroll to the top
Bugfix
Login (and other pages) should no longer do the shimmy dance with scrollbars on Windows Chrome
Bugfix
Users on slow connections with access to multiple groups should no longer see weirdness when rapidly switching between groups.
Bugfix
Not officially supported, but we fixed an IE11 white screen error for the dashboard. If you’re using old versions of IE, upgrade!!! Old browsers aren’t secure, don’t use them; we’re security professionals, this is low hanging fruit!
April 20, 2018
New
Alerts review first pass: We’re days away from releasing the first part of our alert review project. Most alert panels are being streamlined and we’re introducing the alert details page. This page is similar to the indicator details page, but shows enhanced details about the selected alert instead. The information we’re removing from the alert rows will show up on the new details page, along with additional information about the alert, and details about the intel that triggered the alert.
  • More coming soon:
    • Related alerts - a full breakdown of all of the individual target pairs involved in an aggregate alert.
    • Alert comments - put comments directly on a specific alert instance, instead of on the intel the alert triggered on
    • Additional enrichment - we want to show you more information about the details involved in the alerts
    • After coming soon, next phase:
    • Alert Review page enhancements:
    • multi-select: change status, suppress
    • performance! much, much faster
    • better search, sorting, filtering

Bugfix
Re-opening the ‘Invite user to group’ modal now clears the invite email field.

Bugfix
Dashboard sensor health widgets now use the same rules for status as the other sensor health displays and pages.
Bugfix
We had a performance issue with the generation of the Perchybana links from suppressions, so we had to disable them. We’ve fixed that issue and the links have returned.

Bugfix
On the indicator details page, in the observable panel on the left, observables that are currently triggering alerts will once more be highlighted (and there was much rejoicing, huzzah!)

Note
(In Development) Perchy’s hard at work improving his brain - we’re adding support for TheHive’s powerful Cortex analyzers as part of our alert detail enrichment efforts. There are all kinds of valuable ways to analyze the alerts that we’re detecting, and we want to bring them all together in one easy to use interface. We’re experimenting with adding Cortex analyzer details to the information that you see in the Perch interface. Open up an interesting alert’s details, flip to the Analyze tab, and we’ll have the info you’d normally have to go digging for right there in front of you. Kick back, drink coffee, enjoy the sweet, sweet automation.

Note
Perchy is recently back from down under where he’s been setting up our first non-US regional data center. We’re working through the final stages of configuring our systems to handle the data sovereignty needs of our worldwide customers. Soon you can get flocked up, no matter where in the world you are!

Note
Data migration work - its not sexy, the guys who do it don’t have any cool new widgets to demo, but its gotta get done. We’re continuing our work on internal projects to keep the Perch architecture and data flow well tuned so that the app and Perchybana stay responsive and don’t feel like a chore to use. We’re watching the charts, we see what parts of the app are sluggish, and we’re working on them!

April 6, 2018
New
Initial changes for Alert review (on QA) -
  • alert rows shown in panels condensed
  • new alert details page - see more information about what triggered the alert

New
Header update - new navigation, new look.

New
New user onboarding experience, tour replacement.
New
Added reverse DNS names to alert IP addresses, where available.
Bugfix
Arbitrated a disagreement between the actual number of alerts and the number shown on the tab of the review alerts page.
Bugfix
Clicking the link from a Perch team invite email will now pre-populate the email address field, to ensure that the email address used to sign up matches the email address that the invite was sent to.

Bugfix
Invite email invites aren’t quite so particular about the case of the letters in the email addresses matching.

Bugfix
Dashboard true/false positive by community charts were displaying data for all groups in shared communities, they now show just the selected team’s data.
Note
We’ve recently upgraded our core front-end application framework React to version 16. This is a major version update which affected every part of the Perch application, we’ve tested and tested, but if you discover something broken, please let us know!
March 23, 2018
New
Perchy has a new place for YOU to land: the new dashboard is live and it is awesome! We want you to have the most valuable info possible dropped right in your lap right away; Perchy prepares it all and brings it right to you, like a faithful hound with the morning paper. Escalations, recent alerts, and suppression information is near the top, scroll down to see info about your communities, your sensors, and get some insight into overall network visibility and ‘noisy’ hosts.

New
‘Since You’ve Been Gone’: you might not miss Perchy while you’re away, but we don’t want you to miss out on the important details about what’s been happening since you’ve been gone. Every time you log in, you’ll be presented with a quick overview of important activity that happened while you were logged out: escalations, alerts closed, comments, new intel, and sightings of your personal indicators. You won’t need to manually log out to take advantage of this new information, just close the Perch app when you’re done using it.

New
We’re adding reverse DNS name information to our alerts, so that its easier to relate a private IP to a named host. Look for this new information in the ‘src_FQDN’ and ‘dest_FQDN’ fields on alerts in Perchybana. In the future, we’ll be incorporating this new data into more elements of the UI, for easier identification everywhere.

Bugfix
Snackbar/toast notifications (the little panels that pop up from the bottom of the window) message color should now be easier to read.

Bugfix
Returned the ‘Select All’ button to its rightful place on the community feed selection modal - no one likes having to click those boxes one by one.

Note
As usual, there’s a bunch of tweaks and performance tuning that we’re doing to keep the app snappy and responsive. If you run into something that’s loading slowly for you, or feels like a chore to use, LET US KNOW! We love the feedback and we’re always on the look out to hear it directly from our users!

March 9, 2018
New
New Dashboard: Incorporates feedback that we’ve collected from our users and should put more relevant information directly in front of you as soon as you log in. You can get a preview of the new dashboard here: https://app.perchsecurity.com/dashboard-next (Still a work in progress and you can expect to see more updates in the days to come.)

New
IP suppressions can now be applied to multiple IPs at once. This will create a separate suppression per IP, just as if you’d manually created them one by one.

New
Observable dashboard panels now have a toggle between top 5 and bottom 5.
New
Alert status changes added to indicator detail history tab.
Bugfix
Fixed a bug with the CSV download of community suppressions, CSV should now contain just the data for the current filter settings.
Bugfix
Fixed a significant performance issue in the community suppressions panel, should load much, much faster now.
Bugfix
More minor UI fixes here and there, sorted some lists to make selection easier.
Bugfix
Observable dashboard SSH and SMTP tabs now return all data.
Note
Community latest suppressions now visible to all users, not just community admins.
Note
Internal changes to support more types of external data sources and more use cases for community data sharing.
Note
We’re working on improving our support for MSSPs, allowing users from one group to manage other groups, without actually having to be a member of the group.
February 23, 2018
New
We’ve added a new section to the Community Dashboard: anonymized, latest true/false positive detections for members of the community. Now you get a better view of what everyone in your community is seeing and how they’re responding. As a bonus, we’ve made the lists available as a CSV download!

New
On the suppression modals, we’ve moved the contact information to the main view and removed the tabs. This helps make sure our SOC has the info they need to triage your alerts right in front of them when they’re preparing a suppression.

New
Groups on the alerts by host page now start off collapsed
New
Perchybana links slightly adjusted to show more relevant HTTP fields by default
New
We’re adding the raw Emerging Threats (and Pro) Suricata rule to the indicator detail page
Bugfix
Sign up adjusted so that browser password managers don’t try to use your Last Name as your user name
Bugfix
Fixed the comment visibility drop list UI issues and missing descriptions
Bugfix
We’ve crushed a multitude of little bugs that cropped up during our recent UI library upgrade and while polishing up the new observable detail view. Too many to list here, but if you find something we missed, LET US KNOW and we’ll fix it!
Note
Major UI library upgrade: keeping your tech stack up to date is important to continue to develop features using the latest tools and security fixes, and as a security company, that’s especially important to us. We’ve recently focused on upgrading some of our core application libraries to keep things running smoothly and securely.

Note
We’re in the middle of a pretty major intel storage refactoring that should enable us to see some real performance gains, especially for our larger customers and our SOC. It’s still a couple weeks away from being finished, but we’re already excited about the new hotness that it will allow us to build.

Note
Coming soon: XFF on alerts, multi-IP selection for IP suppressions, show all targets on closed alerts, new dashboard, and more!

February 9, 2018
New
Observables Dashboard internal release and testing - we’ve wrapped up development and now we’re putting it through the wringer to make sure that everything works and looks great with our production data. There’s still a few small tweaks and adjustments to be made, but it’s really close and the details it exposes are just … wow! We can’t wait to show it to you.

New
Better internal intel curation tools that automatically trim out the obvious stuff to keep the response time better for everyone.

Bugfix
Bits and bobs here and there, mostly on things no one sees directly.

Note
Library updates - we routinely update all of the external code that we use to make sure that everything is staying modern and secure. Recently, some of the core libraries used to make Perch awesome have had major version releases and we’re making sure Perch gets updated with all the performance and security benefits as well.

Note
UI cleanup effort - we’re big proponents of agility here and we frequently favor getting a working feature out over making the experience perfect. We’re taking some time to clean up some of those rough edges and starting a larger scale effort to make the functionality and tools that are core to Perch even better.

Note
Intel Data Refactoring - We’ve learned a lot of things about how the data we have is used and we’re working through some data restructuring to be able to give our users better and faster access to the information they need to make the best decisions.

January 26, 2018
New
Scope (w/ IP) added to the suppression list on the indicator detail page

New
Link added from user indicators to group indicators (if you’re the admin or owner of a group) and vice versa

Bugfix
Suppression groups on the indicator detail page are now listed alphabetically, instead of randomly. (Apologies to any SOC who will miss playing ‘Find the Group Name.’)

January 12, 2018
New
App-based Two-Factor Authentication: We’ve added mobile app-based (TOTP) TFA to Perch. Additionally, we’ve improved the experience for changing your credentials and moved it all to a new Account Security page. App-based TFA is really, really easy to set up and adds an additional, strong layer of security to your account.

New
We want to keep the suppression lists focused on the suppressions specific to your group, so we’ve removed global and community suppressions from the dashboard Recent Suppressions panel and have made their display optional (and off by default) on the Alert Suppression management page.

New
Added ‘workstation’ HTTP/TLS traffic tracking to sensor health. We periodically check recent traffic for domains commonly frequented by workstation users (things like Facebook, LinkedIn, news sites, etc). If we’re not seeing this kind of traffic regularly, it’s an additional sign that your sensor may not be configured to capture all of your traffic or there may be other networking issues preventing you from getting full value from your Perch sensor.

Bugfix
Fixed a missing ’s’ in the firewall dynamic list notes on the Firewall management page

Bugfix
Community dashboard main ‘suppression’ graph data is more accurate. We’ve reworked how that data is shaped and fixed this graph to show the actual, discrete counts.

Note
COMING SOON – MOGA: our internal code name for Search 2.0, this takes any search term and sifts through everything Perch knows for matches. We’ll find indicators, observable, sensor traffic, etc. Each type of data has its own set of metrics and graphs, showing important metrics as they relate to your search term.

Note
IN PROGRESS: additional intel platform integrations.

December 29, 2017
New
User-created indicator summary emails - you put a lot of work into getting your intel into Perch and we want you to see it getting used! These emails, sent once a week, show any activity that your intel has had.

New
We’ve released our first open-source code: a command-line interface tool that allows you to bulk-upload indicators from a CSV file. Now you can create intel from home, just like the pros. View it here

Bugfix
File observables should show all hashes instead of just the MD5 hash

Bugfix
Indicator detail ‘details’ should load more quickly
Bugfix
New comments no longer always show the ‘There was an error posting your comment’ notification
  • Comments were posted, but the client was encountering an error merging the new comment into the list for display. No comments were lost.

Bugfix
Minor fixes and tweaks to the public API

Note
Coming soon: improvements to account security
  • Change password and two-factor authentication moving to a dedicated page for easier access
  • Require current password when making any account security changes
  • Support for app-based (e.g. Authy, Google Authenticator) two-factor authentication
  • Increased complexity requirements for new passwords, in addition to our current requirements, passwords will be checked against common password lists, sequences of sequential or repeated characters, and common words.
December 1, 2017
New
Group owners & admins: if you leave a community, all open alerts for that community will now be removed. A warning message to this effect has been added to the ‘Leave Community’ confirmation check.

New
Added scope and reason detail to suppressions display

Bugfix
Dashboard alert panel was trying to load 100 alerts, but only needs to show three - it should load much faster now.

Bugfix
Indicator history tabs - cleaned up display a bit and added missing loading spinners

Note
We’re close to releasing the changes to the public API for Perch alerts and bulk intel creation. We want it to be well documented and usable on release, we’re hoping you’ll think it was worth the wait!

Note
Our work on an internal CSV intel format and loading tool is finished and we’re working with a couple of customers to iterate on it before we release to everyone.

November 20, 2017
New
Alert History - alerts come in, get triaged, and closed - then you never see them again… until now! We’ve added a new tab on the Alert Review page where you can review all of your closed alerts. You’ll see additional information about the suppression that closed the alert and can jump to the indicator detail page.

New
Public API improvements: create bulk intel, list alerts, documentation, Python client library. We want people using and sharing our data, we’re listening closely to our users’ requests and are working on providing a simple, clear way to interact with Perch via API.

New
Minor improvement to Search so that it includes indicators that contain observables that contain the search term, instead of just searching the body of the indicator.

Bugfix
Application tour should now skip admin-only steps for non-admin users.

Bugfix
Clicking the comment delete button should now actually delete the comment.
Bugfix
Indicator history event ordering makes more sense now - we have to load the indicator before we can detect on it.
Bugfix
Alerts by Host - columns scroll independently so that picking an host far down the list doesn’t require you to scroll all the way back to the top to see the alerts for that host.

Note
We’re working on a CSV format and Python tool to bulk load intel into Perch

November 10, 2017
New
Login History now shows country flag with tooltip next to the IP address - Hey, wait a minute, when did Sally move to China?!?
New
Added company name to sensor health page - it’s not always easy to remember that ‘angry_carrot’ belongs to Acme Bank & Trust.
New
(Very Soon) Indicator detail history - shows a timeline of an indicator’s history, when the intel was produced, when it was first sighted in Perch, and when your group has alerted on and suppressed the indicator. Like a social media timeline, but with less propaganda and more threat intel.

Bugfix
Suppressions that would close multiple alerts now remove all of the affected alerts from the UI, instead of just the alert that the suppression was created from (affects Community/Global suppressions)

Bugfix
Improved but not completely fixed indicator detail page ‘produced’ and ‘first/last sightings’ timestamps not having values.
Bugfix
‘Content’ type observables now display a CSV list of content values instead of an empty value
Bugfix
Community Dashboard latest indicators was not showing the last page of the available indicators
Bugfix
Status update emails now show the name of the user that made the status change instead of always showing it was from Perch SOC.
Note
Indicator detail tabs re-ordered - supplies were running low
Note
We’re making adjustments to remove many of the scrolling panels on some of the pages. This should result in a more natural scrolling experience and improved scrolling navigation throughout the app.
October 20, 2017
New
Group users can change status on events, just like SOC - you can now change the status on an event by using a selector where the status appears
  • Remember: when you’re on the alert review page, alerts are grouped per-tab by status. Changing the status on an alert there will automatically move it to the appropriate tab; it’s not gone, just moved to a different tab.

New
Email notifications when someone first sights indicators you create!
  • Only sent the first time the intel is sighted.
  • If you’d prefer not to receive these notifications, you can turn them off in your user profile settings.
  • Periodic email reports about intel you’ve created is coming soon.

New
Indicator detail design pass
  • New graphs
  • Faster loading
  • More coming soon!

Bugfix
Removed SOC logins from team login history - they log in a LOT and it clutters up the view for actual group members

Bugfix
Assorted minor tweaks and fixes

Note
Community Dashboard recent indicators load much faster
Note
Improvements to rule creation monitoring and diagnostics
October 6, 2017
New
Palo Alto Firewall AddOn - Found a bad actor with Perch? Want to also block it on your firewall? Just check a box while you’re remediating and Perch will send it to the firewall for you.
  • Manage (including manually adding) firewall blocking through Perch admin panels

New
Perch.help - Having trouble getting around Perch town? We’ve launched a new site to bring together all the best tips and tricks for getting the most out of Perch. Have a topic not covered on the site that you’d love to know more about? Let us know.

New
(Very soon) User login history - Group admins have a menu item to see the login history for the team’s members; users have a new tab on their profile page to see their own login history.

Bugfix
Subnet tags are now displayed on public IPs
Bugfix
Community Dashboard - community files panel now updates correctly when you switch communities; this was purely a visual bug, no files were shared between communities.
Bugfix
Community Dashboard - top analysts panel no longer shows analysts with zero points; if there are no analysts with points, you’ll see a friendly, informative message.
Bugfix
General visual cleanup: aligned some buttons here, tweaked a message there.
Note
Snooze suppressions have been removed. We want to keep Perch simple and easy to use; Snooze suppressions weren’t pulling their weight in the relationship and we decided they needed to go. It’s not you Snooze suppressions, it’s us. We’re sure you’ll find somebody nice.

Note
Port numbers removed from alert Perchybana links: we found that just using the targets and time window gave the best visibility into the traffic relevant to investigating the alert.

Note
Infrastructure upgraded to Python 3.6; other third-party libraries updated to latest and greatest. Keeping Perchy healthy and well preened lets him focus on watching your networks with confidence.
September 29, 2017
New
Added intel produced or loaded time (depending on which is available) to the alert display
New
SOC/MSSP CRM: keep track of group contact info inside Perch, available to staff/MSSPs on the suppression modals, so that it’s handy if you need to escalate to the customer
New
(Very Soon) Palo Alto firewall integration - click a button in Perch to have an IP, url, or domain automatically sent to your firewall.
New
Better default sorting on admin pages - you mean sorting by database ID isn’t useful to users?!?
Bugfix
Added missing port columns to Perchybana links
Bugfix
Fixed dashboard most recent suppressions not always updating when they should
Bugfix
Fixed page styling to get rid of extra, but pointless scrollbars
Bugfix
Group settings should all be editable now
Bugfix
Sensor health detection count graph Y-Axis labels now show ‘file size’ (x.xGB) numbers, instead of raw byte counts
Bugfix
Indicators now show more observables, up to 1000 (up from 200).
Bugfix
API users no longer appear in the group’s user management list (you can still find your API user info on the group settings pages)
Bugfix
Fixed the group setup page in the signup flow showing the “This field is required” error as soon as the page shows, instead of only when the data needed to be validated
Bugfix
Fixed large, fixed size alert panel on the indicator detail page
Bugfix
Added a check and a useful error message when the user’s browser doesn’t support WebGL

Note
Performance pass, improved caching of frequently used data

Note
Sensor health diagnostic commands and raw health removed for non-staff. No one enjoys seeing how the sausage is made!

Note
Improved tracking and logging for failed logins; tweaks to how failed logins are communicated to staff

Note
Alert row visual tweaking: less vertical space between data, more vertical space between rows.

Note
Improved automatic staff notification when new users and groups join

August 28, 2017
New
Perchybana really loves all the recent attention. To help you really appreciate her beauty, we’ve added a convenient button on each alert that will take you directly to Perchybana with the data filtered just to that alert’s details. Triage alerts just like the pros.

New
Paginate all the things! We’ve revamped how we handle larger data sets in Perch and how that data is fetched from our servers:
  • Pagination added to: the Community Dashboard recent indicators so you can check out all that juicy community intel (last 10,000 indicators only, for now), not just the most recent 5.
  • Another pass at Alert Review: suppressing an alert no longer completely refreshes the alert list; if the suppression partially suppresses an event, such as with an IP-based suppression, the event will be updated with the unsuppressed information.
  • Suppression Review pagination: suppressions still don’t load as fast as we’d like, but now the review page only shows 25 at a time, so the delay is more manageable. We’re still going to take another pass at making suppressions load faster in the near future.

New
Public-to-public alert monitoring:
  • You can now tell Perch that you’d like to see alerts from specific public subnets. If an alert contains a public IP that is in a monitored subnet, it will now show up in Perch. (Previously, Perch would intentionally ignore all public-public alerts.

New
Sensor intel optimizations
  • We’re able to use the data we’ve collected to optimize which intel we send down to your sensors. This results in fewer false positives from the sensor (and less bandwidth used) and opens up opportunities to ensure that the most relevant intel is prioritized more often.

Bugfix
Fixed several edge-case issues with Perchybana link:
  • Mixed start/end dates
  • Port-less (e.g. ICMP) alerts
  • Missing fields for certain common ports.

Bugfix
Our No Suppression Left Behind campaign continues! The previous fix for the ‘global/community’ suppressions showing as ‘Unknown [null]’ was FAKE NEWS! SHAMEFUL! So we fixed it again, for reals this time.

Note
Code base maintenance. Perchy can be a messy bird at times and he works best in a clean cage.

Note
(Coming Soon) Perch Help website
  • Since the initial launch of Perch, we’ve learned a ton about what it takes for our users to get the most value from Perch and we want to share that with any many of our customers as we can. We’re collecting that information, FAQs, and other tidbits of info into a new, mobile-friendly help website.
August 11, 2017
New
Perchybana per-user saved searches - Decorating her nest with all manner of brightly colored bits of user configuration, now each of our users can have their very own Perchybana configuration - including their own saved searches.

New
Group selection on suppression review
  • Suppressions load slowly, we know; this is the first step in fixing that
  • More coming soon.

New
In this month’s edition of Sensor Health magazine:
  • New health details
  • Graph scales that make sense
  • CPU info display
  • And the displayed detection drop percentage precision increased by 100% (Re: now we show two decimal places instead of one.)

New
New end of signup flair - not so exciting for existing customers, but now every new sign up gets a free puppy! Ok, no free puppy, but there are some digital fireworks. And a sad Perchy if things go wrong.

New
Enhanced sensor health evaluation
  • No one is happy when sensors aren’t able to do their thing. We’re making our sensor reporting more robust and being more aggressive about what conditions we monitor. Our periodic sensor health reports contain more details and warn about more conditions.

New
Indicators you’ve created now link to the object detail page so that you can see all of the details about your creation. You’re proud of what you’ve created, you want to see it out there among all the other wild indicators doing its thing. We want those special moments with your indicator to be easier, so now you can jump right to the details page for indicators you’ve created, by clicking on their title from the Sharing ➔ Your Indicators page.

Bugfix
Improved load performance of object detail page, separated sections to load independently - same bat time, same bat channel, same bat data; just served up differently so that the page loads a little better/faster.

Bugfix
Community tags for the communities you’ve shared an indicator with can be clicked to take you to that community’s dash. Community tags should all work the same, but we keep finding the old ones hiding in corners. If you find one that you click on, but it doesn’t take you to the communtiy dashboard, report it!

Bugfix
Global/Community suppressions no longer appear under the ‘Unknown [null]’ group - As part of our No Suppression Left Behind campaign, we’ve ensured that every suppression gets a proper section title, regardless of socioeconomic background, race, creed, or actual group membership. #EqualityForAllSuppressions

Note
Improved internal tools to ensure our customers are having a positive Perchy experience. We’re looking for patterns that warn us that someone’s having a not-so-great experience with Perch, so that we can proactively reach out, figure out what’s not right, and get it fixed ASAP.

July 28, 2017
New
Dashboard: Now you can see both the active alerts and the things that have been suppressed since you were gone.
New
Support for international postal codes in sensor setup - Perch learns to be a more equal opportunity guardian of the galaxy; no matter where your sensor is (as long as it’s not the middle of the desert), Perch can put you on the cyber-security map.

New
Perchybana is live! Impress friends and neighbors with your network traffic insights. Be the life of any party by tracing netflow and diagnosing malware infections.

New
Alert review pagination, improved alert performance throughout Perch - people like books, books have pages, therefore people like pages. Now Perch has pages on its alert panels, therefore people will like Perch’s alert panels.

Bugfix
Sensor config - edge cases: more resiliency and error correction in uncommon install use cases, more ‘self-healing’ functionality to adjust for common problems.

Bugfix
Alert ‘all targets’ now pulls from the right data source - it used to come from column A, now it comes from column B. Same data, but easier/faster to query.

Bugfix
Show error message if user tries to create a subnet with a name that is too long - focus groups seem to indicate that users do not enjoy functionality that silently fails, so we’ve added a meaningful error message. Who would have known?

Bugfix
Backtest now returns group matches.

Note
We love feedback from our users! If you see something that’s not right, or have an idea to make Perch even more awesomer, report it to info@perchsecurity.com
July 14, 2017
New
New button next to alert IP addresses to copy to clipboard (without port number)
New
Improved sensor health network host count
  • Shows last 48 hours only (instead of all time)
  • Updates in real-time (instead of once daily)
New
Cisco Talos community created – get an oink code here: https://www.snort.org/ (third party, not affiliated with Perch)
New
Suppress by IP: you can now apply a suppression to a single host. Global, community, team, host; so many yummy suppression flavors to choose from.
New
Replaced Community Dashboard - Trending Indicators data with a top 5 list of indicators in a community with the highest unsuppressed alert counts, over the last 30 days.
New
General stability improvements to our sensors and improvements to health reporting; keeping Perchy’s eyes and ears clean and in top shape so we can See Farther.
New
Community feed list ‘Select All’: we think that having to click 100+ checkboxes is lame, too.
Bugfix
Due to the sheer number of individual sightings associated with some alerts, our ‘alert by host’ functionality on the alert review page had to be disabled temporarily so that we could re-architect some of the data that it used.
Bugfix
Fixed: signup process would allow a new user to skip creating a group, which causes all kinds of paperwork issues for sweet, old Fran in the back office. Per Fran’s rules, all new users must now either create a new group or join an existing one before they’re allowed inside Perchy’s exquisite garden.
Bugfix
Secret communities were re-classified SO secret than even Perchy had no idea which was which and started assigning groups to the wrong secret communities. We’ve given Our Great Leader access to the secret community codes and peace is restored to the galaxy, for now.
Bugfix
Fixed: Existing users that received an email invite to another group should now be able to use the invite link to join the group.
Bugfix
Fixed: Buttons that would allow multiple submissions of an action if the button was clicked rapidly (e.g. double-click). Dr. Perchy, PhB(ird), recommends that users limit coffee intake.
Bugfix
Fixes and tweaks to our sensor network and monitoring configurations
Note
Perchy-bana POC is complete, was successful, and we’re building out the QA infrastructure for its initial internal release and testing.
Note
Perch core relational database infrastructure went through another major upgrade with the addition of a read-replica, multi-db configuration, multi-port fuel injector, and twin-turbo blower. VTEC just kicked in, yo!
Note
Hired custodial cron jobs to vacuum and clean up the database nightly. Tried to get the office custodial staff to do it, but they mumbled something about union regulations and overtime.
Note
Nuked certain parts of our BigData infrastructure from orbit and replaced it with something better. Things work like they did before, but they cost less, run smoother, and allow us to scale better in the future.
June 30, 2017
New
Sensor health enhancements and improved monitoring so Perchy’s caretakers can respond quicker to sensors that are having issues.
  • Detection graph to see traffic level trends
  • Warning/down state for unchanging detection counts
  • Private IPs counts: how many unique IPs in each of the private IP blocks has a sensor seen (You have 1000 hosts on your network, but Perch is only seeing 10 of them)

New
Perchy gets better at communicating with users: action notification review and cleanup
  • More notifications, for both success and errors
  • Standard success/error look

New
New suppression scopes:
  • Global: SOC can suppress for all users at once
  • Community: SOC and community admins can suppress an indicator for an entire community
  • (coming soon, work complete, in-review and testing) by-IP: suppress for a single IP

Bugfix
Corrected the Community Dashboard Daily Events indicator counts so that they’re:
  • Storing the indicator counts
  • Computing the count correctly

Bugfix
Sorting by CIDR/subnet now sorts more naturally

Bugfix
Improved handling for observables that are missing intel data
Bugfix
Long comments have had a good talking to and have agreed to stay inside their comment panel better
Bugfix
Several minor bugs and tweaks corrected caused by database migrations & updates
Note
The ’all-natural’ performance enhancing supplements we’ve been feeding Perchy are paying off, his brain is bigger and better than ever!
  • Lots of expensive tech words = faster databases = more responsive Perch = happier users
  • Infrastructure work to ensure that as Perchy’s flock grows (and it is growing!), he can still respond to all of the data as fast as possible!
  • Migration to ElasticSearch 5

Note
Relational DB hardware upgrade and addition of read replica

Note
We’re making strong progress toward Perchy-bana, internal POC and development is promising
June 2, 2017
New
Public Backtest API
  • Manage API token and credentials in Perch
  • Get token, backtest observables, profit!

New
(Soon) Additional suppression scopes:
  • Global: the Perch SOC will be able to suppress false positives for every group in a single action; we’ll be able to clean up the noisy, false positive intel more quickly so that the gems with real value can shine through.
  • Community: community leaders will be able to groom their own intel from within Perch; a community that preens together, stays together, right?
  • Individual Host: have a single host that you know triggers a FP, but you don’t want to completely ignore the indicator for other hosts? Now you can suppress an event for just one of them.

New
Sensor Health Summary:
  • Consolidated view of all of your group’s sensors and their health
  • Warnings for low resources and abnormal conditions:
    • Old rules and low rule counts
    • Sensor not uploading data
    • In the Admin menu: Sensor Summary

New
Emerging Threats (and Pro) selectable feeds

New
Unmonitored network filtering at the sensor
  • Perch takes the list of unmonitored network subnets for your group and sends it to the sensor so that it knows to ignore those networks in its detections.
  • Results in less work for the sensor, allowing us to do more with the hardware; less data sent to Perch, less outgoing network traffic for you, and less to process and store for us! It’s a genuine win-win paradigm-shifting value add, look at all this synergy! Give Canute and Chris a raise, this is amazing!

New
Alert filtering now considers subnet names

New
(Soon) Restart tours: watch them again and again with your friends and family!
New
Touch ups and polish here and there; retry button added to the end of the signup process when there is an error registering.
Bugfix
User group page no longer shows all of the groups from all of your communities, but only those you are actually a member of.
Note
Perch reaches it’s 1000th build and Perchy has his first birthday!
January 1, 0001

How to create a release note

Release Note Naming Convention

First you need to create a new file with a the date for your release note in Year-Month-Day format and a .md file extension: 2017-01-31.md this will be the single release notes url. For example if you make a new release note with the following name: 2017-01-23.md the direct link to the release note you could share would be: http://perchsecurity.com/release-notes/2017-01-23

Release Notes Template

When making a new release note you will need to copy this template:

+++
date = "2017-06-22"
title = "Release Notes For 2017-06-22"
blog = ["release notes"]
noteTemplate='


title of your note
Additional note content if necessary
' +++

The release notes template contains a few parameters that need to be filled out:
- date = The date for the template, this should usually match the file name. This date is used in order to sort the release notes on the Release Notes page: http://perchsecurity.com/release-notes
- title = This is what will display in the Single Release Note view as the H1 title
- blog = DO NOT CHANGE THIS FOR RELEASE NOTES

There is also a note template shortcode which requires a 2 parameters these are:
- type: specifies the type of note which can be a feature, bug or a note
- title = which can be a single or multi-line paragraph

You can also insert additional markdown content if necessary to your note this goes in between the opening and closing note tags:

title of your note
Additional note content if necessary

Anything you type after the templates 3 plus signs (+++) is considered your content area, the content area supports Markdown and HTML syntax.

Making a Bug Fix entry

In order to make an entry for a Bug Fix you would copy the noteTemplate and paste it in the content area and replace the type and title fields your text and if necessary any additional markdown inside the opening/closing note tags.




Bugfix
Bug Title

Bug content supports markdown items like:
- unordered/ordered lists
- nested lists
1 nested ordered/unordered lists
2 ordered item 2
- bold text
- italic text
- bold italic text

In most cases you will just use a note with a title, in these cases there would be no content in between the opening/closing note tags:




Bugfix
Bug titles can be short and sweet or pretty long and extensive

Making a New Feature entry

In order to make an entry for a New Feature you would copy the noteTemplate and paste it in the content area and replace the type and title fields your text and if necessary any additional markdown inside the opening/closing note tags.




New
Feature Title

Feature content supports markdown items like:
1 unordered/ordered lists
2 nested lists
- nested ordered/unordered lists
- ordered item 2
3 bold text
4 italic text
5 bold italic text

In most cases you will just use a note with a title, in these cases there would be no content in between the opening/closing note tags:




New
Feature titles can be short and sweet or pretty long and extensive

Making a Notes entry

In order to make an entry for a Note you would copy the noteTemplate and paste it in the content area and replace the type and title fields your text and if necessary any additional markdown inside the opening/closing note tags.




New
Feature Title

Note content supports markdown items like:
1 unordered/ordered lists
2 nested lists
- nested ordered/unordered lists
- ordered item 2
3 bold text
4 italic text
5 bold italic text

In most cases you will just use a note with a title, in these cases there would be no content in between the opening/closing note tags:

```

Note
Note titles can be short and sweet or pretty long and extensive

Markdown Cheatsheet Reference

https://github.com/adam-p/markdown-here/wiki/Markdown-Here-Cheatsheet