Release Notes For April 20, 2018

New
Alerts review first pass: We’re days away from releasing the first part of our alert review project. Most alert panels are being streamlined and we’re introducing the alert details page. This page is similar to the indicator details page, but shows enhanced details about the selected alert instead. The information we’re removing from the alert rows will show up on the new details page, along with additional information about the alert, and details about the intel that triggered the alert.
  • More coming soon:
    • Related alerts - a full breakdown of all of the individual target pairs involved in an aggregate alert.
    • Alert comments - put comments directly on a specific alert instance, instead of on the intel the alert triggered on
    • Additional enrichment - we want to show you more information about the details involved in the alerts
    • After coming soon, next phase:
    • Alert Review page enhancements:
    • multi-select: change status, suppress
    • performance! much, much faster
    • better search, sorting, filtering
Bugfix
Re-opening the ‘Invite user to group’ modal now clears the invite email field.
Bugfix
Dashboard sensor health widgets now use the same rules for status as the other sensor health displays and pages.
Bugfix
We had a performance issue with the generation of the Perchybana links from suppressions, so we had to disable them. We’ve fixed that issue and the links have returned.
Bugfix
On the indicator details page, in the observable panel on the left, observables that are currently triggering alerts will once more be highlighted (and there was much rejoicing, huzzah!)
Note
(In Development) Perchy’s hard at work improving his brain - we’re adding support for TheHive’s powerful Cortex analyzers as part of our alert detail enrichment efforts. There are all kinds of valuable ways to analyze the alerts that we’re detecting, and we want to bring them all together in one easy to use interface. We’re experimenting with adding Cortex analyzer details to the information that you see in the Perch interface. Open up an interesting alert’s details, flip to the Analyze tab, and we’ll have the info you’d normally have to go digging for right there in front of you. Kick back, drink coffee, enjoy the sweet, sweet automation.
Note
Perchy is recently back from down under where he’s been setting up our first non-US regional data center. We’re working through the final stages of configuring our systems to handle the data sovereignty needs of our worldwide customers. Soon you can get flocked up, no matter where in the world you are!
Note
Data migration work - its not sexy, the guys who do it don’t have any cool new widgets to demo, but its gotta get done. We’re continuing our work on internal projects to keep the Perch architecture and data flow well tuned so that the app and Perchybana stay responsive and don’t feel like a chore to use. We’re watching the charts, we see what parts of the app are sluggish, and we’re working on them!