RELEASED BUILDS

Build IDs: 6-1-5-1, master-185

**Note: this release moves annotations and response jobs into the new Casebooks feature set. See the video in the Features section for details.

Features

• Support for multiple Frameworks in Compliance Reporting (https://vimeo.com/527789829/07392761d2)
• Option to transmit Incidents over UDP to support one-way diode operation
• Intelligent casebooks to guide investigations (https://vimeo.com/531240660/b4ddd2b544)
• Artifact Indexing histogram on Cluster status report
• Submissions of service and feature requests from inside the UI (https://vimeo.com/527793283/aadc7c5657)
• SOAR jobs support SSH shell interactions

Improvements

• Extreme artifact search improvements using new algorithm (https://vimeo.com/527776837/e84c152b1b)
• Detailed Product information attached to assets and Incidents to assist in investigations
• Expanded support for operation in delayed/disconnected, intermittently-connected, low-bandwidth (DIL) networks
• Compliance and Framework definitions defined in WitFoo Library meta definitions to all updates without new build of Precinct
• Resilient memory handling
• Disk maintenance to handle corrupted disk partitions due to power or hypervisor failure
• WitFoo Global Threat and Geographic Intelligence database fully synchronized with Precinct to reduce need for external lookups
• Improved queuing of global Indicator of compromise (IOC) submissions to improve processing speed and to support DIL networks
• FIPS-140 compliant encryption on data access
• Tightened appliance firewall configuration to restrict remote access to appliances
• New data caching framework to reduce IOPS and improve performance
• Improved memory allocation and monitoring
• Incidents can be sorted by suspicion or date
• Speed Incident retrieval through indexed calls
• Default selections made on user creation form to simplify creation
• Setting for Email Domains to make license compliance checking more accurate
• Infrastructure devices filtered out of counts for compliance reporting
• Improved AWS Cloudwatch/Cloudtrail ingestion logic

Bug Fixes

• Patch vulnerabilities in dependency packages
• SOAR Data may not load in certain conditions
• Incidents may not load when clicked
• Refreshing Cluster status data does not refresh the artifact count

NOTE: How to take control of when your deployment of Precinct upgrades.

NOTE: Clear Chrome cache using the instructions linked here.

RSS Feed for release notes is: https://community.witfoo.com/category/release-notes/feed/

Email notifications for WitFoo Release Notes can be subscribed to here: http://eepurl.com/dBO0EH