Release Notes: WitFoo Precinct 5th Generation (Rick Deckard)

Build published to WitFoo Library due for automatic installation at 11/30/2018 2000 (CST)

New training for WitFoo Certified User and WitFoo Certified Engineer is live at https://community.witfoo.com.

Faceted Search for Enhanced Artifacts
Graph visualization of artifacts on search
Pie/donut chart visualizations on search results
Search by IP, free-form query or SQL where
Lab definitions now editable by end user
Lab definitions are packaged as meta in Library
Lab definitions can be submitted to WitFoo Community
Lead rules now editable by end user
Lead rules are packaged as meta in Library
Lead rules can be submitted to WitFoo Community
Counters & baselines added to all hosts, files, users, and graph edges for use in lead rules
Initial NBAD and UEBA rules added to default definitions
Asset tracking lead rules and entity enrichment added to maintain asset tracking
Readiness and Vulnerability report added to include CIS CSC
Installation option on Redhat (via install script)
Modus Operandi (MO) definitions maintained in Library

Consolidate search results into (enhanced) Artifacts objects
Depreciate batch processing engine (Noah) in place of real-time physics-based streaming engine (Hermes)
Allow TAXII hits to be retrospective against entire data stack
Allow Lead rules to be retrospective against entire data stack
Filter reporting based on Modus Operandi (MO)
Improved NetFlow processing accuracy and throughput
Accuracy of count of endpoints for purposes of licensing improved by using new asset tracking and enrichment

Email notifications for WitFoo Release Notes can be subscribed to here: http://eepurl.com/dBO0EH