Select Page

Video Overview

RELEASED BUILDS

  • Production: Precinct-master-143

Build published to WitFoo Library due for automatic installation at 11/30/2018 2000 (CST)

Training

New training for WitFoo Certified User and WitFoo Certified Engineer is live at https://community.witfoo.com.

FEATURES

  • Faceted Search for Enhanced Artifacts
  • Graph visualization of artifacts on search
  • Pie/donut chart visualizations on search results
  • Search by IP, free-form query or SQL where
  • Lab definitions now editable by end user
  • Lab definitions are packaged as meta in Library
  • Lab definitions can be submitted to WitFoo Community
  • Lead rules now editable by end user
  • Lead rules are packaged as meta in Library
  • Lead rules can be submitted to WitFoo Community
  • Counters & baselines added to all hosts, files, users, and graph edges for use in lead rules
  • Initial NBAD and UEBA rules added to default definitions
  • Asset tracking lead rules and entity enrichment added to maintain asset tracking
  • Readiness and Vulnerability report added to include CIS CSC
  • Installation option on Redhat (via install script)
  • Modus Operandi (MO) definitions maintained in Library

INTEGRATIONS

  • Mist Wireless API Integration
  • ProofPoint Threat API Integratoin
  • ServiceNow Lab creation
  • Qualys VA API Integration
  • Apache Lead Rules
  • Radware WAF analysis labs
  • Processing IPFIX as NetFlow Source
  • Process Cisco Stealthwatch FlowSensor IPFIX

IMPROVEMENTS

  • Consolidate search results into (enhanced) Artifacts objects
  • Depreciate batch processing engine (Noah) in place of real-time physics-based streaming engine (Hermes)
  • Allow TAXII hits to be retrospective against entire data stack
  • Allow Lead rules to be retrospective against entire data stack
  • Filter reporting based on Modus Operandi (MO)
  • Improved NetFlow processing accuracy and throughput
  • Accuracy of count of endpoints for purposes of licensing improved by using new asset tracking and enrichment

BUG FIXES

  • Various CSS and JS warnings in certain browsers
  • Disruption detection fails in certain attack timing scenarios

RSS Feed for release notes is: https://community.witfoo.com/category/release-notes/feed/

Email notifications for WitFoo Release Notes can be subscribed to here: http://eepurl.com/dBO0EH