Skip to content

24/09/2018

This release focuses on the SIC application with a shiny new statistics API and a set of resiliency improvements.

Features

We followed the quote “Everything is Data and Everyone needs it Analyzed” while implementing out new statistical API for the SIC Application. This brandly new architecture leverages a time series database to expose various counters, risk indicators and datasets on both alerts and events production.

This release brings various improvements on our OpenC2 language support in SIC. Among them, we improved the countermeasure descriptions through the use of fine grained-based action-steps.

Fixes

SIC customers interconnect their exporters to our detection engines by means of VPN connections. In order to reduce the impact of the various connection failures we encountered the last few days, we improved the overall resiliency of our VPN interconnections by means of a fast and automatic failover mechanism.

We want to bring features and fixes to our customers as fast as possible while ensuring the quality of our products. One of our bottleneck in our release process was data migration on large sets of data. This release comes with our first data migration process which could be run as background tasks.

Resiliencies

Our APIs are the foundations of our collaborative applications. This release puts under constant monitoring all our HTTP endpoints to track number of requests and their execution times.

A Service Level Objective (SLO) is the key element of a Service Level Agreement (SLA) as it defines the measurement process. This release introduces and actively monitors the first SLO of SEKOIA.IO: our HTTP APIs success rate.

Belt and suspenders! Our new shiny alert management system, based on Prometheus, provides a faster outage notifications mechanism.

Forecasts

In SIC, we identified the need for a faster way to evaluate the operational impact of a detection rule. We designed a new page to expose statistics and aggregated information on all the alerts and incidents that are related to a selected rule.

A key feature of SIC is its capacity of identifying the source and the target of a threat. To go even further, we offer a new page that consolidates all the information our detection engines collect on one source/target. For instance, this page will provide details on all the alerts, incidents and rules that are related to an IP address.

SEKOIA.IO is built to support inter-application collaborations. As part of this, we designed an “action card” to ease user interactions between applications. More information in the next releases, stay tuned!

If you have any concerns, feel free to contact us at support@sekoia.io.