Skip to content

14/02/2020

This release page is now part of our newly designed website SEKOIA.IO on which you can find all the information about our products (presentation, use cases, pricing...) as well as a documentation and our contact if needed.

Detection Rules

There are some major changes that happened to the rules' page. First, we've added five new columns (entities, assets, total of produced alerts, rejected alerts and filtered alerts in the last 7 days) to add more context and comprehension to each rule. We've also put a toggle button on each row to quickly enable or disable a rule if needed. CTI and Correlation icons act now as the rule type's indicator, and if there is a compilation error, it can be clearly visible in the Status column (it's all red, you can't miss it).

Rules table

By clicking on a rule, we are redirected to a rule's main page which also got a radical makeover. A secondary menu is now visible on the left with all the rules listed as well as their current status to ease the navigation and prevent the user from having to go back to the rules table. A new banner is displayed at the top with the rule's main information like the name, type, and last update as well as an action button sticked on the right. Six collapsable sections are hanging under it to accommodate our users' needs to configure their rules as they please. We've included a new feature in the rule creation: alert filters, which enables our users to filter alerts given custom criteria by specifying an exclusion pattern. And last but not least, it is now possible to create a rule without a template, to save a rule configuration as a template and to use a pre-existing template to fill out information about a rule!

Rule details

Events page

Before, we used to list only the last 50 events gathered by our intakes. Now, you can scroll indefinitely in your last events list, but also look for something specific in your events by using the dork language.

Events page

Intakes

Speaking of which, you can now see all of your intakes listed in a separate page with all the information you need to make sense of them. In addition to the intake format and intake key, you can now see the events and errors produced by the intake. If you haven't already, take a look at our on-going list of integrations and let us know if you don't find the format you're looking for. We can make them available for you. :-)

Intakes list

User Center

To enhance our users' experience on the platform, we created the "User Center". From there, it is possible to manage your profile as well as your numerous communities, members, roles, API keys, and delegations. You can access it through the contextual menu on the upper right of your screen.