Subscribe
Added
📈 Effortless widget edition This improvement concerns dashboards as we wanted to make the edition of widgets easier for you. Here is what you need to know:
- No more edition mode: Editing widgets just got easier! You no longer need to enter Edition mode to make changes. Now, you can easily edit any widget by clicking the three dots on the widget and selecting "Edit widget".
Depending on the type of widgets you want to edit, here is what to expect:
- For Query visualizations: By clicking on Edit widget, you will be redirected to the query settings page. Save your changes and they will be available on your dashboard right after that.
- For Preset widgets: By clicking on Edit widget, you can adjust options like time range or visualization type right in the Editing panel.
This update simplifies your workflow, making it quicker and more intuitive to customize your dashboard.
Documentation: Dashboards.
What do you think about this update?
Added
Playbooks edition and runs details panel🚦
After the evolution of the playbooks listing, a new panel has been deployed to improve the user experience.
This one allows to (de)activate a playbook or to start editing it.
Also, it is now easier to have an overview of the runs. Each run is classified by status and a filter is available to focus on a particular status (in progress, succeeded, error).
What do you think about this update?
Added
Specify the format of a feed ✨
To improve the integration with external products you can now specify the format you want for your feeds !
The available formats are:
- JSON: The default
- CSV: The user can choose the fields he wants when consumming the feed
- Text: A raw text with, on each line, either the name of the object or the observable from the pattern
- Custom: Specify the format you want using a template
What do you think about this update?
Added
Filter your feeds with Observable Types (ipv4, domain, url, mutex…) ✂️
Sometimes we are only interrested by a specific kind of indicators in a feed. For example a firewall will not care about file hashes or mutexes.
For this reason we just added a new filter in the feed definition: the observable types!
It is now possible to choose what kind of indicators we want to see in our feed. When a feed includes indicators we can choose the type of the observable they must have in their pattern.
Choosing this option will not prevent seeing other types of object in the feed (campaign, malware, ...).
To get a feed with only ipv4 addresses and nothing else we must choose only the indicator object type and the ipv4-addr observable type.
What do you think about this update?