Playbooks edition and runs details panel🚦

After the evolution of the playbooks listing, a new panel has been deployed to improve the user experience.

This one allows to (de)activate a playbook or to start editing it.
Also, it is now easier to have an overview of the runs. Each run is classified by status and a filter is available to focus on a particular status (in progress, succeeded, error).

Capture d’écran 2022-02-23 173532.png

What do you think about this update?
Specify the format of a feed ✨

To improve the integration with external products you can now specify the format you want for your feeds !

feed_format.png

The available formats are:

  • JSON: The default
  • CSV: The user can choose the fields he wants when consumming the feed
  • Text: A raw text with, on each line, either the name of the object or the observable from the pattern
  • Custom: Specify the format you want using a template

Feel free to try it in a new feed!

What do you think about this update?
Filter your feeds with Observable Types (ipv4, domain, url, mutex…) ✂️

Sometimes we are only interrested by a specific kind of indicators in a feed. For example a firewall will not care about file hashes or mutexes.

For this reason we just added a new filter in the feed definition: the observable types!

It is now possible to choose what kind of indicators we want to see in our feed. When a feed includes indicators we can choose the type of the observable they must have in their pattern.

Choosing this option will not prevent seeing other types of object in the feed (campaign, malware, ...).

To get a feed with only ipv4 addresses and nothing else we must choose only the indicator object type and the ipv4-addr observable type.

What do you think about this update?