This page contains information about new content released in the last month, and improvements and bug fixes to existing content.
This information, and information about all existing content, can also be found in the Knowledge Center in the Hunters portal.
Where it can be found
Okta MFA Reset Activity
Shows MFA factor reset and set up activity for the user in the last day, who made it, and from where
Okta related leads
ADFS (Active Directory Federation Server) asset tags
Improvements and Bugfixes
Improvements to “Active Directory Enumeration Detected” detector:
The network connections involved are now shown under the “Lead Activity” enrichment.
Removed false positives.
Improvements to population rate of “Host Owner” and “Local User” Employee Entities.
Improvements to population rate of “AWS Identity” Entities.
Extract additional attributes for leads from the detector - “New OAuth Application Consent”, specifically - the ID of the application relevant to the lead.
Improved success rate of the Drilldown “AWS Console Logins”.
Decreased FP rate of the detector “Azure AD Sign-in Marked as Risky by Microsoft”, by filtering out cases where Azure marked the Sign-ins as safe.
Present additional geographical information regarding IP addresses in Entities that contain an IP.
Improved “Windows Situational Awareness Process Execution” detector - reduced significantly the amount of FPs generated by this detector by filtering out several benign initiating process command lines
Replace “Suspicious Scheduled Task Registered” with “New Suspicious Scheduled Task Registered” detector - detecting only suspicious scheduled tasks when they appear for the first time.
Improvements to detectors running over the network traffic unified schema
Added new columns called
intermediate_destination_portthat contain NAT IP addresses, in data sources that contain this information
Additional performance improvements