2022 - May
This page contains information about new content released in the last month, and improvements and bug fixes to existing content.
This information, and information about all existing content, can also be found in the Knowledge Center in the Hunters portal.
New Content
Category | Name | Description | Prerequisites | Where it can be found |
---|---|---|---|---|
Enrichment | Okta MFA Reset Activity | Shows MFA factor reset and set up activity for the user in the last day, who made it, and from where | Okta logs | Okta related leads |
Asset Tagging | ADFS (Active Directory Federation Server) asset tags |
| EDR logs |
Improvements and Bugfixes
Improvements to “Active Directory Enumeration Detected” detector:
The network connections involved are now shown under the “Lead Activity” enrichment.
Removed false positives.
Improvements to population rate of “Host Owner” and “Local User” Employee Entities.
Improvements to population rate of “AWS Identity” Entities.
Extract additional attributes for leads from the detector - “New OAuth Application Consent”, specifically - the ID of the application relevant to the lead.
Improved success rate of the Drilldown “AWS Console Logins”.
Decreased FP rate of the detector “Azure AD Sign-in Marked as Risky by Microsoft”, by filtering out cases where Azure marked the Sign-ins as safe.
Present additional geographical information regarding IP addresses in Entities that contain an IP.
Improved “Windows Situational Awareness Process Execution” detector - reduced significantly the amount of FPs generated by this detector by filtering out several benign initiating process command lines
Replace “Suspicious Scheduled Task Registered” with “New Suspicious Scheduled Task Registered” detector - detecting only suspicious scheduled tasks when they appear for the first time.
Improvements to detectors running over the network traffic unified schema
Added new columns called
intermediate_source_ip
,intermediate_destination_ip
,intermediate_source_port
andintermediate_destination_port
that contain NAT IP addresses, in data sources that contain this informationAdded
application
anddevice_name
columnsAdditional performance improvements