26 June 2024 version 2024.6.0
Improved functionality
Sensors
The Sensor ID column now displays all the tags within the column. You can also click the sensor ID to open the Sensor Details page. When you hover over the Sensor ID, a dialog displays all the annotations for the sensor. With the exception of the Sensors page, this change applies to all tables that have the Sensor ID column including Search, Search Timeline results page and the Events table.
In the Sensors page, when you hover over the Sensor ID in the list, a dialog will display the sensor information.
Create new detections
The facet filters are now included in the query field when you create a new detection from the results in the Search Timeline page. To try this out, open the Search Timeline page and locate an entry with results. Click the actions menu and select Create Detection. The facet filters are displayed in the query field.
API tokens
The term Permanent Tokens has been replaced with API Tokens. An API Tokens column was also added to the Users tab in the Account Management page.
You can also use API tokens to filter the page.
Default dashboard
MITRE ATT&CK widget
A date-range picker was added to the MITRE ATT&CK widget in the default dashboard.
Observations widget
You can now filter the graph in the widget by clicking an observation title in the graph's legend.
Other improvements
Detections Rules tab
The Detections Rules page no longer displays rules that have never been triggered when you filter the page by All. Pagination has also been removed from the page to make it easier to scroll through the results. This change also applies to the detail wheel.
Packet Capture
We have removed the option to select the number of rows to view on the page. The page now shows all the tasks on a scrollable page.