RELEASE NOTES
      Back to home
      1. KNOWLEDGE BASE
      2. RELEASE NOTES

      November 27, 2023 - Content Update

      We are thrilled to introduce a comprehensive optimization of our Out-of-the-Box (OOTB) workbooks, enhancing your experience with DNIF HYPERCLOUD. These updates focus on clarity, performance, and accessibility to ensure a more effective utilization of our platform.

      What's New

      1. Enhanced Workbook Descriptions

      • Updated descriptions in every workbook for improved clarity and understanding of our detection rules.
      • Facilitates better comprehension and utilization of OOTB content.

      2. Type Specification

      • Workbooks now categorized as 'standard', 'auto-scheduled' and 'streamed.'
      • 'Standard' workbooks are off by default; 'auto-scheduled' and 'streamed' workbooks are automatically streamed upon deployment.

      3. Authorship Transparency

      • Clearly mentioned authorship: 'DNIF' for internally created workbooks and 'community' for those from external sources.
      • Community-sourced workbooks include links for easy reference.

      4. Workbook Staging

      • Introduced BETA and PROD tags to assess the quality and reliability of each workbook.
      • Streamlined staging process for accurate assessment.

      5. DNIF Query Standardization

      • Standardized field names in queries for Legacy DQL, SQL, and New DQL formats.
      • New DQL field names are in lowercase without the '$' symbol.

      6. Signal Block Enhancements

      • Improved specification of DetectionConfidence, DetectionSeverity, and DetectionScore in the signal block.
      • Ensured consistency in field names for Suspect and Target.

      7. Raw Event Query Refinement

      • Enhanced the raw event query by adding duration based on the main query.
      • Standardized Suspect and Target types for consistency with the signal block.

      8. Knowledge Base (KB) Validation

      • Thoroughly validated and refined Knowledge Base content within Workbooks.
      • Now includes detailed information on use cases, preparation, detection and analysis, containment, eradication, and recovery.

      9. Extractor Enhancements

      • Transitioned from annotating the stream as 'OTHER' to using device-specific or standard stream names for better data extraction.
      • Replaced 'SYSMON' with 'EP' in the stream name for Windows events.