October 19, 2018 / by Siddhant Mishra / In release-notes /

Release Note — v7.8.0

In this blog, we reveal a comprehensive list of enhancements and bug fixes which are available with the latest release v7.8.0

Enhancements
  • Users can now include multiple checks using the _checkif query directive.

  • The _checkif directive, now enables an analyst to compare date and time values.

  • In order to remove inconsistencies in email addresses (like uppercase letters in emails), reports can now be triggered, for uppercase email addresses as well.

  • Domain name information once fetched for a domain by APIs(for example, WHOIS, RISK_SCORE) will be stored in cache, so that next time if the information for the same domain is looked up, the already available information is fetched from cache, this reduces the time to gather critical domain information.

  • Additional entity in packages is now available, called as inline actions. This feature will enable analysts to raise alerts based on checks which are configured at package level. Users can now configure these checks and can raise alerts without using modules and workbooks. This feature will help analysts to configure some basic checks without activating an module or workbooks.

  • Parser files can not be downloaded on host machine, although it can only be synced to the local scope from DNIF CLOUD

  • All emails which are sent via notif_email function, can now be seen within the dnifevents index. Example:

    _fetch * from dnifevents where $Type=Email limit 10

  • During package synchronisation, there may be some issue in network which may lead to the sync operation to fail. In such cases, entities which have failed during sync operation, will now be displayed in a popup in tabular format.

  • The sequence of fields in the output for the directive _agg shall remain the same as mentioned in the query itself, for example:

    ……>>_agg stat_unique $SrcIP, $DstPort min $EvtLen

    The output of the above pipelined query will result in fields to appear in the same order as mentioned in the query above.

  • The _checkif directive can now be used to compare string values based on regex values.

  • Users can now create custom parsers within the console itself.

  • User can now create email template with subject, message body and attachment filename. This will help analysts to directly send the exported data using the _export directive over email to concerned stakeholder with appropriate subject line and attachment name.

Bug Fixes
  • Email addresses are now automatically converted to lowercase.

  • The string function within the _field directive is now fixed. Previously, only the first word of the sentence was accepted for searching.