InsightConnect Documentation

Release Notes

Product Update 06.12.2019

New Features

  • Home Page Widgets: The Home page now displays dynamic content in widgets. Learn more about these widgets in our documentation.
  • Estimated Human Cost: You can now track the time you save with automated workflows by adding an estimate for how long a security process would take you to manually complete. Note this estimated human time cost in your workflow settings.
  • Edit Step Output: You can now edit some step output variable names and types. Editing the output will impact how the variables are parsed in later steps.

Fixes

  • We removed the settings icon from the read-only mode for active workflows.
  • We fixed an issue with special characters in UI titles.
  • We reduced the rate limit for ChatOps steps.
  • We resolved issues with human decisions inside loops.
  • We fixed an issue with plugins that incorrectly required connections.
  • We added visual loading state elements for connection or credential creation and editing.
  • You can now use special characters in variable names.

Plugin Updates 06.03.2019

New Plugins

  • OpenPhish - 1.0.0
    • New trigger Fetch and store the the feed file locally: poll the feed file and cache it for the Check URL Reputation action
    • New action Check URL reputation: check if a given URL is in the OpenPhish threat feed and return a historic count of found URLs
  • CheckDMarc - 2.0.0
    • New action: Check Domains: check records for a domain
    • Added timeout to Check Domain action

Updated Plugins

  • Microsoft Office 365 Email - 2.0.3
    • Fixed issues with Microsoft .msg, attachments, and content_type_to_parse
    • Fixed issue where correct account wasn't used in Get Message From User
    • New email type raw_attachments
  • Box - 2.0.3
    • Fixed issue where size was sometimes reported as a float
    • Performance fixes
  • Red Canary - 2.1.2
    • Fixed an issue with connection tests
    • Fixed an issue with New Detection trigger
  • Carbon Black Protection - 2.1.0
    • New action Retrieve File Instance: retrieves a local file instance ID
    • Performance fixes
  • Gmail - 5.1.3
    • New action Send Email: send an email
    • Fixed issue with soft linebreaks and HTML
    • Fixed issue with empty attachment errors in Send Email action
  • HaveIBeenPwned - 3.0.0
    • Performance and UI fixes
  • ExtractIt - 1.1.4
    • Fixed issue where URL Extractor would return IPs instead of URLs
  • Jira - 3.1.0
    • New action Edit Issue: edit an issue within Jira
  • Mimecast - 2.4.0
    • New action Get TTP URL Logs: retrieve TTP URL logs
  • LastPass Enterprise - 1.0.1
    • Connection test performance fix
  • Github - 2.0.1
    • Performance and UI fixes
    • Pinned pygithub and python-dateutil libraries
    • Enabled verification of SSL/TLS certificates for github.com
  • IBM BigFix - 5.0.0
    • Removed case sensitivity for Fetch Relevant Fixlets action
    • Performance fix for long lists of CVEs
  • URLScan - 2.1.1
    • Added error messaging to Get Scan Results action to provide assistance for unavailable scan results
    • Performance fixes
  • Cuckoo Sandbox - 1.0.1
    • Fixed an issue with Submit Files action

Product Update 05.06.2019

New Features

  • Post Interactive Messages with ChatOps: Interactive messages allow your team to respond to prompts directly within a Slack workspace. Learn how to configure an interactive ChatOps message here.

Fixes

  • Orchestrators now attempt to download plugin container images up to 5 times before reporting an error.

Plugin Updates 4.26.2019

New Plugins

  • CrowdStrike Falcon - 1.4.0 - A complete cloud-native framework to protect endpoints
  • FireEye HX - 1.0.0 - FireEye HX is an integrated endpoint solution that detects, prevents and responds effectively to known malware and threats traditional anti-virus endpoint security products miss

Updated Plugins

  • Mimecast - 2.3.0 - 2 new actions added
  • Microsoft Exchange - 5.1.0 - new action added

Product Update 04.15.2019

New Features

  • Delete Credentials: You can now delete individual credential sets, as well as workflow drafts, inactive workflows, and connections
  • Connection Manager Update: You can now create new connections from the “Connection Manager” page and the Workflow Builder.

Fixes

  • Variables in nested loops now display properly.
  • For orchestrator installation, we have updated the download links in the IT email option.
  • The left sidebar navigation now highlights as expected.

Plugin Updates 03.28.2019

New Plugins

  • SentinelOne - 1.1.0 - SentinelOne is a next-gen cybersecurity company focused on protecting the enterprise through the endpoint
  • Datadog - 1.0.0 - Datadog is a monitoring service for cloud-scale applications, providing monitoring of servers, databases, tools, and services, through a SaaS-based data analytics platform
  • Joe Sandbox - 1.0.0 - Joe Sandbox Cloud executes files and URLs fully automated
  • Proofpoint TAP - 1.0.2 - A plugin for Proofpoint Targeted Attack Protection (TAP)
  • Hippocampe - 1.0.0 - Hippocampe is a threat feed aggregator, which creates a threat feed memory and allows queries through a REST API or from a Web UI
  • SMB - 1.0.0 - Server Message Block (SMB) is used for interacting with files on an SMB server

Updated Plugins

  • IBM BigFix - 3.1.0 - new action added
  • Cisco ISE - 2.2.0 - new action added
  • Google Sheets - 1.1.1 - new action added
  • Python 3 Script - 2.0.0 - added ability to install third-party Python libraries
  • OTRS - 4.0.0 - performance fixes
  • TheHive - 2.0.3 - performance fixes

Product Update 03.19.2019

New Features

  • ChatOps: Use ChatOps steps to seamlessly interact with your team within your own chat applications. We currently support Post Message actions with Slack. Learn how to use this new feature here.
  • Delete Capabilities: You can now delete workflow drafts, inactive workflows, and connections. To learn how to delete workflows, visit our Manage Workflows page. To learn how to delete connections, read the new content in our Work with Connections page.

Fixes

  • Drafts corresponding to active workflows now correctly display in the drafts tab.
  • We resolved issues with incorrect connection test results for trigger-only plugins.
  • We resolved issues with incorrect connection test results for plugins without configured credentials.
  • We reduced the average load time for plugin lists in the workflow builder from potentially 10 seconds to a fraction of a second.
  • Cancelling a job is now instantaneous. Previously, the workflow would wait for the currently running step to complete before cancelling the job.

Plugin Updates 02.19.2019

New Plugins

  • Microsoft Office 365 Email - 1.2.0 - Microsoft Office 365 email actions and triggers. This supersedes the previous Microsoft Office 365 plugin.
  • Rapid7 InsightAppSec - 1.0.0 - Application security testing for the modern web
  • Microsoft Office 365 ATP Safe Links - 1.0.0 - Helps protect your organization by providing time-of-click verification of web addresses (URLs) in email messages and Office documents
  • Salesforce - 1.0.0 - Salesforce is a CRM solution that brings together all customer information in a single, integrated platform that enables building a customer-centred business from marketing right through to sales, customer service and business analysis
  • NASA - 1.0.0 - Triggers and actions related to NASAs open API

Updated Plugins

  • Duo Admin API - 3.2.0 - new action added
  • Rapid7 InsightVM - 3.2.0 - 7 new actions added
  • Cisco ISE - 2.2.0 - new action added
  • Kolide 2.0.0 - 3 new actions added
  • Type Converter - 1.4.0 - new action added

Product Update 02.15.2019

New Features

  • Command Line Orchestrator Installer: You can now install orchestrators using the command line. Find out how to use the script-based installer here.

Fixes

  • The Import Plugins list now displays ten available plugins at a time.
  • We resolved issues with the search feature in the Jobs Manager.
  • The API trigger help information now indicates that your X-API-Key header must include your API key.
  • You will now be notified in the UI if you attempt to delete an orchestrator that is currently in use.
  • You will now be notified in the command line if an orchestrator fails to connect to the platform network when you try to activate the orchestrator.

Product Update 01.29.2019

New Features

  • You can now run tests to check that connections are configured properly. Learn how to test a connection here and troubleshoot failed tests here.
  • The Insight Orchestrator now supports network environments requiring HTTP_PROXY, HTTPS_PROXY, and NO_PROXY. Configure your proxy settings in Docker and your orchestrator’s virtual machine with these instructions.
  • The Insight Orchestrator now supports CA certificate mounting for plugin containers. Install your CA certificate in your orchestrator’s virtual machine with these instructions.

Bug Fixes

  • We resolved issues with older plugin versions causing errors in the workflow builder.
  • Error messages now contain request IDs. Include these IDs when contacting support for troubleshooting an error.
  • Orchestrators now correctly display errored states for response timeouts.

Plugin Updates 01.10.2019

New Plugins

  • Rapid7 tCell - 1.0.0- Rapid7 tCell is a Next-Gen Cloud Web Application Firewall that enables web applications to defend themselves by combining in-app instrumentation and analytics in the cloud
  • Cortex v2 - 1.0.0- Cortex is an open source and free software for analyzing observables
  • String Operations - 1.0.0 - Provides common programmatic string operations

Updated Plugins

  • Microsoft SCCM - 1.1.13 - new actions added

Release Notes


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.