Breach Detection System Update - 3.11.1
Scheduled Maintenance Report for CyFlare
Completed
The scheduled maintenance has been completed.
Posted Jun 25, 2021 - 13:11 EDT
Update
We will be undergoing scheduled maintenance during this time.
Posted Jun 25, 2021 - 13:10 EDT
Scheduled
Dear Subscriber:

On June 7, 2021, at 2:00pm EST, we upgraded our Breach Detection Service to version 3.11.1 to improve our internal infrastructure, only.

A few key highlights of note that provide significant benefit to you:

• Added several data ingestion filtering capabilities to network sensors and Syslog forwarders -- This enables the SOC to specifically filter out erroneous events and activity to optimize data ingestion and improve SOC accuracy

• Introduced the Azure Event Hub connector that ingests data from Azure Firewall, Azure WAF, Azure Storage, Azure Security Center, and Azure MSSQL PAAS -- This API Integration enables logs to be ingested to allow for forensic searching and automatic threat hunting rule creation

• Introduced the Carbon Black connector that retrieves Carbon Black alerts stored in AWS S3 -- This API Integration enables logs to be ingested to allow for forensic searching and automatic threat hunting rule creation

• Introduced the MS Defender for Endpoint connector that supports alert, machine, and vulnerability API ingestions -- This API Integration enables logs to be ingested to allow for forensic searching and automatic threat hunting rule creation

• Natively integrated AlienVault OTX and Anomali Limo threat feeds to the threat intelligence platform in the cloud, which benefits all customers -- These are paid OEM Threat Intelligence feeds to provide more coverage against your data and improves overall accuracy from the SOC. These are subscription value adds at no additional cost to you

• Added the Emerging Threat detection, which detects hot trendy attacks such as SolarWinds, based on threat intelligence -- Provides you real-time insight on 0-day and emerging threats that may exist in your environment.

• Detect RDP anomalies, such as data being copied out from RDP server and RDP session hijacking -- RDP-related attacks are on the rise. This provides more visibility into that attack channel

• Detect impossible travel, login location, and login time anomaly from Okta logs -- User Behavior Analytics continue to extend into OKTA logs & activities outside of your Windows AD logs

• Added the Cisco Umbrella Threat Hunting dashboard -- For users with Cisco Umbrella, this dashboard provides insights into that log data for additional threat hunting abilities

Please Note:
• Absolutely no data was lost during the process
Posted Jun 25, 2021 - 13:09 EDT
This scheduled maintenance affected: Breach Detection Service.