We have exciting news to share! We are releasing Demisto v3.0 today for both enterprise customers and community users. The release is packed with new features suggested to us by our community of customers and partners. The new features simplify third-party integration and data ingestion, evolve Demisto Platform's machine learning capabilities to enhance analyst skill-sets, and improve on the interactive investigation experience with richer indicator management capabilities.
Here is a brief overview of what Demisto v3.0 brings to the table:
An easier way to integrate: Demisto v3.0 has a mapping editor that allows users to align fields from external data sources to fields in Demisto's common information models. With this editing interface, it is now more convenient to fetch and map data, conduct tests and manual fixes, and edit the mapping model. Setting up the most complex integrations - such as an integration with a SIEM - is now accomplished in minutes without any scripting.
User-moulded incidents: Each Demisto incident interface is now fully customizable, allowing users to prioritize incident-relevant information and shape their own visual layouts for incidents. This modular functionality allows for much easier data ingestion and lets users hone in on key data indicators for each incident.
Related Incidents: Users now have their own security detective kit inside Demisto! Related Incidents allows you to get a streamlined view of how attacks over time are related, customize that view to best suit your line of thought, and codify your insights to better deal with subsequent incidents. Analysts can use Related Incidents to sanitize alert backlogs, pinpoint common links across complex attacks, and increase organizational readiness for future breaches.
For more information, you can view a video walkthrough of the Related Incidents feature.
Versioning: Demisto v3.0 is fully versioning and rollback capable. Users can view the entire version history - either of a particular playbook or all playbooks - and revert to a previous version whenever the need arises. This same versioning capability is also available for automation scripts as well as custom third-party integrations (also known as BYOI), increasing both security and flexibility.
For more information, you can view a video walkthrough of the versioning feature.
Additional Product Release Highlights
Our machine learning capabilities have been enhanced further so that DBot can now assist more during investigations. Other features in the Demisto Enterprise release include:
- New Indicator: You can now add a new indicator manually by selecting the “New Indicator” button on the indicators page. This is also available via the Demisto REST API.
- New Indicator types: You can now add new indicator types via the Settings page.
- Mark as indicator: You can add an indicator value manually from the warroom or work plan windows by simply highlighting a text inside the warroom entry and clicking the “Mark as indicator” button
- REST API support for Multi-tenancy: You can now define an API key in the master account for access to the REST API.
- Audit purge: You can now configure the audit retention period. By default, the system will keep audit logs forever.
- Disaster Recovery: You can now have a live back up server for Disaster Recovery.
If you are a Demisto customer and are interested in knowing more about these features, we invite you to visit the release notes on the Demisto Support portal.
If you are new to Demisto and interested in exploring these features, we invite you to sign-up for the Demisto Community Edition. All Demisto v3.0 features are available with full functionality in the Community Edition.
Stay tuned for in-depth feature breakdowns, playbook blogs, video walkthroughs, and more supporting material for Demisto v3.0 updates over the coming weeks.