We have exciting news to share! We are releasing Demisto v3.1 today for both enterprise customers and community users. We have improved usability of features across the board after listening to and learning from our community of customers and partners. The new features enable a personalized War Room, simplify and enhance Incident and Indicator Management capabilities, and introduce tutorials to aid onboarding and quicken learning.
Here is a brief overview of what Demisto v3.1 brings to the table:
Personalized War Room: The War Room now has pre-defined filters and a customizable filter editor that allows you to create bespoke views for specific incidents and avoid clutter. It is now possible to add notes and evidence entries directly from the CLI, improving choice and shaving off vital seconds in incident response. The all new Tasks Pane shows the analyst the next set of tasks to complete in the incident. You can also add entries in HTML format, further underlining Demisto’s source-agnostic ingestion capabilities.
Improved incident management: You can leverage new incident management features from ingestion through to post-mortems. New incident sources can be mapped without classification, simplifying the ingestion process. You can run tasks and commands directly from the UI and add notes and evidence directly from the incident summary, improving visibility and options during investigation. You can mark incidents as duplicates, view workplan status in the incident summary, and reopen closed incidents with a single click, aiding troubleshooting and remediation. Finally, you can automate post-incident scripts, keeping you in power even after incidents close.
Enhanced Indicator sources: You can view detailed drilldown information about indicator sources, adding valuable context to your investigation. You can also study a new indicator section in the summary report, giving you a quick one-stop glance at the underlying indicators of an incident.
Intuitive onboarding wizard: We now have an in-product walkthrough wizard that can help familiarize you quickly with standard Demisto screens, tasks, and user flows. This wizard will be available for future retrieval and quick clarifications in addition to our existing help and video documentation.
Additional Release Highlights
Other improved features in Demisto v3.1 include:
- Full screen view: You can view multiple screens such as Dashboard, Incidents, Playbooks, and Automation in full screen, helping you focus and cut out any noise.
- Search performance (in some cases, by more than 100 percent).
- Compatibility and support: SAML, Oracle Linux 7.3, Ubuntu 16.04 for D1 Engine, and i386 for D2 Agent.
- Data archiving: You can archive and restore incidents, entries, and indicators by month to free up storage space.
- REST API: Our REST API documentation now has a table of contents for easier navigation. Incident mapping using Demisto REST API is now simpler.
- New integration features: You can enter timeout periods for specific commands, thus customizing the command runtimes. You can also view the server’s Docker images from the CLI.
If you are new to Demisto and interested in exploring these new features, we invite you to sign up for the Demisto Community Edition. All Demisto v3.1 features are available with full functionality in the Community Edition.