We have exciting news to share! We have released Demisto v4.1 for both enterprise customers and community users. The release is packed with new features suggested to us by our community of customers, partners, and independent users. The new features:
- Enhance granular access control and personalized visibility for every team member
- Facilitate complete separation between development and production instances
- Introduce timers to codify and scale adherence to SLAs
- Leverage machine learning capabilities through a phishing email classifier
and much more!
Here is a brief overview of what Demisto v4.1 brings to the table:
Figure: Overview of feature additions and enhancements in Demisto v4.1
Enhanced granular access management
In a fast-moving security world, your Demisto instance will house a wide range of product integrations, playbooks, and automations with varying sensitivity levels. To ensure that every team member has personalized and secure access to relevant parts of the platform, Demisto v4.1 allows users to grant and restrict role access across specific automations, playbooks, and integrations.
Users can also regulate page visibility through these access control features. For example, you can allow access to the ‘Playbooks’ page but restrict access to the ‘Integrations’ page for team members that are responsible solely for playbook creation and iteration.
Figure: Screenshot of enhanced granular access management in Demisto v4.1
Separation of development and production instances
Users can freely experiment with playbook creation and use case formulation without sacrificing the integrity or availability of their security data by completely isolating their development and production instances within Demisto. The development instance can be configured to receive regular Demisto content updates and the production instance can be linked to an organization’s Git-based repository for seamless transfer of updated content without affecting internal data.
Figure: Screenshot of development/production isolation in Demisto v4.1
Custom timers for SLA measurement
Demisto v4.1 enables users to hardwire SLA oversight into playbook creation through custom timer fields. Incident types can have specific SLA and timer fields attached to them, and playbooks can have triggers to start, pause, and reset these timers before any task. These features allow teams to measure playbook performance across user-defined incident phases, analyst-specific SLAs, and more.
Figure: Defining SLA fields in Demisto v4.1
Figure: Measuring SLAs through playbook tasks
Phishing email classifier with machine intelligence
Demisto v4.1 debuts an ML-powered phishing email classifier that learns from analyst actions over time to help organizations detect malicious phishing emails with a high degree of accuracy. By studying phishing emails as an ML classification problem, the model spreads analyst knowledge across deployments to provide an additional layer of insight that can help users accelerate phishing response.
Figure: Demisto's phishing email classifier playbook
You can read this blog for more information on the SageMaker release of our phishing email classifier. Stay tuned for a detailed walkthrough in the coming weeks!
Additional Release Highlights
Other features in Demisto v4.1 include:
- Improved data visibility: Users can add tables and grids as custom field types in incidents.
- Edit on the go: Incident summary layouts now have an inline edit option for easy and real-time modification of incident data.
- Dynamic summaries: Users can include dynamic sections in incident summaries, reports, and quick views. These sections are powered by automations and can measure any desired metric (for example, the number of War Room entries) in real-time.
- Reporting flexibility for multi-tenant environments: In multi-tenant installations, master tenants can now create common report designs across child tenants and selectively propagate them to the desired child tenants.
If you have access to Demisto's support portal, you can view the full release notes of Demisto v4.1 here.
If you’re an existing Demisto Community Edition user, we hope you’ve enjoyed your time with DBot so far and that these enhancements will help further improve your security operations. If you haven’t tried Demisto yet, we hope these new features are the nudge that sends you SOARing!
We invite you to upgrade to Demisto v4.1 by downloading our new Community Edition. We’d love it if you gave us your honest feedback on the #demisto-discussions Slack channel or by emailing firstname.lastname@example.org.