Over the past few weeks and coming weeks we have/will release some new Intercept X Advanced with XDR features that I wanted to make everyone aware of.
Live Discover Customer Defined Enrichments:
Customers can now define their own Live Discover data enrichments to correspond with the built in enrichments we are provide in Live Discover today. This should prove very useful for customers who want to pivot to any third party data source that we aren’t supporting today. These enrichments can be defined for md5 and SHA256 hash data or on IP result data:
On entering Live Discover in the left hand navigation menu in Central you’ll see a new ‘Customize Live Discover’ menu item. Once you click on that menu item you’ll see a list of the built in enrichments along with any customer defined enrichments (if any have been created):
You can click the ‘Add enrichment’ button to define your own enrichment as below. The existing enrichments provide good reference examples and see the one below I created to check for blacklisted IP addresses with the MX Toolbox website:
Once the enrichment is defined it’s just a matter of testing the URL to see if it works and then Saving.
Live Discover Custom Query Categories:
The week of August 23rd we plan to introduce the ability for customers to also add their own Live Discover custom query categories which is great for storing your favorite queries and helps simplify the process for finding that query you want to run:
Manage Data Lake Upload Settings from Global Templates:
Finally, for customers using the Enterprise or Partner Dashboards, the Endpoint and Server Data Lake Upload Settings can now be enabled and pushed out to all or a select number of accounts using Global Templates:
Important Note: As the settings are turned off by default in Global Templates, one thing to make sure of is that if you have already enabled the Data Lake Updates on individual accounts/subestates, then make sure the Endpoint/Server Data Lake upload settings have been enabled in any Global Template being applied to those accounts otherwise you run the risk of applying a template with the settings turned off and disabling Data Lake uploads.