Cloud-delivered Incident ResponderIncident Responder Documentation

SOAR-14141

Fixed an issue with playbook asset sequence search where users experienced long query times and database slowness. With this fix, the default search duration has been reduced to two days, significantly lowering the total number of DB queries per incident.

SOAR-14119

Fixed an issue with Slack Service recipient restrictions where customers could not select Message Input and Recipients Input from drop-down boxes, even after configuring the service successfully. The customer was unable to leverage the Service as expected due to this limitation. This issue has been resolved by updating the Slack integration for sending messages to a channel action to reflect the latest changes in the Slack API.

SOAR-14103

Fixed an issue with incident rules where the Restrict To field could not be saved with a user role. This limitation prevented users from defining clear ownership and response processes for specific incidents. With this fix, you can now restrict incident visibility to specific user roles, ensuring that only authorized personnel can view and modify restricted incidents. For example, you can create an incident rule that makes it accessible only to Tier 3 Analysts, preventing unauthorized users from viewing or modifying the incident.

SOAR-13987

Fixed an issue with the Exchange Message Trace Integration where Incident Responder Playbooks failed to connect to Office 365 due to an issue with the Exchange Online API. When this occurred, Incident Responder displayed an Invalid Credentials error message for the integration. With this fix, you can now expect the integration to successfully authenticate and connect to Office 365 when valid credentials are supplied.

SOAR-13863

Fixed an issue with the Fortinet integration where configuring the service required default settings that were not supported. With this fix, you can now specify additional settings, including VDOM (Virtual Domain), port, Firewall Block IP incoming and Outgoing interfaces, allowing you to block IP addresses on FortiGate Firewalls running on non-default management ports, such as 8443, and have a custom VDOM.

Also see:

Advanced Analytics Release Notes

SOAR-13959

Fixed an issue where if you incorrectly configured email ingest using the OAuth2.0 protocol, the connectivity test stalled in a loading state. Now, if email ingest is not configured correctly, Incident Responder displays a Please fix input error(s) error.

Also see:

Advanced Analytics Release Notes