New-Scale Security Operations PlatformNew-Scale Security Operations Platform Release Notes

Mimecast Cloud Collector

The Mimecast Cloud Collector is now available as part of Cloud Collectors to facilitate data collection from the data sources Archive Search Logs, TTP Attachment Protection Logs, TTP Impersonation Protect Logs, TTP URL Logs, SIEM Logs, Archive Message View Logs, and Audit Events.

REST API Cloud Collector

The REST API Cloud Collector is now available as part of Cloud Collectors to facilitate data collection from REST API endpoints from a broad range of vendors and products.

Sophos Cloud Collector

The Sophos Cloud Collector is now available as part of Cloud Collectors to facilitate data collection from the data sources alerts and events.

Event Exploration on Search via Cloud Collectors

Now with the Open in Search option, you can open the Search application in a new tab to view a prepopulated Search query that displays details of logs related to the selected Cloud Collector instance. You can modify the Search query with parameters and timeframe to filter logs to see details specific to a Collector instance.

Early Access Collectors

Cloudflare Cloud Collector

The Cloudflare Cloud Collector is now available as part of Cloud Collectors Early Access program to facilitate data collection from the account based and zone based data sources that include Audit logs, HTTP requests, and Gateway DNS events.

The early access program offers you an opportunity to gain access to the latest cloud collectors before their official release. To participate, see Sign Up for the Early Access Program.

Google Workspace Cloud Collector

The Google Workspace Cloud Collector is now available as part of Cloud Collectors Early Access program to facilitate data collection from the data sources: Admin, Calendar, Drive, Gplus, Groups, Login, Meet, Mobile, Rules, Saml, Token.

The early access program offers you an opportunity to gain access to the latest cloud collectors before their official release. To participate, see Sign Up for the Early Access Program.

LastPass Cloud Collector

The LastPass Cloud Collector is now available as part of Cloud Collectors Early Access program to facilitate data ingestion from LastPass report events.

The early access program offers you an opportunity to gain access to the latest cloud collectors before their official release. To participate, see Sign Up for the Early Access Program.

Vectra Cloud Collector

The Vectra Cloud Collector is now available as part of Cloud Collectors Early Access program to facilitate data ingestion from the data sources Audit Log Events, and Detections.

The early access program offers you an opportunity to gain access to the latest cloud collectors before their official release. To participate, see Sign Up for the Early Access Program.

STIX/TAXII Cloud Collector

The STIX/TAXII Cloud Collector is now available as part of Cloud Collectors Early Access program to facilitate threat intelligence data collection from external sources that support the STIX/TAXII framework. You can opt to collect data about either IP addresses or domains. You can also opt to automatically generate a corresponding context table in the Context Management application that will process the data and map it to a standardized set of attributes. The context table will have the same name as the cloud collector.

The early access program offers you an opportunity to gain access to the latest cloud collectors before their official release. To participate, see Sign Up for the Early Access Program.

Recorded Future Context Cloud Collector

The Recorded Future Context Cloud Collector is now available as part of Cloud Collectors Early Access program to facilitate threat intelligence data collection from a Recorded Future Context source that supports the STIX/TAXII framework. You can opt to collect data about either IP addresses or domains. You can also opt to automatically generate a corresponding STIX/TAXII context table in the Context Management application that will process the data and map it to a standardized set of attributes. The context table will have the same name as the cloud collector.

The early access program offers you an opportunity to gain access to the latest cloud collectors before their official release. To participate, see Sign Up for the Early Access Program.

STIX/TAXII Context Tables

Context Management now supports onboarding STIX/TAXII context tables. These tables process data that is ingested by a corresponding STIX/TAXII cloud collector from an external threat intelligence source that use the STIX/TAXII framework. By default these context tables process a predetermined set of IP or domain attributes from the source collector and maps them to a set of standardized Exabeam target attributes.

The STIX/TAXII context tables are available as part of the Early Access program. During the early access period, STIX/TAXII context tables can be created from either a STIX/TAXII or a Recorded Future Context cloud collector. The early access program offers you an opportunity to gain access to the latest cloud collectors before their official release. To participate, see Sign Up for the Early Access Program, in the Cloud Collectors Administration Guide.

For more information, see STIX/TAXII Context Tables in the Context Management Guide.

Add Descriptive Child Names in the Multi-Org Console

If you are managing multiple organizations in a Multi-Org console, you can now add descriptive banner names to your child organizations. You can enter user-friendly, identifiable names that help reflect the way you refer to your customers or environments.

For more information, see the Get Started section of the Multi-Org Management Guide.

Introducing Exabeam Nova

Exabeam Nova, a transformative new agentic AI tool, is now available as part of the New-Scale Security Operations Platform. Exabeam Nova is built directly into the platform and requires no additional cost or extra complexity. Exabeam Nova is designed to augment SOC team efforts by automating routine investigative tasks. It can intelligently process vast amounts of event and alert data to provide targeted insights. And it is flexible enough to generate actionable investigation summaries for analysts of different experience levels.

For more information, see Exabeam Nova in the New-Scale Security Operations Platform Administration Guide.

Coverage Summaries

To get a high-level view of your overall security posture, you can now view a summary of your coverage across all MITRE ATT&CK^® techniques and use cases.^[a]

To quickly understand your security posture at a glance, you can now view an overall Use Case Coverage Score and MITRE ATT&CK Coverage Score. The overall coverage scores represent the average coverage score across all use cases or ATT&CK techniques. It is calculated once per day.

To identify trends in the overall coverage score, you can view a bar chart depicting the overall coverage score over one month, three months, or six months. You can also view the relative change of the overall coverage score over the given period and the relative change since the last time the score was calculated.

Exabeam Nova Use Case Coverage Summary is an AI-generated summary of your overall use case coverage.

The summary identifies:

For ATT&CK techniques, this summary is under development and will be delivered in the coming months.

Data Insights

Data Insights functionality was previously only available to users with one of the New-Scale licenses. It is now also available to users with any Exabeam Security Operations licenses.

The Insights tab is available in the Event Details panel for any search results that include parsed user or device information. The Insights tab provides a quick, easy way to drill into information related to events in your results. It lets you visualize what else is going on around a selected event, within specific time ranges. For example, if an event shows that a user triggered an alert, you can investigate which other assets the user has accessed in the past few days, which countries the user logged in from, or what files the user accessed.

For more information, see Data Insights in the Search Guide.

Entity Search Enhancements

The Entities tab in the Basic Search mode has been enhanced for more intuitive use and to display an increased level of detail. As part of the Exabeam True Identity functionality, the User Entity search consolidates all of the identifiers associated with a user account in your environment. In this way you can efficiently search across all the user identifiers with a single query. The process has been improved so that you can search by a user's full name or by any username or email address associated with the user account. Tooltips have been added so that you can view all of the associated names and addresses that will be included in the search results.

Options are still available to search by specific user account identifiers, including username or email address. For more information, about user entity searching, see Pre-Built Basic Search Lists in the Search Guide.

This feature is currently available only if you have either the New-Scale Analytics license or the New-Scale Fusion license. For more information about these licenses, see New-Scale Security Operations Portfolio Licenses.

For more information about managing and viewing entities in your environment, see the Attack Surface Insights guide.

Performance Optimization for Windows and Linux File Collector

Implemented performance enhancements for Windows and Linux File Collector to facilitate processing of extra large files exceeding 20GB.

Site Collector Upgrade Options

After you upgrade to the Site Collector 2.7 version, the next releases will show options to upgrade the current Site Collector version to the latest and the most recent stable version.

Windows Server 2025 and Windows Server 2025 Core Support for Agent Collectors

The Windows Event Log Collector, Windows File Collector and Windows Archive Collector now support the Windows Server 2025 and Windows Server 2025 Core operating system.

Threat Center Exabeam Nova Enhancement

If you have a license that includes Advanced Analytics, Exabeam Nova Analyst Assistant and Exabeam Nova Threat Summary now have a better understanding of a case or alert, considering the 50 most recently grouped detections when generating a response.^[a]

If you have a New-Scale Security Operations portfolio license, you can now get more accurate and trustworthy responses with minimal hallucinations from Exabeam Nova Analyst Assistant and Copilot Threat Summary. Exabeam Nova now has a better understanding of a case or alert, considering associated entity information and all associated detections when generating a response.

Created Column

To ensure you're investigating the right case or alert, you can now view the date and time a case or alert was created and time elapsed since the case or alert was created under the Created column.

Queue and Assignee Columns

To support sorting by queue and assignee, cases now have separate queue and assignee columns.

Sorting Enhancements

To help you quickly find a case or alert, you can now sort cases and alerts by three additional columns: Grouped By, Stage, Queue, and Assignee.

Filters

To view only certain kinds of cases or alerts, you can now filter cases and alerts.

For cases, you can filter by priority, grouped by value, stage, queue, and assignee.

For alerts, you can filter by priority and grouped by value.

Increased Notes Character Limit

To ensure you can communicate everything you want with case notes, you can now add up to 4,000 characters in a single note.

Threat Timeline Rule Name Enhancement

To better discern the type of rule associated with a detection, you can now see the full name of the rule type in the Threat Timeline.

Incompatible Analytics Rule Disablement

To ensure the analytics engine runs normally, the analytics engine monitors rule training and evaluation processes and prevents you from enabling analytics rules that are incompatible with your data or are highly likely to generate false positive results.

Under the Compatability, column, these analytics rules are marked as Incompatible.