Branding updates.
Version 1.3.0:
Added:
- Support for using a Saved File Event Search as an input filter for the File Exposure input (enabling flexible custom ingest criteria beyond just a minimum riskSeverity threshold).
Changed:
- The "Newly Added High Risk Users" panel of the dashboard has been updated to track risk activity of users recently added to any Watchlist.
Fixed:
- A bug in Alert and Audit Log input checkpointing that was causing duplicate events to be ingested.
Version 1.2.1:
ACTION REQUIRED: To continue ingesting data, you must update your account configuration for API client authentication.
Added:
- Support for proxies
Changed:
- Code42 authentication now uses API Clients (https://code42.com/r/support/splunk-auth) instead of user credentials.
- Alerts input now filters by RiskSeverity instead of Severity. If previously ingesting HIGH Severity alerts, you'll now include HIGH and CRITICAL alerts.
- File Exposure input now filters by RiskScore, enabling ingestion of all event types.
Fixed:
- An issue where the Device Health input triggered rate-limiting on Forensic Search endpoints. A configurable polling rate limit is added to the Device Health input configuration.
- Event checkpointing frequency, improving the ingestion rate.
- A mismatch issue between the High Risk Employee event results drill-down and the dashboard.
Version 1.1.0 introduces:
Three new Code42 modular inputs:
-- Alerts
-- Audit Log
-- Device Health
A new Incydr Overview Dashboard highlighting insider risk activity across your organization.
Fixes a problem with the Removable Media dashboard displaying the incorrect information.
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.