Entity Groups Inventory Enhancements
We are happy to announce some important enhancements to the Entity Group feature in Cloud SIEM.
With this release, Entity Groups can now use any attribute available in your inventory data - including non-normalized attributes. (Previously, only the
group attribute was available.) Non-normalized attributes can be used by adding the
In addition, the release introduces the ability to auto-set schema tag values on matching Entities based on the value of a given inventory attribute. In this example, any user Entity that has a value for
location in inventory data will have that value set in a tag (such as
When using dynamic schema tags, you can still set static tags, criticality, and suppression state.
These two enhancements will reduce the number of Entity Groups needed to properly configure your Entities automatically and will automate a more complete and accurate set of Entity attributes, improving Rule and Analyst efficiency.
There much more information about Entity Groups and these enhancements in the online documentation.
- Multiple entries were being added to the audit log when some Insights were created.
- Some Insights were not getting enriched with VirusTotal using the direct integration.
- Time-to-live was temporarily considered a mandatory attribute for match lists.