February 19, 2024

[New] Continuing our work to better align the Cloud SIEM UI pages with Log Analytics UI pages to improve usability and provide a consistent user experience, the color palette has been adjusted slightly, some page decoration has been removed or altered, and some controls have been updated.
[New] On the Entity list page, you can now filter by reputation indicator (i.e. Malicious, Suspicious or NotFlagged).
[New] Users can now navigate directly from the Entity Activity panel on the HUD to the Entity List page, with the proper filter pre-applied.
[Updated] The Object Type attribute has been added back to the Signal summary section, next to the timestamp, so that it is visible whether the Signal details are expanded or collapsed.
[New] A user-editable Description field has been added to Rule Tuning Expressions.

Sorting by value was not working properly on the Entities list page.
Sometimes, if the target value was left blank (default), domain normalization would append a colon to the resulting value.
Customers were experiencing rate limiting with VirusTotal due to a change to their API and constant retries due to resultant errors in Cloud SIEM. This has been resolved, as has an issue with enrichments for file hashes.
Some Entities were not showing as being included in Entity Groups properly (even though attributes had been set correctly).
The MITRE ATT&CK® stage attribute was missing from some Signals in the audit logs.
Custom inventory sources were not included in the appropriate dropdown in Entity Group configuration.
On the Entity Details page, if the only Signals that existed were in Prototype mode, they would not be visible.
The reputation indicator on the Entity Details page was being rendered, then hidden.