Skip to main content

This release contains several updates, including the introduction of new actions and the resolution of some issues.

Integrations

  • [Updated] Lacework
    • New actions
      • Get Alert Details
      • Search Alerts
    • Fixed endpoint in Close Alert action
  • [Updated] Darktrace
    • Resolved bug related to integration resource
  • [Updated] IP Quality Score
    • New actions
      • Email Reputation
      • URL Reputation
    • Renamed action from "Get Credit Usage API" to "Get Credit Usage"
    • Refined labels and hints
    • Extended output mapping with examples
  • [Updated] OneTrust
    • New action: Create Organization
  • [Updated] Sumo Logic CSE
    • Fixed issue in the "Add Comment To Insight" action where line breaks in the "Insight Comment" field were removed upon submission
  • [Updated] AWS IAM
    • New action: Get Access Key Last Used
    • Fixed bug in some actions
  • [Updated] Incident Tools
    • Fixed Typo
  • [Updated] Atlassian Jira
    • Enhanced "Create Issue" and "Update Issue" actions to support Jira custom fields
  • [Updated] Screenshot Machine
    • Screenshot Webpage Action: Updated with new Cloud SOAR API
  • [Updated] Chronicle
    • New actions:
      • Get Event
      • Get Events
      • Get Log
      • List Alerts
      • UDM Search
    • Fixed a bug related to the PageSize field in the List Alerts action
    • Updated Alerts Daemon Chronicle
      • Fixed a bug related to Last execution time
      • Updated Output mappings
  • [Updated] Zscaler
    • Fixed an issue that prevented some actions from being executed
  • [Updated] Mail Tools
    • Updated Analyze MSG EML action with new Cloud SOAR API
  • [Updated] Recorded Future
    • Refactored Recorded Future Alerts Daemon
    • Refactored Vulnerability Search Daemon
    • Enabled Incident Artifacts feature flag for Get Alert Details action
  • [Updated] GreyNoise
    • New action: Context IP Lookup Community
    • Other minor fixes

Changes and Enhancements

  • Playbooks:
    • Enabled playbook testing. With this improvement it is now possible to test a playbook configuration before publishing it, using Insight, Incident or custom JSON as input.
    • Action configuration: Integration fields configuration now suggests default values, if present.
    • UserChoice, answer by Email: Fixed Authorizer usage from previous nodes.
  • AppCentral: Within the Integrations section, each integration card now contains a hyperlink to the related public documentation page Integrations in App Central.
  • Integrations: It is now possible to send custom commands when an integration docker image is created. This feature is available for Not Certified integration only.

Cloud SOAR

  • Enabled a new reporting feature for case management and dashboards.

Bug fixes

  • Integrations:
    • Fixed Resource test issue.
  • AppCentral: Fixed playbook preview when maximized view is used.

Cloud SOAR

  • Rules: Fixed scheduled execution.
  • Tasks: Fixed creation if a required field is dismissed.
  • Incidents: Fixed full screen view buttons for widgets.
  • Notes: Fixed CSV export.

New Documentation for the Cloud SOAR SaaS version​

We are excited to announce the following new documentation for features in our Cloud SOAR SaaS version:

  • Features:
  • Open Integration Framework:
    • Integration Builder allows you to build integrations without needing to provide code
    • Integrations, and related action execution, can be done in the cloud or through the Bridge. Only certified integrations can be executed in the cloud.
    • Certified integrations allow you to customize JSON and table output schema
    • Actions configuration during playbook design is rearranged for easier use
  • Architecture:
    • Fully-functional in the Cloud (the Bridge is only required for custom integrations)
    • User and profile management is in Sumo Logic core platform instead of Cloud SOAR
    • Automatic scalability based on server load
    • Cloud SOAR APIs are standardized to use the same infrastructure as APIs in the Sumo Logic core platform

Changes and Enhancements

  • Added public help document for supported integrations. See Integrations in App Central.
  • Integrations: Added possibility to rename an integration keeping original reference in YAML.
  • Playbooks:
    • List view set as default. View changes are saved in user preferences.
    • Deprecated Nested attribute.
    • Added possibility to dynamically reference a resource in actions.
  • Automation now tracks failed actions executions.

Cloud SOAR

  • Playbooks: Fixed insight execution for nested playbooks with more than 2 nesting levels.
  • Rules: Added ability to change the Daemon Name or Integration Resource within an existing automation rule.

Bug fixes

  • Email encoding a character to UTF8 for literal string fixed.
  • Playbooks:
    • Unable to use variable fields with quotes in text area fixed.
    • Fixed playbook inputs not visible in TextArea placeholder.
    • Resolved scheduled action execution issue with playbook status.

Cloud SOAR

  • Incidents:
    • Fixed war room export for updated tasks.
    • Fixed possibility to copy table contents in Notes description field.
    • Incident creation: Fixed infinite spinner in Automation tab.

This release introduces new integrations, as well as new Playbooks related to Cloud Infrastructure Security for AWS.

Integrations

  • [New] Axonius
  • [New] OneTrust
  • [New] AWS Network Firewall
  • [Updated] Azure AD
    • Added New Action: Get Member Groups
  • [Updated] AWS IAM
    • Added New Action: Update Access Key
  • [Updated] Slack
    • Updated action: Ask Question
  • [Updated] AWS EC2
    • Updated action: Stop Instance
  • [Updated] Atlassian Jira*
    • Several changes have been made. This update introduces BREAKING CHANGES: both the Output Mapping and Input fields have been revised and updated. This version is specific to Jira Server and Data Center.

* These integrations have been migrated and are now available in this release.

Playbooks

  • [New] 540 - EC2 instance accessed from malicious IP
  • [New] 539 - Amazon GuardDuty InstanceCredentialExfiltration finding
  • [New] 538 - Admin Privileges Granted
  • [New] 537 - Amazon GuardDuty BruteForce finding

This release introduces two new integrations, ipdata and Google Alert Center, as well as several updates.

Integrations

  • [New] ipdata
  • [New] Google Alert Center
  • [Updated] PowerShell Tools
    • Updated the integration to address hostname resolution in Docker
  • [Updated] Panda EDR
    • Fixed Token Issue
  • [Updated] IPinfo
    • Enabled Incident Artifacts for IP Address field
  • [Updated] CSE Tools
    • Extended output mapping for Get Signal action
  • [Updated] Sumo Logic
    • Updated Search Sumo Logic Action
  • [Updated] Have I Been Pwned
    • Added new action: Get Latest Breach
  • [Updated] Sumo Logic CSE
    • Added new Action: Create Insight From Signals
    • Updated Add Enrichment Insight, Add Enrichment Entity, and Add Enrichment Signal actions
  • [Updated] Incident Tools
    • Added new action: Get Incident
  • [Updated] Lacework
    • Added new action: Close Alert
  • [Updated] Active Directory V2
    • Updated action: User Attributes
  • [Updated] Active Directory
    • Updated action: User Attributes V2

Changes and Enhancements

  • Playbooks: UserChoice nodes can be handled now from Slack workspace (see documentation).

Cloud SOAR

  • New privilege "Api Admin": Enabling this privilege in Log Analytics Platform will allow user to handle incident operations without being involved directly as investigator.

Bug fixes

  • Fixed black screen when opening a Cloud SOAR or Automation Service URL with invalid session.
  • Playbooks:
    • Fixed: Parameters not being passed to nested playbooks.
    • Fixed: Configuration loss after being installed from App Central.
    • Placeholder TextArea with < and > that were converted in "spaces" in HTML.

Cloud SOAR

  • Groups: Fixed member removal that could result in broken requests.
  • Playbooks:
    • TextArea fixed placeholder view for Artifacts fields.
    • Incident ID placeholder available in node configuration.

Automation Service

  • Playbooks: Start node parameters fixed by using a “.” or a "space" in parameter names that were converted into _.

Changes and Enhancements

  • Playbooks: Added ability to dynamically select an authorizer in UserChoice node.

Cloud SOAR

  • Contextual menu now contains Open link in new tab action if URL is highlighted.

Automation Service

  • The Automation Service now permits you to execute Containment and Scheduled actions. App Central has been updated accordingly.
  • Manual playbook interaction through user choice node and manual action.

Bug fixes

  • Selecting a timestamp while testing integrations no longer results in the wrong timestamp being used.
  • Boolean values are no longer processed as null in actions/playbooks.
  • There is no longer an issue using a playbooks placeholder in the textArea for Incident fields.
  • Editing a playbook and publishing no longer causes an empty playbook.

Cloud SOAR

  • In playbooks, Incident fields are now available in condition nodes (they are no longer "NULL").
  • The file type is now displayed for Entities files.

This release introduces several new integrations, including Prisma Cloud, alongside various integrations that have been migrated and are now accessible through App Central.

We've also improved multiple integrations and introduced new actions, implemented various general fixes and enhancements.

Integrations

  • [New] CylanceProtect*
  • [New] ESMTP*
  • [New] Elasticsearch V2*
  • [New] EnergyLogserver*
  • [New] FortiSIEM*
  • [New] Gmail*
  • [New] Javelin AD Protect*
  • [New] Lastline Analyst*
  • [New] POP3*
  • [New] Prisma Cloud
  • [New] Triage Tools*
  • [New] ZIP Tools*
  • [Updated] Basic Tools
    • Added new action: Payload Regex
  • [Updated] Sumo Logic
    • Following Actions Updated:
      • Updated Action: Aggregates Sumo Logic Daemon
      • Updated Action: Search Metrics
      • Updated Action: Search Sumo Logic Daemon
  • [Updated] VMware Carbon Black Cloud Platform
    • Updated with new Cloud SOAR API

* These integrations have been migrated and are now available in this release.

Changes and Enhancements

Bug fixes

  • Actions: Fixed run action causing page reload when response data is too large.
  • Playbooks: Removed Resource from inputs when selecting an Internal integration in add or edit node.
  • Playbooks actions: Fixed boolean values processed as null.

Cloud SOAR

  • Fixed API v3 change incident owner when using incorrect owner ID or with a Group ID.
  • Fixed "Incident Tools" action Add Note issue.
  • Fixed Playbooks "Run Test" against an Incident where modal remained with infinite loader.

Sumo Logic On-Premises SOAR Solution End-of-Life

As of November 15, 2023, Sumo Logic's on-premises SOAR solution no longer receives updates, and Sumo Logic Engineering no longer develops, repairs, maintains, or tests the software.

Effective December 1, 2024, Sumo Logic’s on-premises SOAR solution reaches end-of-life and becomes obsolete. Beginning on that date, it no longer receives applicable support entitled by active support contracts or by applicable warranty terms and conditions.

To upgrade to Sumo Logic’s Cloud SOAR offering, reach out to your Sumo Logic representative.

This release introduces several new integrations, including Atlassian Confluence and Google Drive, alongside various integrations that have been migrated and are now accessible through App Central.

We've also improved multiple integrations to leverage the new Cloud SOAR API, introduced new actions, and implemented various general fixes and enhancements.

Integrations

  • [New] Atlassian Confluence
  • [New] Google Drive
  • [New]* Cofense
  • [New]* Microsoft EWS
  • [New]* SMTP V3
  • [New]* Microsoft EWS Extension
  • [New]* AbuseIPDB
  • [New]* APIVoid
  • [New]* VMware Carbon Black Cloud Endpoint Standard
  • [New]* VMware Carbon Black Cloud Enterprise EDR
  • [New]* VMware Carbon Black Cloud Platform
  • [New]* Lacework
  • [New]* Sumo Logic
  • [New]* Sumo Logic Notifications
  • [Updated] CSE Tools
    • Added new action: Insight Output Mapping
  • [Updated] Microsoft EWS Daemon
    • Updated with new Cloud SOAR API
  • [Updated] Sumo Logic CSE
    • Updated Daemon: Sumo Logic Insights Daemon Extended
    • Updated Daemon: Sumo Logic Insights Daemon
  • [Updated] Mail Tools
    • Updated with new Cloud SOAR API
  • [Updated] IMAP
    • Updated with new Cloud SOAR API

* These integrations have been migrated and are now available in this release.

Changes and Enhancements

  • Automation Bridge: ECR docker images are now replicated in all AWS regions.
  • App Central: Introduced Tags attribute for playbooks.
  • Audit Logs: Enabled events forwarding to Log Analytics Platform.
  • Playbooks: Improved status field update and granularity.

Cloud SOAR

  • Incident closing note: It is now part of APIv3 response and available as Read Only field in Incident Overview page.

Bug fixes

Cloud SOAR

  • Playbooks: Fixed display in task result table view for Authorizer.
  • Rules: Fixed bug not displaying all Integrations using same daemon.

Automation Service

  • Playbooks: Fixed possibility to add new playbook type.
  • Playbooks: Fixed killing playbook update status.
Legal
Privacy Statement
Terms of Use

Copyright © 2024 by Sumo Logic, Inc.