Google Security Operations SOAR release notes

This page documents production updates to Google Security Operations SOAR. You can periodically check this page for announcements about new or updated features, bug fixes, known issues, and deprecated functionality.

You can see the latest product updates for all of Google Cloud on the Google Cloud page, browse and filter all release notes in the Google Cloud console, or programmatically access release notes in BigQuery.

To get the latest product updates delivered to you, add the URL of this page to your feed reader, or add the feed URL directly.

December 14, 2024

Release 6.3.27 is now in General Availability.

Release 6.3.28 is currently in Preview.

December 08, 2024

Release Notes 6.3.27 is in Preview.

In order to align with our flagship Google SecOps platform, we are unifying our themes. The SOAR platform will now offer two themes: gray (default) and light.

Release 6.3.26 is now in General Availability.

December 01, 2024

The official maintenance window is on Sundays between 11:00 to 15:00 UTC. Note that maintenance does not always necessitate a service outage.

November 24, 2024

Release 6.3.26 is currently in Preview.

New options for closing a case

New custom field options have been added to the admin settings close case page. Using these fields, you can ask the analyst to enter different types of information when closing a case.

For more information, refer to Customize the Close Case dialog

November 17, 2024

Release 6.3.25 is now in General Availability.

From now on, only new features and changes will be written up for the Release Notes. Please use the customer portal to track progress of your support tickets or reach out to Customer Support for more information.

November 10, 2024

Release 6.3.25 is in Preview.

November 09, 2024

Release 6.3.24 is now in General Availability.

November 02, 2024

Release 6.3.24 is currently in Preview.

You can now use custom integrations in prompts when creating a playbook with Gemini.

Release 6.3.23 is now in General Availability.

From now on, only new features and changes will be written up for the Release Notes. Please use the customer portal to track progress of your support tickets or reach out to Customer Support for more information.

October 26, 2024

Release 6.3.23 is currently in Preview.

Custom SMTP Configuration does not send emails with send_mail function in monitoring jobs (ID #52614371)

Unexpected behavior between system wide and user preference localization time zone settings. Following this bug fix, the default time zone is now set to UTC + 1. This does not override the user local settings. The admin needs to change the default timezone to the required timezone if needed. (ID #51914939, #52558921)

October 20, 2024

Release 6.3.22 is now in General Availability.

October 13, 2024

Release 6.3.22 is currently in Preview.

Gemini Case Summary has been added as a placeholder to playbook actions. You can now use this to show the AI-generated case summary in a playbook action. Note that the playbook will only include this summary if it is available.

NOTE: This bug fix did not get fixed in 6.3.22 but was moved to 6.3.23. Unexpected behavior between system-wide and user preference localization time zone settings. Following this bug fix, the default time zone is now set to UTC + 1. This does not override the user local settings. The admin needs to change the default time zone to the required time zone if needed. (ID #51914939, #52558921)

The Remote Agent page doesn't display all the integrations and connectors. (ID #53428660)

Advanced Reports not displaying all the information. (ID #52923225, #00298032, #52553071)

Vw Dashboard Alerts HasPlaybook column shows incorrect information. (ID #53304589)

Issue with Siemplify Create or Update Entity action. (ID #53053446)

The search_everything database is displaying incorrect entity values. (ID #52746256)

SDK _get_case_by_id function does not return case tags, even though the case has tags.

Case Close Root Causes may cause errors when removed from playbook. (ID #50942408)

CaseSearchEverything API time zone discrepancies. (ID #52558921)

Playbook errors remain in the Pending Actions widget even after re-running their playbook. (ID #00274123)

Parallel action name changes are not reflecting the subsequent actions in a playbook. (ID #352725736)

October 06, 2024

Release 6.3.20 is now in General Availability.

Remote Agents 2.2.0 is now in General Availability.

October 05, 2024

Release 6.3.21 is currently in Preview.

When performing a search on entities in the SOAR search page, you can now focus on more precise results by using the new condition Equals, in addition to the default condition Contains.

September 30, 2024

Remote Agents 2.2.0 Release is currently in Preview.

Logs quality and coverage enhancements.

September 29, 2024

Release 6.3.19 is now in General Availability.

September 28, 2024

Release 6.3.20 is currently in Preview.

The case report now includes all information written to the Case wall.

It is now possible to merge cases where the requester is not the assignee both in the platform and through the API endpoint: api/external/v1/cases-queue/bulk-operations/MergeCases

Custom integration is reverted to the latest imported code after saving custom integration settings. (ID #53578268)

Remote agents not visible in the drop-down field. (ID #53299495)

Timeout error when trying to add an alert grouping rule. (ID #00298026)

Time Zone sync issue (ID #52421707)

Inaccurate case tag data in Advanced Reports (ID #00308538)

Tags are displayed in the database after being deleted from the platform (ID #53263012)

Timeout error for playbook action (ID #52418008)

September 23, 2024

Release 6.3.18 is now in General Availability.

September 22, 2024

Release 6.3.19 is currently in Preview.

Case Report can now be exported in PDF format.

The comment count on the case wall is not updating correctly. (ID #53266243)

The HTML widget refresh is not affecting the JS code. (ID #00266956)

September 15, 2024

Release 6.3.17 is now in General Availability.

Release 6.3.18 is currently in Preview.

September 09, 2024

Due to technical issues, the SOAR version has been rolled back to Release 6.3.16.

September 08, 2024

Release 6.3.17 is now in General Availability.

September 07, 2024

Release 6.3.18 is currently in Preview.

Playbooks are getting stuck in the queue. (ID #53247410)

September 02, 2024

Release Notes 6.3.16 is now in General Availability.

Remote Agents 2.1.0 is now in General Availability.

September 01, 2024

Release Notes 6.3.17 is currently in Preview.

Last Close comment and Last Close Root Cause not showing up in BigQuery. (ID #00298031)

Alert names that are too long cover the time remaining on the alert SLA. (ID #52831259)

Unable to edit, delete or export custom integration (ID #52403533)

Multi Select option not working in Custom Actions. (ID #52874346)

Playbook shows failed step even though it's not being used by the playbook. (ID #00282731)

Playbook export contains archived blocks. (ID #00251935)

August 18, 2024

Release Notes 6.3.16 is currently in Preview.

Unable to edit, delete or export custom integration (ID #52403533)

Remote Agents 2.1.0 is currently in Preview

Agent logs are now consolidated in one location: /opt/SiemplifyAgent/Logs.

Agent source code logs are located in agent.log

python scripts logs are located in python.log

Release 6.3.15 is now in General Availability.

August 17, 2024

The documentation for the SOAR product is currently undergoing a makeover. The upper tabs for the table of contents have been removed and the table of contents for SOAR now appears at the bottom of the left hand navigation bar.

In addition, labels have been added to the top of each page that let you know if the specific page is relevant for SOAR. You can click on the label to reach the SOAR table of contents.

August 11, 2024

Release 6.3.14 is now in General Availability.

August 10, 2024

Release 6.3.15 is currently in Preview.

Unable to upload ZIP files to the Case wall. (ID #52659859)

August 03, 2024

Release 6.3.13 is now in General Availability.

August 02, 2024

Release 6.3.14 is currently in Preview.

Unable to rerun a failed playbook step when the parameter is very large. As part of the fix, large parameter values will show as truncated on the platform but will not change the actual value sent to the playbook. (ID #49774296)

The platform does not show the correct error when trying to save a playbook which is open in another tab. (ID #00269661)

Can't remove the remote agent after host/container has stopped (ID #49024310)

List and multi-select parameters not appearing correctly in the IDE (ID # 51995565)

Playbook simulator sometimes not executing actions in the correct order (ID #48264534)

Missing audit log entries when deleting permission groups (ID #51496411)

July 29, 2024

Release 6.3.12 is now in General Availability.

July 27, 2024

Release 6.3.13 is currently in Preview.

Create a Playbook with Gemini

You can now use Gemini to create Playbooks. Gemini can create a functional playbook based on your prompts. This feature is in public preview. For more information, refer to Create playbooks with Gemini.

Scheduled reports failing due to Microsoft email server authentication token request throttling (ID #00277914)

July 24, 2024

The Incident Manager in Google Security Operations will be fully decommissioned on July 22, 2025. Google Cloud will provide full support and maintenance until July 22, 2025 but no new features will be released.

July 23, 2024

Release 6.3.11 is now in General Availability.

Release 6.3.12 is currently in Preview.

Logs of newly created jobs are not accessible (ID #51865082)

Trying to export case reports results in an error (ID #52316269)

Saved filters in Cases screen disappear (ID #50834432)

Integration update might fail in an environment with an extremely high number of playbooks (ID #51785856)

July 14, 2024

Remote Agents Release 2.0.2 is now in General Availability.

July 13, 2024

Python 2.7 is being deprecated and will be fully removed on October 13, 2024.

For information on how to update Marketplace integrations to Python 3.11, refer to Upgrade the Python versions.

Support for Python 3.11: Google SecOps now supports Python 3.11 in all the certified integrations. This feature is in General Availability.

IDE Staging mode: A staging mode has been added to the IDE where you can test certified and custom integrations as well as custom items. The staging mode acts as a sandbox where you can test the new Python 3.11 code or any upgraded integration before pushing to production. For more information, refer to Test integrations in staging mode. This feature is in General Availability.

July 12, 2024

Release 6.3.10 is now in General Availability.

July 10, 2024

Release 6.3.11 is currently in Preview.

Case tag filter pagination is not working in cases page (ID #339581969)

Issues when testing SOAR Webhooks for ingestion. (ID #51862016)

July 09, 2024

Release 6.3.9 is now in General Availability.

July 05, 2024

Remote Agents Release 2.0.2 is currently in Preview. Note the version number has been changed from 2.0.0 to 2.0.2.

July 04, 2024

Release 6.3.10 is now in Preview.

The limit for action result attachments has now been raised to 50 MB. (ID #00294694)

Playbook is stuck in the queue. (ID #51894700)

Issues when importing a custom list which contains duplicated records.

July 02, 2024

Remote Agents Release 2.0.1 is currently in Preview. Note that the version number has changed from 2.0.0 to 2.0.1.

June 28, 2024

Release 6.3.8 is now in General Availability.

Remote Agents Release 2.0.1 is now in General Availability. Note that the version number has changed from 2.0.0 to 2.0.1.
This Release Note is incorrect; see entry for July 2, 2024.

June 27, 2024

Release 6.3.9 is currently in Preview.

Case List preferences are now saved permanently per user. This includes column selection, order of columns, and sorting within columns.

Environment table column width display issue when using dynamic parameters with many characters (ID #51611835)

Editing or saving any step in the playbook resets the view to zoom out (ID #00162859, #48257046)

June 21, 2024

Release 6.3.7 is now in General Availability.

June 20, 2024

Release 6.3.8 is currently in Preview.

When running an imported playbook with an assigned user that doesn't exist, the playbook stops working when it gets to manual actions. (ID #00290960)

Entity properties not showing in the platform if the key name contains the time string (ID #51599403)

June 14, 2024

Remote Agents Release 2.0.0 is currently in Preview.

Support added for Python 3.11

The following articles have been updated as a result:

Create Agent with Installer for RHEL

Create Agent with Installer for CentOS

Perform a major upgrade using installer for CentOS

Perform a major upgrade using installer for RHEL

Release 6.3.6 is now in General Availability.

June 13, 2024

Release Notes 6.3.7 is currently in Preview.

Case filters are removed when refreshing the browser (ID #50834432)

Custom Actions, and the parameter types multi-select and password cause errors when trying to save a playbook (ID #51582854)

June 06, 2024

Release 6.3.5 is now in General Availability.

June 05, 2024

Release 6.3.6 is currently in Preview.

Change Alert Priority action does not update the case priority (ID #00277602)

May 30, 2024

Release 6.3.4 is now in General Availability.

May 29, 2024

Release 6.3.5 is currently in Preview.

Trying to set an SLA definition that is too similar to an existing one results in an incorrect error message (ID #00289305)

Tags not showing as expected in the Search page (ID #50691614)

All Environments is not supported when importing networks from CSV (ID #00276371)

Action All CVE Entity filter is not working (ID #51310124)

Subject Entity Search Filters are not working properly (ID #50841312)

Case actions - generate report has missing content (ID #50620576)

May 24, 2024

May 23, 2024

Release 6.3.4 is currently in Preview.

Unable to edit case comments via API (ID #49966652)

Unable to create or import advanced reports for certain Looker users (ID #00265303)

Error when trying to add a user to Google SecOps SOAR

Event details search option in alert tab stops working (ID #00287518)

SOAR filtering not working due to unsupported commas in names

Unable to re-run the playbooks (ID #00282282)

Google SecOps SOAR fails to return API keys (ID #50630848)

May 17, 2024

Release 6.3.2 is now in General Availability.

May 16, 2024

Release 6.3.3 is currently in Preview.

Search results distorting the screen (ID #00273643)

Inline CSS removed in Insights (ID #00273271)

SAML login page showing blank (ID #00279230)

Gitsync power up push content not triggering automatically (ID #00283331)

Job page loading slowly and needs to be refreshed many times (ID #50253417)

Alert Type is empty when trying to add alert grouping rules (ID # 00275434)

May 09, 2024

Release 6.3.1 is now in General Availability.

Remote Agents Release 1.6.0 is now in General Availability.

May 08, 2024

Release 6.3.2 is currently in Preview.

Issues when Siemplify > Set Case SLA actions run at the exact same time (ID #49397338)

Wrong error message displays when you to try add a custom list with a name that already exists (ID #50610331)

User mentioned in case not receiving an email notification (ID #00274991)

Widgets not fully aligned on Case view page (ID #49711925)

Number increased for integer type integration parameters (ID #00287205)

May 02, 2024

Remote Agents Release 1.6.0 is currently in Preview.

Jobs can now be run remotely over remote agents.

May 01, 2024

Release 6.3.1 is currently in Preview.

Create a new playbook using Gemini (Preview)

You can now use Gemini to create a fully structured playbook. All you need to do is write a well structured prompt and click Create.

For more information, see Create playbooks with Gemini.

Change entities to be marked as non suspicious

When an entity is marked as IsSuspicious, you can now change the value from True to False.

Two changes have been made to the sort within cases ability:

  • Option to sort cases by name has been removed.
  • Added ability to sort through all existing cases and not only across a single page.

Cannot insert images in reports (ID #00244001)

HTML templates, case sensitivity issue and generic error (ID #44058663)

Change Alert Priority action not working as expected (ID #00277602)

Clicking on events configuration takes you to the wrong mapping & modeling rules

Alert Grouping settings not displaying correctly.

April 19, 2024

Release 6.2.54 is now in General Availability.

April 18, 2024

Release 6.3.0 is currently in Preview.

Chronicle SOAR is being rebranded to Google Security Operations (Google SecOps). Both the logo and the platform name have been rebranded as part of this change. This rebranding reflects our commitment to bringing you the best of Google security operations features. There is no change to functionality in the platform.

Context-sensitive help added to the platform When you click the documentation link at the top of the platform, you will now be directed to the exact documentation page that relates to the screen you are on.

Custom List import error not propagated to the user (ID #1032784)

Advanced Text Editor text formatting not working (ID #00274952)

Issues with Login (ID #00283928)

Parse case wall email doesn't work in playbook simulator (ID #00260679)

Unable to create advanced reports when a specific environment is selected (ID #49898167)

Playbooks not visible due to missing categoryId and categoryName values (ID #00274872)

Events tab lists all artifacts even though they are part of different events (ID #49103838)

Tagged user is not highlighted or hyperlinked on the Case Wall page & Notification popup

April 12, 2024

Release 6.2.53 is now in General Availability.

Remote Agent Release 1.5.0 is now in General Availability.

April 11, 2024

Release 6.2.54 is currently in Preview.

In Release 6.2.45 the option to manually enter General placeholders was added. The General Placeholders section has now been added to the platform.

Error when adding or removing a tag on a closed case (ID #50195120)

Unable to import dynamic parameters (ID #00262571)

Playbooks re-running during platform update (ID 00282275)

Playbook block input can't be used to select dynamic instance (ID #00276416)

Refreshing dashboard changes displayed data (ID #49716319)

Playbooks not saving correctly (ID #49142793)

When logging in via SAML it doesn't show up in the SOAR Audit logs.

March 29, 2024

Release 6.2.52 is now in General Availability.

March 28, 2024

Release 6.2.53 is currently in Preview.

Issue when filtering Cases in Cases Page (ID #49689809)

Case filter is_not not working as expected (ID #00279039)

Unsupported providers causing playbooks not to run (ID #00262970)

Playbook block missing when trying to add it to a case (ID #00273133)

Report Scheduler not sending out reports as planned (ID #00277914)

March 27, 2024

Remote Agent Release 1.5.0 is currently in Preview.

Support for future major upgrades

Currently, Google supports minor upgrades which make changes to the remote agent code only.

We have now added support for the customer to carry out a major upgrade which requires changes to the entire OS or libraries in the machine.

You will receive clear instructions before a major upgrade. These must be followed very carefully in order to ensure the Remote Agent can continue to work with your machine.

Support for updating custom environment variables (ID #47675122)

You can now configure environment variables on the agent.

Remote connector logs are now written to the following path:

/opt/SiemplifyAgent/Integrations/<integration name>/Connectors/<connector instance>/remote_script.log

March 20, 2024

Release 6.2.52 is currently in Preview.

Case filter and URL now in a reciprocal relationship

In the Cases page, the filter and the URL now directly affect each other. Changing the filter changes the URL, and conversely, changing the URL changes the filter. You can take advantage of this feature by setting a filter for cases and putting the newly created URL in an external dashboard. Clicking on this link would then take you directly to the filtered case queue.

Incident Manager appearing in navigation even though user doesn"t have license (ID #49062139)

lastLoginTime returns wrong date for SAML users (ID #00278010)

Wrong error message returned for environment alias duplicates (ID #00271405)

Playbooks with async actions longer than 7 days can't be saved even though time set to 14 days in IDE (ID #00269032)

Clicking on events configuration opens the wrong mapping & modeling rules

March 15, 2024

Release 6.2.5.0 is now in General Availability.

March 13, 2024

Release 6.2.51 is currently in Preview.

Jobs Enhancement

When updating an integration, the jobs will now be updated automatically. This does not apply to any legacy jobs that were created before October 2023.

The Marketplace integration will clearly identify the legacy jobs that are affected and provide instructions on how to proceed.

In addition, legacy jobs are now marked as such in the Jobs Scheduler page so that you can take action and resolve issues beforehand.

APIs now documented

The following APIs are not new, but with this Release are now formally documented in Swagger:

AddOrUpdateEnvironmentRecords

RemoveEnvironmentRecords

Searching for cases from the last week doesn't produce results (ID #00269819)

Email HTML Templates > Show Email Template not rendering styles (ID #00249556)

SDK call for create entity failure displays the wrong error message (ID #48950075)

March 08, 2024

Release 6.2.49 is now in General Availability.

March 07, 2024

Release 6.2.50 is currently in Preview.

In the Entity Explorer page, Case Distribution has been renamed to Alert Distribution.

This change makes the information easier to understand. (ID #48941723)

Docker hub login is not needed and as such this instruction has been removed from the platform. (ID #49611790)

Users with a single character in their last name are unable to login (ID #49008785)

Alerts are being grouped into cases after the time specified in the platform.

Inline CSS with styles and classes are not supported in Insights. Note that Scripts are not supported for security reasons. (ID #00273271)

Custom integration settings: existing script dependencies don't show up (ID #49703871)

Unable to create new playbook blocks (ID #00275270)

February 22, 2024

Release 6.2.49 is currently in Preview.

In the IDE, using CrowdStrikeFalcon - Execute command and selecting scope as internal hosts and external hosts does not work (ID #00250316)

The following APIs have been deprecated and will be deleted in 6 months.

  • GET /api/external/v1/connectors/GetConnectorsData
  • POST /api/external/v1/connectors/DeleteConnector
  • POST /api/external/v1/connectors/AddOrUpdateConnector
  • POST /api/external/v1/connectors/UpdateConnectorFromIde
  • POST /api/external/v1/connectors/GetConnectorStatus

For each API above, there are one or more alternative endpoints that you can use as shown below:

Instead of
GET /api/external/v1/connectors/GetConnectorsData

Use one of the following:

  • GET /api/external/v1/connectors/template-cards
    Provides basic information per each accessible connector definition.

  • POST /api/external/v1/connectors/template
    Retrieves detailed information regarding a specific connector definition.

  • GET /api/external/v1/connectors/cards
    Provides basic information per each accessible connector.

  • GET /api/external/v1/connectors/{identifier}
    Retrieves detailed information regarding a specific connector instance.

Instead of
POST /api/external/v1/connectors/DeleteConnector
Use
DELETE /api/external/v1/connectors/{identifier}

Instead of
POST /api/external/v1/connectors/AddOrUpdateConnector
Use
POST /api/external/v1/connectors

Instead of
POST /api/external/v1/connectors/UpdateConnectorFromIde
Use
POST /api/external/v1/connectors/update-from-ide

Instead of
POST /api/external/v1/connectors/GetConnectorStatus
Use
GET /api/external/v1/connectors/{identifier}/statistics

February 21, 2024

Remote Agents Release 1.4.9 is currently in Preview.

The Docker image to pull for this release is 1.4.9.2

Upgrade agents from 1.3.8 on RHEL not working as expected (ID #00243884)

Publisher memory usage issue (ID #00273756)

February 19, 2024

The following items have been added to Release Notes 6.2.48.

The AI Investigation widget is now available in Europe. For more information, refer to AI Investigation widget.

Timeout for automatic and manual python-run operations failing after 5 minutes even though it's defined for a longer time in the platform (ID #00243596, #00213817, #45379045, #48348087, #00245583. #00227758, #00250153)

Automatic actions/operations now run for up to the time defined in the platform (maximum of 20 minutes).

The 5 minute timeout still applies for the following manual operations:

  • Run manual action
  • Run connector once
  • IDE - Play Item

February 16, 2024

Release 6.2.47 is now in General Availability.

February 15, 2024

Release 6.2.48 is currently in Preview.

Playbook condition branch name field can now hold up to 150 characters (ID #48159735)

Just-in-Time User Provisioning configuration not available in Okta configuration. (ID #49263630)

IDE - creating an integration or manager with the same name as an existing one results in the wrong error message (ID #47233004)

Save button not showing when adding lots of list items to the List type action parameter (ID #00266458)

February 09, 2024

Release 6.2.46 is now in General Availability.

February 08, 2024

Release 6.2.47 is currently in Preview.

Email settings: customer configuration change

In order to help with safe and secure communication, the Trust Certificate checkbox is scheduled to be deleted in April 2024 as it will be enabled automatically by default.

Customers who currently do not have this checkbox enabled are advised to carry out the following procedure.

  • In the Email Settings > Customer Configuration tab, enable the Trust Certificate checkbox.
  • Save the settings.
  • Click Test to ensure the configuration works.
  • Perform an action which will trigger a test email notification.
  • If errors are shown, follow the instructions in the error message.

Manual Action Menu - Group and Specific filters when chosen together lead to errors (ID #49013713)

Custom SAML provider configuration error (ID #49125693)

The placeholder CurrentUserRole that was removed from Release 6.2.45 is now supported.

February 04, 2024

In Release 6.2.45 we announced new placeholders. The placeholder CurrentUserRole has been removed and is not supported.

February 01, 2024

Release 6.2.46 is now in Preview.

New audit logs

The platform now captures audit logs when a playbook folder is deleted. (ID 48557086)

Mentioning users in a case is not working as expected. (ID #00180795)

January 31, 2024

Release 6.2.45 is scheduled to be in General Availability as of February 4th, 2024.

January 19, 2024

Remote Agents 1.4.8

Enhancement for Docker image upgrade.

Release 6.2.45 is now in General Availability.

January 18, 2024

Remote Agents 1.4.7

Bug Fix: Open SSL version on the remote agent is outdated. (ID #00250583)

January 17, 2024

Remote Agents 1.4.5

Bug Fix: Removed forced upgrade when enabling an agent. (ID #46257228)

Remote Agents 1.4.6

Bug Fix: Remote actions that use the API endpoint /api/external/v1/sdk/UpdateEntities fail with timeout. (ID #00265852)

January 11, 2024

Release 6.2.44 is now in General Availability.

January 10, 2024

Release 6.2.45 is currently in Preview.

New placeholders added

A new category of placeholders have been added which focus on the current state of the session, such as logged-in user and the platform. These can be used in a variety of scenarios. For example, you can use them in an HTML widget to create customized information specifically for logged-in users as opposed to the users assigned to the case.

A new section called General has been added to the placeholders. It contains the following placeholders

  • HostUrl
  • CurrentUserEmail
  • CurrentUserID
  • CurrentUserFullName
  • CurrentUserRole

Note that the Current User placeholders cannot be used in playbooks or jobs.

Case Queue not refreshing automatically (ID #00267303)

January 05, 2024

Release 6.2.43 is now in General Availability.

January 04, 2024

Release 6.2.44 is currently in Preview.

New platform navigation

An entirely new way of navigating the platform is now available. For more information, refer to Navigate the SOAR platform.

Delete SAML provider

You can now delete existing SAML providers in the External Authentication page.

Additional support for trimming large alerts

In order to prevent performance issues, when an alert contains over 500 entities, the alert is ingested with the key entities retained and the additional entities are removed.

This trimming support works in parallel with the current trimming mechanism as defined in Handle large alerts .

Issues when trying to update a specific playbook block (ID #00267635)

Playbooks and their folders within a specific environment are deleted without a corresponding entry in the audit logs. (ID #48557086)

The following API endpoints will be deprecated in July 2024.

  • api/external/v1/settings/AddOrUpdateSamlSettings
  • api/external/v1/accounts/DisableJitAndAutoRedirect
  • api/external/v1/settings/GetSamlSettingsTemplate

December 08, 2023

Release 6.2.42 is now in General Availability.

December 07, 2023

Release 6.2.43 is currently in Preview.

Searching by entities does not return the full results (ID #47644037)

API endpoint /api/external/v1/logging/python not returning logs (ID #00258483)

Cases are loading too slowly (ID #00246621)

Predefined widgets not available after updating playbook block (ID #47667046)

November 30, 2023

Release 6.2.41 is now in General Availability.

November 29, 2023

Release 6.2.42 is currently in Preview.

Environments missing after toggling on All Environments in the Permission Group page (ID #00248779)

Hash values are displayed instead of analyst names when generating a report (ID #47508033)

The audit log shows the internal IPs instead of the external ones (ID #00170308, #00245571, #00262470)

Changing remote agents on an integration instance doesn't work

November 23, 2023

Release 6.2.40 is now in General Availability.

November 22, 2023

Release 6.2.41 is currently in Preview.

Jobs enhancement

The following features have been added:

  • Ability to sort the job execution table by time or status
  • Indication in the jobs queue for each failed job iteration

IDE's Live Autocomplete feature not working properly (ID #00250083)

November 16, 2023

Release 6.2.40 is currently in Preview.

Playbook actions carried out by automation are not labeled as such on the case wall (ID #47525692).

This bug fix is in Preview.

Case title is not picking up information if it's in square brackets (ID #00262914).

This bug fix is in Preview.

November 15, 2023

Release 6.2.39 is now in General Availability.

November 09, 2023

Release 6.2.39 - Preview

Dynamic mode instance support

When a playbook is built for more than one environment, you need to use dynamic mode which picks the relevant instance configuration from the target environment. When using dynamic mode within environments that contain multiple instances, the playbook needs to stop and wait for the analyst to pick the right instance by the context of the alert.

In this release, we have added a new option to the playbook designer, such that the analyst can specify an instance for the dynamic mode to use within the target environment by entering a name or a pattern in a new Specify Instance Name field.

For more information, see Specify instance in dynamic mode. This feature is in Preview.

Jobs enhancement

The Jobs page in the platform has been enhanced to provide more information at a glance for the security analyst. The following is a list of the added features:

  • Filter jobs according to success or failure.
  • Click View Details to open a side bar with full details.
  • Export the log details in raw text format.
  • View all job iterations with extra pagination support.

This feature is in Preview.

Update SiemplifyUtils to support Python 3 (ID #45825896).

This feature is in Preview

Incorrect playbook is attached to alert when using trigger Product Name when alerts are grouped (ID #47362407).

This bug fix is in Preview.

Issues with remote agent connected to remote connector in a shared instance configuration.

This bug fix is in Preview.

SDK function result.add_html which generates HTML reports within a case ends up generating blank text (ID #47721779).

This bug fix is in Preview

November 01, 2023

Release Notes 6.2.38

Beta - 5th November, 2023

GA - 12th November, 2023

Custom roles denied access to Advanced Reports (ID #47668375)

In certain cases, significantly large entity graphs failed to load (ID #00250400)

October 25, 2023

Release Notes 6.2.37

Beta - 29th October, 2023

GA - 5th November, 2023

A new Explore containing case-related fields has been added to the Advanced Reports module in the platform. This Explore allows you to find fields and build visualizations for your report. We recommend using this new Explore in new widgets.

Error when trying to log in again to Chronicle SOAR (ID #46831483)

Email HTML template shows blank page in Settings (ID #46912863)

Users filter in the Search page not displaying all the users (ID #00249930)

Active Directory Groups field removed from Settings Permission groups as it is not supported

October 24, 2023

Remote Agents 1.4.4

  • Added support for all SDK calls over remote agents
  • Improved managing integrations over the remote agent leading to a more overall stable product experience
  • Publisher Python version upgraded to Python 3.11

Remote Agents 1.4.4

  • Remote agent actions do not return script results in the same way local actions return them (ID #45682680)
  • Users unable to change the remote agent environment via agent CLI

October 03, 2023

Release 6.2.36

GA - 14th October, 2023

Internal security fixes

September 27, 2023

Release Notes 6.2.35

GA - 8th October

Risk Score and Severity added

Two new information fields have been added to the Alert Details widget which appears in the Alert overview tab. These are Risk score and Severity. These values will only be populated when using the Google Chronicle SIEM connector.

Export/Import for Advanced Reports (using Looker) now supported both in the platform and using new APIs.

This enables customers to create reports on their staging environment and then import the template without the data into their production environment.

In the platform, the import is at the top of the Reports queue while the export icon is inside the actual report itself. The report file is in yaml format.

New APIs are as follows:
/api/external/v1/looker/report/import

/api/external/v1/looker/export/{report_id}

Playbook name drop-down not showing any playbook names in various Playbook actions (ID #00248732)

Placeholders located inside other placeholders not always picked up correctly (ID #00244133)

Case title says unknown (ID #00249611)

GetCaseFullDetails and GetWallActivitiesV2 API endpoints failing to return results (ID # 00243878)

September 12, 2023

Remote Agents 1.4.3.6

Remote agent now supports the same alert and event trimming logic as implemented in the server. New parameters in the database control the size of the alert as well as the size of the fields and events within them. Alerts that are bigger than this size will be automatically trimmed. If the alert is still too big, then the size of the fields and events will be trimmed. The resulting alert ingested into the case might therefore not contain all the original information.

Remote connector logs now display as required in the platform.

Remote agent no longer takes ownership of the entire /var/log directory when using the installer.

August 30, 2023

Release Notes 6.2.34

  • Alerts ingested using webhooks are missing details (ID #00249611)
  • Entity Graph widget either not appearing or appearing without information (ID #00246250, #46124390)
  • Entity Graph API call not working

August 16, 2023

Release Notes 6.2.33

New Case Mentions in Playbook Actions

You can now mention the case assignee directly from a Playbook action


To mention the case assignee:

  1. Drag the Siemplify Case Comment action into a Playbook step.
  2. In the Comment field, write a message that you want the case assignee to see.
  3. Click on the placeholder, drill down to Case > case.mentioncaseassignee and double click it in order for it to appear in the Comment field with the message. Alternatively, write [case.mentioncaseassignee] in the Comment field.

After the Playbook runs, the notification is written to the case wall and depending on your notification settings, sent to the user.

July 26, 2023

Release Notes 6.2.32

Playbook not running with Playbook Simulator turned on in rare cases (ID #45093920)

Playbooks do not appear on the platform for some customers due to null category creation (ID #45985799, #00244424)

The timestamp displayed on the Cases>Alert>Playbooks tab drawer menu corresponds to the most recent modification time of the playbooks/blocks, rather than the actual execution time of the actions. Timestamp now displays actual execution time. (ID #00245107)

July 19, 2023

Release Notes 6.2.31

Added the ability to write comments on cases that have already been closed.

New API for Logs: Admin users can now retrieve raw python logs directly from the platform using the following API: POST/api/external/v1/logging/python

Release Notes 6.2.31

Importing a custom integration on top of an existing commercial integration causes the connector to not work properly (ID #00243798)

Specific Integration showing incorrect update available (ID #00181718)

SDK call siemplify.current_alert.creation_time returns 0 (ID #00226591)

In rare situations, unable to access several cases via the Platform or via API (ID #00243878)

When changing the Case Stage under the Cases tab, the drop down list of stages does not follow the same numerical order as defined in the Settings (ID #44453181)

Entities that should be internal are created as external if ingested using the environment alias (ID #00225318)

In certain situations, alerts are ingested into the platform for environments that don't exist yet in the platform and as soon as the environments are created - the cases are opened and playbooks run. It is now possible to configure alerts to be dropped if the source environment doesn't exist. (ID #00180834)

July 12, 2023

Release Notes 6.2.30: Playbooks not always saved correctly within Platform (ID #00243484)