Dec 21, '23: Jingle bells, WannaCry smells, your escalated alert just laid an egg

Salem v.1.5.2

The holidays are upon us, and the elves at Salem HQ have been up in the workshop creating a blizzard of upgrades for v1.5.2 Salem, your trusty virtual cybersecurity analyst. This merry update brings an exciting new feature, helpful capability enhancements, and necessary functionality fixes to keep your operations cheerful and secure. Get ready to melt your security woes and automate your SOC with the blazing-hot Summary Details feature:

Summary Details: Tired of plowing through snowdrifts of cyber alerts? The Summary Details feature is a supercharged snowblower that leaves your alert reports neat and groomed (like the ski slopes you're going to bomb this winter). Customize your report views to focus on the details that matter most, like attack types, affected assets, or reindeer-approved system details. You can customize which details are most important across use cases, alert sources, or your entire organization.

So this holiday season, cozy up to your favorite virtual fire, grab a mug of hot cocoa, and don your ugliest sweater. Rest assured your security operations will run smoothly with Salem analyzing which alerts are naughty or nice. Happy holidays!

✨ New

Summary Details

We know security analysts face a monumental task: sifting through mountains of information to determine if an alert is a genuine threat or just a false alarm. This deluge can overwhelm even the most experienced veterans, who often just need a quick glimpse of key details to make confident decisions.

Enter Summary Details, a new feature that empowers you to prioritize the alert information you see first. Tailor your view based on specific use cases or alert sources. No more getting buried in irrelevant data! As you'll see below, alert reports can be expanded or collapsed to reveal more or less information, letting you find the sweet spot for your report size. Now we can easily catch the Elf on a Shelf colluding with Blitzen to rip off Santa before the big day.

Want to learn more about the default details displayed in Summary Details or how to customize alert details to match your needs? Dive into the dedicated Summary Details documentation page to get started!

➕ Improved

  • Introduced a validation check for eval strings and webhook actions to verify syntax and accuracy of user inputs

  • Webhook actions are now scoped to apply context to alerts with similar underlying actions

  • Redesigned the threat/false positive follow-up question card

  • Improved user navigation by adding "back" functionality to analyst cards

  • AskSalem improvements: authentication now uses client's key vault resources + improvements to the prompt formatting and configuration instructions

🔧 Fixed

  • Addressed redundant alert notifications caused by parallel alert processing

  • Remediated issue with the format of downloaded alerts

  • Corrected ActionConf naming to include context label

  • Removed requirement to enter a value on the Confirmed Threat/False Positive follow up card

Last updated