Hello there

Please find below our monthly newsletter that focuses on features and integrations, and other relevant information.

In this latest edition, we have 5 new features, 2 new integrations and 5 updates to share with you and these, along with all of the previous enhancements, are available in our latest m42 release.

  • New Features
    • Active Directory via LDAP
    • Audit Log Management/Transmission using Syslog
    • System Dashboard
    • Password Policy
    • Scheduling Support for Stream execution
  • Feature Enhancements
    • Retrieval of flow execution results using API
  • New Integrations:
    • nmap command
    • nmblookup command
  • Integration Enhancements
    • Anomali: New Actions
    • Case Management: New actions to get the attachment to submit for sandbox
    • IMAP: Jinja template input for label actions
    • Zscaler: Apply and remove a custom category to a URL, domain, or IP

We hope you find this useful! Questions? Please reach out to us at:
questions@logichub.com


New Features

Active Directory via LDAP (New)

We’ve removed the need for additional cumbersome jump servers to be able to pull data directly from Active Directory with this brand new feature. Now you can connect directly.

Further information on this feature can be found here: Using LDAP to Authenticate


Audit Log Management/Transmission Using Syslog (New):

By popular demand, we’ve added audit logging as a feature and the ability to forward these logs to a destination of your choice utilizing Secure Syslog. In the image below, you will see that you can now choose where you want the logs sent, over which port, the message format type and whether you wish to use TLS encryption!

This feature allows for the ability to rapidly search and provide logs to your audit/compliance and or your security teams as needed. By utilizing the Secure Syslog forwarding feature, this also enables you to fulfill any retention requirements that you may have in a destination of your choosing.

Further details can be found here: Sending Audit Logs via Secure Syslog


System Dashboard (New)

You want to see the effectiveness of your deployment. The system dashboard conveys key metrics of your SOAR automation platform.

  • Currently, there are nine widgets in the dashboard:
    • Time Saved - Based on the number of nodes executed, assuming each node saves two minutes.
    • Dollars Saved - Based on the number of nodes executed, assuming each node saves two minutes and each hour saves USD $50.
    • MTTR - Mean Time in Resolving Cases
    • Alerts Triaged - Number of AlertTriage Operator nodes executed.
    • Integrations Used - Number of integration products currently connected to.
    • Data Ingested - Volume of Data Ingested
    • Cases Created - Number of Cases created on LogicHub on daily basis
    • Case by Status - Breakdown of Cases Based on Status
    • Flows Executed - Number of flows executed on a daily basis

More details on the dashboard can be found here: View Activity on the Dashboard


Password Policy (New)

In this release we’ve introduced the ability to set a password policy that matches your corporate environment’s security policy for password. This includes the ability to enforce the following:

  • A minimum length with the default = 8
  • A minimum number of
    • Alpha characters
    • Uppercase characters
    • Lowercase characters
    • Numeric characters
    • Special characters
  • Historical password tracking (ie you can’t reuse of the last x number of passwords)
  • Account Lockout Functionality
  • Password Expiration Enforcement

Further details can be discovered at Setting Password Policies & Parameters


Scheduling Support for Stream Execution (New)

You can now schedule streams to run at the time you wish! As can be seen here, you simply need to plug in the time parameters (using a cron style format) and a few other details and you’re done.

Further details can be found here: Stream Scheduling


Feature Enhancements

Retrieval of flow execution results using API

The LogicHub API now offers the ability to pull the status of individual stream batches with an ID that is returned when calling the webhook.

In the configuration of a Stream, there is a toggle for On-Demand, when flipped a webhook URL is generated. This URL is used to invoke a stream, pull a batch’s status and pull batch results.

More details can be found here: Execute Flow with Webhook


New Integrations

Nmap Command (New)

New Action:

  1. Nmap Action

You are now able to run Nmap ("Network Mapper"), the free and open source (license) utility for network discovery and security auditing, in order to probe a host in your environment.


nmblookup Command (New)

New Action:

  1. nmblookup
  2. nmblookup IP

The NetBIOS integration has been updated to use nmblookup, replacing nblookup. It is used to query NetBIOS names and map them to IP addresses in a network using NetBIOS over TCP/IP queries.

Further information on this feature can be found here: Using LDAP to Authenticate


Integration Enhancements

Anomali: New Actions (Enhancement)

New Action:

  1. Create Threat Model Entity
  2. Update Threat Model Entity
  3. Get Intelligence
  4. Get Model Description
  5. Get Reputation of observable
  6. Get Submission Report
  7. Get Submission Status
  8. Get List of Models
  9. Submit File or URL
  • With the Anomali Threat Intelligence Platform (TIP) integration, you’ll be able to leverage their cyber threat intelligence to identify and prioritize critical threats to your organization and automatically submit and retrieve reports on submitted samples. You can submit a URL or file for analysis, create a threat model entity, as well as query for reports. For example, in a Phishing Triage flow, you would be able to automatically submit any URLs or attachments in the e-mails to be analyzed by Anomaly TIP

  • Case Management: New Actions to get the Attachment to Submit for Sandbox

    (Enhancement)

    New Action:

    1. Get Attachment
    2. Get Case Attachments

    The Case Management integration now offers new actions to get case attachments into a flow so that actions can be performed against those files, i.e. submission to a sandbox.

    In addition to those actions, a third action was created to add files to a case from within a flow.


    IMAP: Jinja template Input for Label Actions (Enhancement)

    Updated actions:

    1. Add Labels
    2. Remove Labels
    3. Replace Labels

    When applying “Labels” to emails, previously it was only possible to use a static value for the label. It is now possible to use dynamic values from a table with the use of Jinja templating.


    Zscaler: Apply and Remove a Custom Category to a URL, Domain, or IP

    (Enhancement)

    New actions:

    1. Get URL Categories
    2. Add URL/IP/Hostname to Category
    3. Remove URL/IP/Hostname from Category

    As always, we have more exciting features coming next month, so look out for the December edition of our Customer Newsletter which will be out the first week of December.



    Regards,

    Hamish Talbot
    Director Customer Success
    LogicHub, Inc.

    Questions? Please email us at: questions@logichub.com
    Technical Support: support@logichub.com

    Download PDF