Week 41, 2022

New features

Microsoft Entra Risky user alert in User360 Overview

Azure AD monitors and alerts on a certain number of suspicious behaviors. That data can provide more context and identify risky users.

Oort now consumes that data and puts it front and center in our User360 view, including the name of the risky event as well as the risk level given to the user.

NB: In order to benefit from this feature, your user needs to be assigned an Azure Active Directory Premium P2 license.

Last data collection dates popup in User Activity view

Knowing when the data you are looking at was pulled from the source is critical when building a timeline during an investigation.

We now show that information in the interface for each of your integrations.

In the User Activity tab hover over the Last Data Collection button, popup will appear with a list of data collection dates for all integrations.

Improvements

Toggling columns for Users table

You might want to see more data in our users table, which is better related to the investigation you are performing. But too many columns can ruin readability.

This is why we have enabled columns toggling for the users table.

To customize the table, click on the “Columns” button in the table header, toggle the column options in the popup menu. Note that the options marked with Lock icon can not be toggled off.

Customized table settings are automatically saved when toggling columns on/off. If you’d like to get back to the default view, just click on “Restore default” at the bottom.

User Organization Information in Users table

Now that you can customize the users table, we can add more data for you to see!

User Organization Information such as Employee ID and ManagerLogin were added to Users table. The columns are hidden by default, but can be toggled on to show this data if needed.

Users Table sorting

When performing an investigation on the users list page, being able to sort the list according to the data in the columns can help prioritize.

You can now sort the users table according to a number of factors available.

By default, the table is sorted in ascending order by user name. To change the order or sorting parameter, click on the arrow icon in the respective column header. Sort will persist when applying filters and navigating between the Users table and User Details.

Last seen filter with custom values

When reviewing users in the users list, being able to filter on the last seen date can be useful.

Until now, this filter came with a set of pre-set values. We have now added the ability to customize the range of the filter.

Enter custom From and To values into inputs of the Last Seen Filter, activate filter by clicking on the checkbox. Now only users last seen from 1 to 6 days ago will be shown in the User table. Additionally, filtered users can be sorted in ascending or descending order by multiple parameters.

Show data type requirements in the Advanced Settings

Collecting certain data types required specific flavors of the service to be active (for example, Okta Identity Engine for Okta customers or P2 subscription for Azure AD customers), but this fact had no visual representation in the UI.

We now show specific data type requirements in the UI.

Logical operator switch for Query Input

As the users list page is one of the most important and used, we are taking search and filtering to the next level.

For some complex searches, being able to switch the logical operator can be incredibly useful.

For filters like Sources, IP Threats, And Providers, we added an ‘OR’/‘AND’ button on the Query input chips that will make admins able to switch for the needed operator.

Simply click on the operator to change it.

Bug fixes

• Filtering of users by application brought back only users that were actively using this app. This behavior was fixed to bring back all users assigned to an app instead.