Week 17, 2023
Building on last weekβs release of Oort advanced query language, weβve released even more platform capabilities for our power users. Weβve got more filters in the networks tab, more check customization options, and autocomplete options for the advanced query language.
Enjoy!
π New Filters in Networks Tab
This week, weβve made it even easier to create queries that drill down into IP addresses associated with your users. By clicking into the side drawer, you can easily pivot on different IP data fields, including City, State, Country, ASN, ASN Domain, ASN Type, ASN Country, Source, and Tags. Clicking into any of these tags will apply that filter to the User Networks page. For example, you can search across all IP addresses related to a specific city for a given user.
Furthermore, when selecting βSee IP Infoβ from other areas of the Oort Platform, youβll be directed to the Networks Tab with the additional context in the side drawer shown by default.
π Autocomplete Advanced Queries
Last week, we introduced Advanced Query mode within the Users tab, which enables you to create simple but powerful queries that answer critical questions about your identity population.
In this weekβs release, weβve introduced an autocomplete option that provides a drop-down list of possible filter types. To activate this, first, make sure you are in βAdvancedβ mode by selecting that button in the search bar. Next, type βControl+Spaceβ and it will populate all possible filters. This will make it easy to build detailed queries youβre interested in.
βοΈ Customize Checks
For every check we introduce, we spent a long time tuning it to make sure the noise-to-signal ratio is in your favor. However, we understand that sometimes you have your own preferences that you may want to have customization for. For this reason, many of the checks in the platform have the ability to βCustomize Check Settingsβ.
As some of these can get more complex, weβve updated the user interface to make it simple to toggle these settings and input values. If the value you enter cannot be supported, youβll receive an error message so itβs clear. With these changes, it will enable you to better customize the powerful checks to your needs.
π Wizer Videos Provide Additional Context on Oort Insights
All Oort insights include a description of the issue and recommended actions, which help you understand why we think it is a risk and what you should do to remediate it. Wizer, a provider of security awareness training, has some excellent short videos that help to explain the risks of identity threats (like session hijacking and MFA flooding) and posture issues (like lack of MFA). We have now included these short videos within the Check Description to provide additional context for any of the relevant checks.
These Wizer videos are also available to impacted users in Slack. For example, if Oort detects a user with no MFA configured, you can automatically have a Slack message sent to that user. These built-in security training videos help users understand why they should prioritize fixing this issue.
Bug Fixes and Minor Improvements
Collection Failures. Users will now receive a notification that links to the System Logs page to diagnose the issue quickly.
System Logs. Log streaming targets now appear successful in System Logs.
Salesforce Integration. Terminology in Salesforce credential settings is changed from βclient key/secretβ to βconsumer key/secret to reflect Salesforce terminology better. You will also see a βBetaβ tag on the Login History and Geolocation field types.
Last updated