Week 41, 2023

Come, gather, and read about all of Oort’s goodness we’re releasing to you this week!

✅ Mark Individual Observations as Interesting

In last week’s release, we introduced the concept of “observations” that make up our Checks. For any check, there may be multiple observations made by Oort and you can view these within the User Profile’s Checks tab.
Typically, you’re able to “Resolve” the check for a user if you mark the check as normal behavior. However, given that there may now be multiple observations, you may wish to make some as normal behavior and others as not. With this release, you can give feedback for each observation to either “Mark as interesting” or “Mark as normal behavior”. The check will only be resolved if you mark all observations as normal.

🎯Access More Detail on User Activities

The Activity Tab in the User 360 profiles is one of the best places in the dashboard to investigate a user. In this table, you can scroll through a history of all events associated with that user, with each row displaying the most pertinent information for the event. Clicking into the row will give you access to the full, raw data behind the event.
With this release, we’ve beefed up the context you see within the “Target” column of the table. This means that you can better identify the target application, group and other factors without clicking to view the raw data.

⚙️Added Collection for Duo Advanced

We’ve added the Endpoints data type to our Duo integration. These endpoints refer to “the laptops, desktops, tablets, mobile phones, and other devices where your end users access Duo protected applications and services, as well as 2FA Devices, which are the enrolled phones and other mobile devices where users approve Duo authentication requests.” These are all incredibly helpful data points to associate with your identities, and provide even greater visibility.
Duo Advanced customers will be able to access this data type. In Oort, this will be disabled by default, but you can enable it by going to Integrations - Duo - Edit Settings - Advanced Settings.
Bug Fixes and Minor Improvements
Exclamation Points in Webhook URLs. Exclamation points are now supported for the URL field in the Webhook settings. Go to Integrations - Webhooks to learn more.
Risky Sign In. The default ignore list for risky sign ins has been updated.