Week 17, 2023
Building on last week’s release of Oort advanced query language, we’ve released even more platform capabilities for our power users. We’ve got more filters in the networks tab, more check customization options, and autocomplete options for the advanced query language.
🌐 New Filters in Networks Tab
This week, we’ve made it even easier to create queries that drill down into IP addresses associated with your users. By clicking into the side drawer, you can easily pivot on different IP data fields, including City, State, Country, ASN, ASN Domain, ASN Type, ASN Country, Source, and Tags. Clicking into any of these tags will apply that filter to the User Networks page. For example, you can search across all IP addresses related to a specific city for a given user.
Furthermore, when selecting “See IP Info” from other areas of the Oort Platform, you’ll be directed to the Networks Tab with the additional context in the side drawer shown by default.
🔎 Autocomplete Advanced Queries
In this week’s release, we’ve introduced an autocomplete option that provides a drop-down list of possible filter types. To activate this, first, make sure you are in “Advanced” mode by selecting that button in the search bar. Next, type “Control+Space” and it will populate all possible filters. This will make it easy to build detailed queries you’re interested in.
⚙️ Customize Checks
For every check we introduce, we spent a long time tuning it to make sure the noise-to-signal ratio is in your favor. However, we understand that sometimes you have your own preferences that you may want to have customization for. For this reason, many of the checks in the platform have the ability to “Customize Check Settings”.
As some of these can get more complex, we’ve updated the user interface to make it simple to toggle these settings and input values. If the value you enter cannot be supported, you’ll receive an error message so it’s clear. With these changes, it will enable you to better customize the powerful checks to your needs.
🌐 Wizer Videos Provide Additional Context on Oort Insights
All Oort insights include a description of the issue and recommended actions, which help you understand why we think it is a risk and what you should do to remediate it. Wizer, a provider of security awareness training, has some excellent short videos that help to explain the risks of identity threats (like session hijacking and MFA flooding) and posture issues (like lack of MFA). We have now included these short videos within the Check Description to provide additional context for any of the relevant checks.
These Wizer videos are also available to impacted users in Slack. For example, if Oort detects a user with no MFA configured, you can automatically have a Slack message sent to that user. These built-in security training videos help users understand why they should prioritize fixing this issue.
Bug Fixes and Minor Improvements
- Collection Failures. Users will now receive a notification that links to the System Logs page to diagnose the issue quickly.
- System Logs. Log streaming targets now appear successful in System Logs.
- Salesforce Integration. Terminology in Salesforce credential settings is changed from “client key/secret” to “consumer key/secret to reflect Salesforce terminology better. You will also see a “Beta” tag on the Login History and Geolocation field types.