Week 5, 2024

Check Explainability Enhancements

We consistently strive to enhance the context we offer around our Checks, and this release is no different as we focus on enhancements around check explainability. For Checks like ‘Sign-in from Recently Created IDP’, ‘ Activity From Untrustworthy ISP’, and ‘Registered Location Mismatch’ you will now find additional attributes that are parsed and filterable. Clicking on any of the filterable fields allows you to pivot to the respective filtered activity screen for further investigation.
In the ‘Unusual Repo Access’ check, You will now explicitly see the list of repositories the user has interacted with in the explainability drawer. This provides further visibility not only into the atypical pattern but helps identify the repositories associated with the atypical behavior for further investigation into the user’s activity and whether the user should be accessing these specific repositories.

Latest Oort Bot Enhancements in Slack

We are constantly improving the capabilities of our Oort Bot for Slack. In this release, we have introduced enhancements related to relative date ranges for the ‘Network’ and ‘Remediation History’ commands. You now have two options for selecting the date on these actions. You can either ‘pick a start date’, which opens a calendar for selecting the date, or you can ‘pick from a relative date range, allowing you to choose a date relative to the current time. i.e 7 days, 14 days, etc. This enables you to pinpoint the information you want to see from the platform via Slack.

Azure Phone Factor Change Detection

As part of our continuous commitment to enhancing visibility for our supported Identity Providers (IDPs), we now offer insight into Azure AD phone change events by displaying the phone change history on each user’s factor. This insight is crucial as it provides further clarity in cases where a phone number has been changed, indicating a potential compromise of the account.

Bug Fixes and Minor Improvements

  • Sensitive apps on the dashboard. Bug fix around how sensitive applications are displayed on the dashboard. We will no longer auto-discover sensitive apps if configured by the user.
  • Full/Partial compliance filter for large tenants. Bug fix around the filtering of Full/partial compliance for large tenants.
  • Last Reported improvements. ‘Last Reported’ date column is now added to the check failing users table in addition to the ‘First Reported’ date column. You will now also see ‘Last Reported’ in check explainability.
  • ipinfo details on Azure audit events. Bug fix around ipinfo details not showing as tags for the ‘self-service password reset flow activity progress’. Now we correlate the ip from the admin audit events with the ipinfo. It will also now trigger the IP threat detected check.