Change Logs
The CyFlare SOC Change Log Updates page comprehensively records all modifications and enhancements to the CyFlare Security Operations Center (SOC) platform. Stay informed about the latest improvements and changes that impact your cybersecurity strategy and SOC operations.
Update Category | Completed Items |
Playbook Enhancement | Alfie Insights
|
Other | The SOC has also enabled and built custom integrations for the following CyFlare Services offerings:
|
Update Category | Completed Items |
New Playbook |
|
Playbook Enhancement | Gen-AI use cases were implemented for the following playbooks:
|
Alert Tuning |
|
New Detections |
|
Update Category | Completed Items |
New Features | New Automation Use Case:
AI use-case within SOC incidents:
Exempt Sites for EDR customers:
|
New Detections |
|
New Playbooks | XDR Alert types that now have a dedicated playbook for each detection making the triage and escalation workflow catered towards the type of activity:
|
Playbook Enhancement |
|
Date of Update | Completed Items |
07/01/2024 | New Detections: XDR Rules
|
07/01/2024 | Playbook Enhancement:
|
07/02/2024 | Playbook Enhancement:
|
07/03/2024 | New Playbooks: XDR
|
07/04/2024 | Playbook Enhancement:
|
07/09/2024 | Playbook Enhancement:
|
07/15/2024 | New Playbook: Microsoft 365
|
07/16/2024 | Playbook Enhancement:
|
07/19/2024 | Playbook Enhancement:
|
07/25/2024 | New Playbook:
|
Date of Update | Completed Items |
06/03/2024 | New Detections: XDR Rules
|
06/04/2024 | Playbook Enhancement:
|
06/09/2024 | Alert Tuning:
|
06/10/2024 | New Detection:
|
06/12/2024 | New Detection:
|
06/14/2024 | New Playbook:
|
06/16/2024 | New Detection:
|
06/18/2024 | Playbook Enhancement:
|
06/19/2024 | Playbook Enhancement:
|
06/24/2024 | Playbook Enhancement:
|
06/27/2024 | New Playbook:
|
Date of Update | Completed Items |
05/01/2024 | New Feature: CISA Vulnerability Scanners
|
05/06/2024 | Alert Tuning: Suspicious User Agent Detection
|
05/08/2024 | New Detection: User Impossible Travel Anomaly
|
05/08/2024 | Playbook Enhancement: Google Workspace Phishing
|
05/14/2024 | Playbook Enhancement: Creation of forwarding and redirect rule
|
05/17/2024 | New Detection: Google Workspace Suspicious Login
|
05/20/2024 | Other: Improved Client knowledge base category for Vulnerability Scanners
|
Date of Update | Completed Items |
04/01/2024 | New Detection: Google Workspace – 7 New Detections
|
04/02/2024 | Playbook Enhancement: Conditional Access Blocked Login
|
04/03/2024 | New Feature: Improved metrics around Critical alerts
|
04/03/2024 | New Feature: Recorded Future connector
|
04/05/2024 | Other: Upgraded XDR Integration with SOAR
|
04/08/2024 | Playbook Enhancement: Revamped SentinelOne playbook
|
04/09/2024 | Playbook Enhancement: Improved logic for SSH Brute-force activity
|
04/15/2024 | Playbook Enhancement: Improved logic for multiple XDR alert types
|
04/19/2024 | Playbook Enhancement: Improved logic for Azure AD Risk Detection
|
04/23/2024 | New Detection: Google Workspace – 6 New Detections
|
Date of Update | Completed Items |
03/14/2024 | New Detection: Exfiltration and Tunneling Tools Execution
|
03/14/2024 | New Detection: Data Exfiltration to Text Storage Sites and Cloud Storage
|
03/14/2024 | New Detection: DNS Exfiltration Tools Execution Detected
|
03/14/2024 | Alert Tuning: Malware Activity – Microsoft related Activity
|
03/15/2024 | Alert Tuning: Public to Private Exploit Anomaly
|
03/18/2024 | Template Update – The following template updates were implemented to reflect our improved formatting:
|
03/28/2024 | Playbook Enhancement: Bad Reputation Anomaly
|
03/29/2024 | New Detection: Potential APT29 Related Scheduled Tasks
|
03/29/2024 | New Detection: Potential Raspberry Robin CPL Execution Activity
|
Date of Update | Completed Items |
02/02/2024 | Alert Tuning: Multiple Users Deleted
|
02/03/2024 | Alert Tuning: Exploit Anomalies | Malware/Trojan Activity
|
02/05/2024 | Playbook Enhancement: Potential Shell Shock User Agent Request
|
02/07/2024 | Alert Tuning: Anomalous DC Sync
|
02/08/2024 | New Detection: Azure User Added to Global Admin Group
|
02/12/2024 | New Feature: Indicators of Compromise now Non-Clickable
|
02/14/2024 | Alert Tuning: User Impossible Travel
|
02/21/2024 | Alert Tuning: Malware Activity Flagged from Microsoft Updates
|
02/21/2024 | Alert Tuning: Trojan Activity Benign Signatures
|
02/26/2024 | Template Update: The following template updates were implemented to reflect our improved formatting:
|
02/27/2024 | New Detection: Potential ScreenConnect Vulnerability
|
Date of Update | Completed Items |
01/03/2024 | Alert Tuning: Public to Private Exploit Anomaly
|
01/04/2024 | New Feature: Temporary Suppression per Entity
|
01/06/2024 | Playbook Enhancement: Okta Login Outside the US
|
01/10/2024 | Alert Tuning: Malware Activity & Exploit Anomaly Logic
|
01/11/2024 | Alert Tuning: Exploited Command and Control Connection Logic
|
01/12/2024 | Playbook Enhancement: External Malware Activity
|
01/16/2024 | New Feature: Alert Grouping for SentinelOne Threats
|
01/25/2024 | Playbook Enhancement: User Success Brute-Forcer CKB Lookup
|
01/25/2024 | Playbook Enhancement: SentinelOne Playbook Logic Re-Vamped
|
01/28/2024 | Alert Tuning: Azure AD Risk Detection
|
01/29/2024 | Alert Tuning: Password Spray Playbook
|
01/30/2024 | New Feature: Entity Hunter (Beta)
|
Date of Update | Completed Items |
12/04/2023 | Playbook Enhancement: Vulnerability Scanners in Exploit Attempt Detections
|
12/05/2023 | Playbook Enhancement: IP Location Lookup
|
12/08/2023 | Playbook Enhancement: CISA Vulnerability Management IPs
|
12/08/2023 | Playbook Enhancement: Successful Logins Outside the US
|
12/13/2023 | Playbook Enhancement: User Success Brute-Forcer (IPv6 Check)
|
12/13/2023 | Playbook Enhancement: Multiple Login Failures from One Source IP
|
12/15/2023 | New Detection: Password Spray
|
12/15/2023 | New Detection: Port Scan TSA
|
12/15/2023 | New Detection: IDS Signature Spike
|
12/19/2023 | New Detection: DarkTrace Stellar Integration
|
12/19/2023 | Playbook Enhancement: Device Management and Condition Check
|
12/21/2023 | Playbook Enhancement: Office 365 Content Filtering Policy Changed
|
12/24/2023 | New Feature: Custom Python Functions
|
Date of Update | Completed Items |
11/03/2023 | New Feature: SOAR monitoring for XDR log ingestion
|
11/06/2023 | Gen AI: Launched within SOAR
|
11/07/2023 | Ticket Templates Revamped: Project Update
|
11/08/2023 | Playbook Enhancement: Improved utilization of Client Knowledge Base
|
11/16/2023 | Template Update: Ticket Template updated for Exploit Anomalies
|
11/16/2023 | New Playbook: M365 Defender
|
11/21/2023 | Playbook Enhancement: External User Success Brute-force Anomaly
|
11/22/2023 | Template Updates: New Ticket Templates
|
11/23/2023 | Playbook Enhancement: Change to Login Outside the US Alerts
|
11/24/2023 | Template Update: Change to Subject Line for Escalated Tickets
|
11/28/2023 | Playbook Enhancement: M365 Defender using GlueBook Functionality
|
Date of Update | Completed Items |
10/02/2023 | Playbook Enhancement: DPAPI Domain Backup Key Extraction
|
10/03/2023 | Response Action: Microsoft Defender
|
10/04/2023 | Playbook Enhancement: Suspicious PowerShell Script Detection
|
10/04/2023 | Playbook Enhancement: Office365 Successful Login outside the US
|
10/05/2023 | New Detection: Multiple Users Deleted
|
10/09/2023 | Playbook Enhancement: Azure XDR Successful Login outside the US
|
10/10/2023 | New Detection: Multiple Failed Login Attempts from One Source/Destination/Workstation
|
10/11/2023 | Playbook Enhancement: Get Hash from String
|
10/12/2023 | Playbook Enhancement: External Malware Activity
|
10/13/2023 | New Detection: Azure AD Sign in from AzureHound
|
10/19/2023 | Revamped Ticket Templates
|
10/23/2023 | Playbook Enhancement: Improvement to Sophos Escalation
|
10/25/2023 | SLA Change
|
10/26/2023 | Revamped Ticket Templates (Continued)
|
10/27/2023 | Alert Tuning: Suspicious PowerShell Script – SentinelOne Related Detections
|
Date of Update | Completed Items |
9/4/2023 | Alert Tuning: Abnormal Parent-Child Process
|
9/4/2023 | Playbook Enhancement: O365 – Malicious URL Clicked
|
9/4/2023 | Alert Tuning: Suspicious User Agent Detection
|
9/4/2023 | Alert Tuning: Cold Fusion Vulnerability
|
9/5/2023 | New Detection: Suspicious Process Creation Commandline Detection
|
9/5/2023 | Template Update: CrowdStrike: Disable or Modify Tools
|
9/6/2023 | Playbook Enhancement: Azure AD Risk Detections
|
9/6/2023 | Playbook Enhancement: Azure Login Outside the US
|
9/6/2023 | Playbook Enhancement: Custom Sophos EDR Detections in Stellar
|
9/12/2023 | Template Update: Applied a Fix for Critical IR Cases
|
9/14/2023 | Playbook Enhancement: Office365 and Azure – Successful Login outside the US
|
9/21/2023 | Playbook Enhancement: Modified External User Success Brute-force Anomaly
|
9/25/2023 | Playbook Enhancement: Google Workspace Phishing Alert
|
9/25/2023 | Playbook Enhancement: SentinelOne (Endpoint Isolation)
|
9/25/2023 | New Feature: Critical Incident Handler Emails
|
9/27/2023 | New Detection: Suspicious PowerShell Script Detection
|
9/27/2023 | New Detection: Kerberos Replay Attack Detected
|
9/27/2023 | New Detection: SoftPerfect Network Scanner Execution
|
9/29/2023 | Playbook Enhancement: Malware Activity
|
9/29/2023 | Playbook Enhancement: Possible Impacket SecretDump Remote Activity
|