IBM Security Resilient

Resilient Launches v35

By Chuck Schauber posted Fri November 22, 2019 01:07 PM

We are pleased to announce the launch and general availability of Resilient v35.  This release brings a lot of new and exciting functionality.  Below is the summary of the features.
Feature Description
EWS email support You can now configure an inbound email connection for EWS to support email connectivity to Microsoft Office 365. For more information, refer to Configuring an inbound email connection.
Export file When exporting Resilient settings to a file, the exported .res file is now provided within a zip file with the resz extension. Importing a .res file from a V34 Resilient platform is supported.
License Metrics The License Metrics feature displays Resilient user and action metrics across the Resilient platform. It requires special permission and is accessible from the System Settings option in the same Resilient menu as Administrator Settings. The initial user must be configured by Resilient Support for SaaS customers, or the Resilient command line interface for on-premises customers. Refer to the Resilient SOAR Platform System Administrator Guide for details.
MSSP enhancements

The MSSP add-on feature enhanced the ability to manage users in the Users tab. Specifically, administrators can manage user access to organizations, and deactivate or delete users. In addition, administrators can no longer assign roles when inviting users; instead, roles are assigned to groups and groups are assigned to users. Refer to the Resilient for MSSPs Configuration Guide for details.

Added support for the Analytics Dashboard in the global dashboard organization. The MSSP add-on now includes support for custom widgets and the incident list widget in the Analytics Dashboard page of the global dashboard. This provides the ability to perform analytics across all child organizations.

Time Tracking

Measure your team's operational performance to identify bottlenecks and areas for improvement by tracking the time spent on incidents, based on field values. The incident field values time tracking feature allows you to track the duration incident fields spend in a particular value. This You Tube video provides a demonstration.

In the Analytics Dashboard, you can use the Time Tracker widget to determine how much time an incident spends in each value (or collection of values) of a chosen field. For example, you can track how long incidents remain in each phase of the incident before moving to the next phase. For an example and an end-to-end view of how to configure time tracking, see the Knowledge Center tutorial Tutorial: Time tracking incident field states and to the Resilient SOAR Platform User Guide. A demonstration videois available on You Tube that shows how to create custom graphs for incident time tracking data.

For incident layouts, you can create fields that track the duration each incident spends on each value for that field. The fields must be Select or Boolean types. You can then add these fields along with the Timers Widget view in an incident tab. For example, you can configure the Phase field to track the duration an incident spends in each phase. Refer to the Resilient SOAR Platform Playbook Designer Guide for details.

Auditing enhancements Includes changes to activity fields in menu item rules. Ordered activities in automatic rules, rule ordering, rule conditions, workflows and message destinations are now audited.
Dark mode (beta) The user interface has been upgraded to use the latest version (v10) of the Carbon Design System to support viewing the Resilient platform in different themes, such as a dark theme. For more information about this feature, go to the Resilient Community page.
Threat Source Removed from the list of provided threat sources.
Security Updates The security update for this release addresses various security issues. For on-premises customers, consult your Resilient Installation Guide for the location of these updates. On-Cloud customers are updated automatically.

To learn more about Resilient v35, join our Dec. 3 webinar or watch the replay afterward at your convenience.