posted by marios

ClearSkies™ NG SIEM Version 6.2

Overview

In keeping with our principle “to fulfil our clients’ needs and exceed their expectations”, we are continuously revamping our platform with new innovative features and enhancements. Such features and enhancements are testament to our pioneering role in the uncharted territory for the early detection of and response to targeted attacks, data breaches and user suspicious/malicious behavior, by utilizing the power of Big Data Advanced Security Analytics.

What’s New in v 6.2

Several new features and functionality enhancements are introduced in this ClearSkies™ SaaS NG SIEM version 6.2 including:

New Features

Chatbot: Your friendly and intelligent virtual assistant “Argos[1]” embodies the new insightful chatbot functionality, promising not only to help customers accomplish more using ClearSkies™ SaaS NG SIEM and ClearSkies™ EDR Agent, but also to provide them with real-time live access to our helpdesk, including support engineers, Professional Services and Managed Security Services (MSS) analysts. Argos has the intelligence to guide users and empower them to make the most out of ClearSkies™ products.
New Help Module: A vastly restructured and enhanced Help module offering comprehensive search capability covering detailed help topics pertaining to the comprehensive functionality of the ClearSkies™ SaaS NG SIEM and ClearSkies™ EDR Agent.
Login Page Redesign: Redesigned from the ground up for a more pleasant look and feel.

[1] In Homer’s epic “The Odyssey”, Argos is Odysseus’s faithful dog who symbolizes loyalty.

Functionality Enhancements

Configuration Wizard: For facilitating initial and ongoing configuration and maintenance of ClearSkies™ SaaS NG SIEM, the Configuration Wizard was expanded to include access to more capabilities in this centralized control panel.
And more…

Important Notes

No special considerations applicable for this version.

New Features

“Home Page”

Chatbot

The “Chatbot” functionality was added as a floating drag-and-drop icon globally throughout the ClearSkies™ Secure Web Portal (SWP) interface. “Argos” functions as a virtual assistant, helping users accomplish more using ClearSkies™ SaaS NG SIEM and ClearSkies™ EDR Agent, while also providing them with real-time live access to our helpdesk, including support engineers, Professional Services and Managed Security Services (MSS) analysts. Argos is fully integrated with the latest guides, helping users/admins become experts in ClearSkies™ services with little effort.

The Chatbot is fully integrated with admin-user guides for comprehensive and targeted search results, as well as with WhatsApp for an additional live chat channel with our helpdesk, (support engineers, Professional Services, Managed Security Services (MSS) analysts).

Specifically, users can do the following when using Live Chat:

Converse with “Argos” the chatbot to carry out searches using keywords that correspond to section headings (anchors) and/or tags.
Have real-time chat with support engineers, Professional Services and Managed Security Services (MSS) analysts
Leave a message to our Helpdesk to be contacted at a later time, if in a hurry.
Call us using WhatsApp while remaining online.

“Top Menu”

Help

The Help module was redesigned from the ground up and enhanced, providing sidebar navigation through detailed help topics (search section headings (anchors) and/or content body keywords) pertaining to the comprehensive functionality of the ClearSkies™ Secure Web Portal (SWP).

“Magnifying Glass” Search

ClearSkies™ SaaS NG SIEM users can now carry out searches via the search “magnifying glass” TopMenu item using keywords that correspond to section headings (anchors) and/or tags.

“Login Page”

Login

The Login page were redesigned and enhanced with an animated background and improved look for an upgraded user experience. Additionally, the security questions in the initial sign up process have now become part of the Configuration wizard.

“About”

About

The “About” page (accessible through the ClearSkies clickable logo) was redesigned from the ground up and enhanced, providing sidebar navigation for an improved visualization and with updated information.

Enhancements

“ServiceModules”

Event Management

Incidents

In the “Alerts” tab of the “Evidence Logs” tab, all the information in an alert listing can now
be selected/highlighted and copied to be pasted as text.

Reports

Create

In the “Portal Data Reports” tab, under the “Incidents” category (in the “Categorization” section), the “asset” and “logsource” fields were added under the “Field Selector” and “Criteria Selector” sections.
The number of maximum results in “Log Data” and “Portal Data” Reports was increased to 100000.

Identity & Access

When selecting a Domain Controller, the “Monitoring Services Status” chart was replaced with the “Missing Patches” chart.
Important Note: ClearSkies™ NG Endpoint Detection & Response (EDR) Agent v6.3.0 is a prerequisite for this chart to display correct data.

“Admin”

Groups

In the “Users” and “Assets” tabs, in a user’s and/or asset’s “View” settings, when the “Set as default” action is clicked, a pop-up message was added asking for confirmation (Yes/No).

Asset Configuration

The user can now upload files (key, password, configuration etc. files carrying additional information) on certain Asset Configurations.

iCollector Management

The “RAW LOGS” settings were moved to the new “Raw Logs and Backup Methods” page.
iCollector Administration and Configuration in HA (High Availability) mode is now supported.

License Overview

In the “Type of Service” section, the label “LogData (Last Completed Day)” was renamed to “LogData for the current day”.

“Top Menu”

Show me how

“Show me how” was removed and replaced by the content of the new “HELP” TopMenu item.

Configuration Wizard

The “Compliance” step was redesigned. Additionally, in the second page, the new checkbox named “Enable” and the new fields named “Disclaimer” and “Image” were added.
In the first page of the “Users” step, a new column named “Portal Admin” was added. Additionally, in the second page, in “Details” section, a new checkbox named “Portal Admin” was added.
A new mandatory step named “Images & Disclaimers” was added.
In the third page of the “Reports” step, in the “Classification” section, a new field named “Image” was added.
A new mandatory step named “Security Questions” was added.
The following enhancements were implemented in the “Portal Admin” step:

1. The “Personal Information” section was renamed to “Details”.

- - The ordering of the fields was changed.
  - The “Email” field was brought to this section.

1. The “Contact Information” section was renamed to “Phones”.

- - The fields named “Email”, “Home Phone”, “Mobile Phone”, “Work Phone”, “Street”, “Area”, “Postal Code”, “Country” and “City” were removed from this section.

1. A new section named “Primary Login Location” was added containing the fields “Street”, “Area”, “Postal Code”, “Country” and “City”.
2. The “Alternative Logins” section was renamed to “Alternative Login Location”.

Feedback button

The feedback button was removed as it was made redundant by the Chatbot.

General

Several changes/enhancements were implemented in order to support an updated version of Checkpoint Threat Emulation Logs, Reports and Portlets.

Bug Fixes

This version resolves a number of stability and performance issues identified.

New Supported LogSources

Vendor	Product	Type of Collection
Cisco	Cisco Email Security (CEF)	Syslog
Cisco	Cisco Firepower IDS (eStreamer)	Syslog
Imagicle	Application Suite	Syslog
Arista	Arista Switches	Syslog
GoAnywhere	Managed File Transfer (MFT)	Syslog
Sophos	Web Application Firewall (WAF)	Syslog
Sophos	Advanced Threat Protection (ATP)	Syslog
Sophos	Sophos Antivirus	Syslog
Sophos	Sophos Anti-Spam	Syslog

Share Tweet Share

Cookie	Description
_dc_gtm_UA-110097014-1
_ga	This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, camapign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assigns a randoly generated number to identify unique visitors.
_gcl_au	Used by Google AdSense for experimenting with advertisement efficiency across websites using their services.
_gid	This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the wbsite is doing. The data collected including the number visitors, the source where they have come from, and the pages viisted in an anonymous form.
GPS	This cookie is set by Youtube and registers a unique ID for tracking users based on their geographical location

Cookie	Description
_fbp	This cookie is set by Facebook to deliver advertisement when they are on Facebook or a digital platform powered by Facebook advertising after visiting this website.
fr	The cookie is set by Facebook to show relevant advertisments to the users and measure and improve the advertisements. The cookie also tracks the behavior of the user across the web on sites that have Facebook pixel or Facebook social plugin.
IDE	Used by Google DoubleClick and stores information about how the user uses the website and any other advertisement before visiting the website. This is used to present users with ads that are relevant to them according to the user profile.
test_cookie	This cookie is set by doubleclick.net. The purpose of the cookie is to determine if the users' browser supports cookies.
VISITOR_INFO1_LIVE	This cookie is set by Youtube. Used to track the information of the embedded YouTube videos on a website.
YSC	This cookies is set by Youtube and is used to track the views of embedded videos.