Release Notes

Version 6.0.0 (May 2026)

  • Added support for Custom Alert creation.

    • Introduced a dedicated page for creating custom alerts in Cyences.
    • Alerts created from this page will be automatically reflected in the Cyences application dashboards.
    • This feature simplifies alert management by enabling easy alert creation and improving visibility through Cyences dashboards.

  • Updated design of cyences configuration page.

    • Enhanced the overall UI design and layout of the Cyences Configuration page.
    • Improved the user experience with a cleaner and more organized interface for easier navigation and configuration management.
    • Added important fields for each product on product setup page to validate incoming data.

  • New Integration for Delinea PAM

    • Alerts

      • Delinea PAM - Multiple Failed Logins by User
      • Delinea PAM - Multiple Secret Edit Activity by User
      • Delinea PAM - Login outside Working Hours
      • Delinea PAM - Spike in Secret Retrieval
      • Delinea PAM - Manual Password Reveal
      • Delinea PAM - Secret Permission is Edited

    • Dashboard Panels

      • Actions Over Time
      • Login Details
      • Logins by Location
      • Secret View Activity Details
      • PAM events
      • Logins outside Working Hours
      • Manual Password Reveal
      • Secret Permission is Edited

  • Added new alerts for CrowdStrike

    • CrowdStrike - Incident is Reported
    • CrowdStrike - Identity Anomalies Detected
    • CrowdStrike - DLP Violations Detected

  • Added new alerts for Linux

    • Linux - Multiple Failed SSH Logins
    • Linux - Possible Access to Credential Files
    • Linux - Root Filesystem Deletion Attempt
    • Linux - System Request (SysRq) Abuse Detected
    • Linux - Outbound Connections to High-Risk Ports

  • Added new alerts for O365

    • Azure AD - User Account Self-Unlock
    • O365 - Malicious File Detected in SharePoint
    • O365 - Suspicious Email Detected
    • O365 - Spoofing Attempts Detected
    • O365 - Multiple Password Reset Attempts
    • O365 - Successful Login After Multiple Failed Attempts
    • O365 - Defender XDR Detection
    • O365 - Risky User Detected

  • Added new alerts for Authentication

    • Authentication - Multiple Failed Logins by User

  • Added new alerts for Windows

    • Windows - Multiple Host Login Failures by User
    • Windows - Logins to multiple systems from the same IP
    • Windows - Logon using built-in Administrator accounts
    • Windows - PowerShell Encoded Command Detected
    • Windows - Scheduled Task Started or Deleted
    • Windows - RDP Login Attempts Outside Working Hours
  • Added functionality to send email of notable event details from forensics dashboard.
  • Added support of o365 messagetrace sourcetype: o365:graph:messagetrace

  • Added support of oracle text format logs.

  • Enhancements

    • Added Linux Package Details panel in linux dashboard.
    • Change in Storage for notable event details to index instead of lookup.
    • Added user-agent and device field for office 365 authentication alert.
    • Updated frequency of following alerts to run every 15 minutes:
      • Kaspersky - Critical Host Found
      • Defender ATP - Alerts
      • Defender ATP - System is Offboarded
      • Defender ATP - System is not Connected since a Week
      • Windows Defender - RealTime Protection Disabled or Failed
      • Windows Defender - Malware Detected
      • Trendmicro - Agent Removed by Non-Admin User
      • Trendmicro - Ransomware Behavior Detected
      • Trendmicro - Remote Shell Used by Non-Admin User
      • Trendmicro - Deletion of Critical Security Artifacts
      • Trendmicro - Critical Observed Attack Technique Detected
      • Fortigate - DNS Sinkhole
      • Fortigate - High Threats Alert
      • Palo Alto - DNS Sinkhole
      • Palo Alto - High Threats Alert
      • Palo Alto - High System Alert
      • Palo Alto - WildFire Alert
      • Sophos Firewall - Lost Connection to Sophos Central
      • Sophos Firewall - VPN Tunnel Down
      • Sophos Firewall - Gateway Down
      • Sophos Firewall - Advanced Threat Detected
      • F5 BIGIP - Not Blocked Attacks
      • Imperva WAF - High volume of attacks from a source IP
      • Imperva WAF - Not Blocked Attacks

  • Bug fixes

    • Updated multiple failed logins by user alert to exclude unknown source and destination.
    • Fixed oracle dashboard query to handle null values.
    • Made email case insensitive in Calculate UpperBound for Spike In Emails alert.
    • Fixed field extraction issue for mssql:audit sourcetype.
    • Added eventtype of fortigate TA to override it.

Upgrade Guide from 5.4.0 to 6.0.0

  • Onboard Delinea PAM logs to utilize the related alerts. For more details, refer to Delinea PAM Data Onboarding
  • To use o365:graph:messagetrace sourcetype, Upgrade office 365 app.

Table of contents

Copyright © 2024 CrossRealms International.

This site uses Just the Docs, a documentation theme for Jekyll.