This release note outlines the latest updates, enhancements, and bug fixes for the Mandiant SecOps Integrations (MSI) service.
Enhancements
- Trend Micro Vision One v1: Exposed the Alert Field Mapping configuration in the web interface, allowing users to customize which fields are used for alert data. Default mappings are still provided.
- Enabled support for SSL certificate authentication for the following integrations:
- Exabeam Cloud v1
- Splunk v1
- Splunk v2
- Added titles to the default queries for the following integrations:
- Google BigQuery v1
- Logzilla v1
- Microsoft Defender ATP v1
- Security Onion v1
- Trellix Enterprise Security Manager v2
- Trellix Enterprise Security Manager v1
- Trellix Helix v1
Bug fixes
- Cybereason v1: Fixed an issue where Default Malware Queries were not displaying, which prevented the integration from being saved. This was due to incorrect model typing for the malware queries field.
- Google Cloud Logging v1: Fixed an
AttributeErrorthat occurred during health checks when a Service Account JSON was provided as a string instead of a parsed object. The integration now correctly handles the JSON input. - LogRhythm Elastic v1: Removed invalid
0values from the default field mapping, which caused errors when saving the integration. - Microsoft Graph API v1: Corrected the expansion of
%HOSTNAMES%and%IPS%variables when multiple values are present. Each value in the list is individually single-quoted, ensuring correct query syntax, - Trellix Helix v1: Resolved an integration failure caused by incorrect authentication scopes.
- Framework: Resolved an issue preventing integrations with proxies from being saved or edited.
