20221007.9
Date | |
|---|---|
Focus | Policy Engine and expanding our integrations to Splunk Enterprise, Splunk Phantom |
What’s New!
Policy Engine
The objective of this feature is to provide a flexible interface to define policies for acceptable and unacceptable DNS traffic.
Will help to automatically take the action to either “Allow” or “Block” given traffic, based on over two dozen criteria types (including but not limited to Domain, Open Ports, IP Country as a few examples).
Flexible and/or logic can be applied, to string criteria together
Implements automation, to reduce the data that would otherwise require manual sifting, which in turn will save time.
Integrations
Splunk Enterprise
HYAS Protect for Splunk allows a Splunk® Enterprise administrator to run Protect queries from an included dashboard, as well as through search commands.
Splunk Phantom
HYAS Protect for SOAR/Phantom implements investigative actions that return HYAS Protect Verdict for the given Indicators
Bug
A few domains were incorrectly blocked due to the host portion of FQDNs - particularly ones related to SSL certificates.
Resolution: Tuning was performed to adjust to the incoming false positives and should no longer pose a problem.