Release Notes - About Release 71.00.00 - May 28 2023

Release Notes - About Release 71.00.00 - May 28 2023

Release Notes - About Release 71.00.00 - May 28 2023


About Release 71.00.00
  • Document revision: A
  • Release date: May 28, 2023
Main features and enhancements

This release includes multi-language templates and campaigns, Investigation log support for "presumed safe" emails, automatic classification of Junk-only incidents for Google Workspace, new and improved first-time login process, and more.

Area Feature
Simulation & Training Multi-language support for Phishing Simulation templates
Enhanced template layout and Domain dropdown list
Customize name of duplicate template
Incidents Sender Relationship Assessment
Limit incident clustering to 1 year
Auto-classify junk-only incidents for Google Workspace
Investigation View "presumed safe" emails in the Investigation log (BETA)
Tooltip showing the email's delivery time
Documentation Documentation updates

Content summary

This section lists the main functionality updates, features and enhancements implemented in this release.

(IC-24344, IC-25219, IC-25222) Multi-language support for Phishing Simulation templates

We’re happy to announce that we’ve implemented support for multi-language templates in Phishing Simulation campaigns. This new capability will simplify the campaign creation process and help ensure that each campaign participant gets the campaign email or SMS message in their language.

This capability has been implemented both in the Campaign Setup wizard and the template creation process.

Template definition updates:
  1. When creating the new template, select the relevant languages:
             A dedicated tab is added for each selected language
  1. In each tab, craft the template's sender details, hints and body in the desired language.
  2. Save the template.
  • Preview template languages:Each template's supported languages are displayed on the Templates page. This also reduces clutter since now you will see a single template that covers multiple languages, instead of having duplicates of each template for the different languages. Click to expand:
  • Campaign Setup updates:

    In the Campaign Setup screen, we've added a Language by mailbox checkbox. Select it to tell IRONSCALES to assign each participant the email/SMS message in their language. 

    Click Next. In the Templates screen, you'll see the templates that support any of the campaign's languages, as well as each template's languages. Select the templates to be used. 
    Continue setting up your campaign.
    The Review & Launch screen now also displays the campaign'

(IC-25219) Enhanced template layout and "Domain" dropdown list

We’ve made some design improvements to the Simulation & Training > Create Template dialog box.

  • New "Sender" section:The campaign’s sender details have been rearranged under the new Sender section. Click to expand:
  • "From" field has been split into "Display name" and "From"
  • Domain is now selected from a dropdown list:Campaign’s sender domain is now selected from a set of built-in options in the new Domain dropdown list to prevent typo mistakes and potential misuse of trademarked domains. Click to expand:


(IC-25533) Customize name of duplicate template

When duplicating a template in the Simulation & Training > Templates page, you will have the option to conveniently customize the duplicate’s auto-generated template name.

(IC-25539) Sender Relationship Assessment

We are happy to introduce the new Sender Relationship Assessment card of the Incident Details page. This new card provides valuable insights into the relationship between the sender of a message and the recipients, allowing your SOC analysts to comprehensively analyze sender relationships and improve their understanding of incidents.

This is Phase 1 of the Sender Relationship Assessment, which features the left side of the card. In Phase 2, which we plan to release in June, we will add the Correspondence History between the sender and recipient, and the sender's communications with the organization.

(IC-25655) Limit incident clustering to 1 year

IRONSCALES' ability to group, or cluster, similar emails under the same incident significantly reduces clutter and saves precious investigation time. While the clustering algorithm has a high precision rate, it may incorrectly cluster emails under an incident, especially in older incidents.To address this issue, we have adjusted the Incident TTL (time-to-live) policy from "never-ending" to "1-year", automatically stopping the clustering of every incident 1 year after it was opened.

This change will have a minimal impact on service quality while effectively solving the problem of misclustering to very old incidents. However, this may result in a slight temporary increase in new and open incidents as there will be less incidents to automatically cluster with.

(IC-25465) Auto-classify junk-only incidents for Google Workspace

(Google Workspace) We're happy to announce that IRONSCALES' Classifier for Spam-only Incidents has been implemented for Google Workspace integrations, saving your SOC analysts' time and helping them focus on the more pressing phishing threats. This model will auto-classify incidents (as Junk) if their emails are all in the Junk folder. The mechanism runs on incidents that are at least 1 hour old and have emails that affect 3 or more mailboxes, and repeats every hour, automatically classifying matching incidents. The idea is to wait an hour to allow our clustering mechanism to add additional related emails to the incident.

This operation takes priority over the incident's phishing confidence score, and therefore will classify the incident as Junk even if it has an above-threshold phishing confidence.

Reach out to your Customer Success Manager if you would like to have this feature disabled.

(IC-25378) Ability to view "presumed safe" emails in the Investigation log (BETA)

Applicable to customers participating in the Presumed Safe beta testing.

We're happy to announce the launch of Presumed Safe emails, allowing our customers to view all emails that enter their mailboxes. Presumed Safe emails are emails in which IRONSCALES detected no malicious intent or content. Due to the personal and sensitive content such emails may contain, only the IRONSCALES account owner and their privileged users can access them. In addition, event notifications for permission changes are available for MS Teams and Slack alerts, and are covered in the User Permissions changes alert. For details, see Access "Presumed Safe" Emails.

Click to expand: