Release Notes - July 23, 2023

Content summary

This section lists the main functionality updates, features and enhancements implemented in this release.

(IC-26870, IC-26874) Incident Details enhancements: Escalated Email and Reporter

The following enhancement relates to the Reporters card that appears for manually-reported incidents.

Background:

The Reporters card displayed the first email of the incident (the escalated email) and had a "Next" button that displayed the contents of subsequently reported emails. This would sometimes mislead users into believing the later emails somehow affected the incident's details.

Enhancements:

To allow the SOC analyst to quickly find the relevant reporting details, and to reflect the escalated email's purpose of displaying information about the initial email that triggered the incident, the following enhancements were made:

·       Renamed Reporters card to Escalated email

·       Moved Escalated email card to the top of the Incident Details page

·       Escalated email card only displays the escalated email (no longer displays subsequently reported emails as they don't affect the incident's details)

·       Added (to Escalated email card) tabs that display the escalated email's body, headers, links and attachments (links and attachments of the incident's other emails can be found in the dedicated Links / Attachments cards below). 

Click to expand:

In addition, we have added a Reporter dropdown list to the Incident Details card, which displays all the individuals who have reported or contributed to the incident. This dropdown list helps track and identify the different reporters involved in the incident, and in certain scenarios, analysts can leverage the expertise of these reporters in phishing incidents, enabling more accurate and efficient classification of the incident. Click to expand:

(IC-26083) Presumed Safe emails are now available for all customers

We're happy to announce that following a successful beta testing round, we have decided to release Presumed Safe emails to all our customers.

Presumed Safe emails are emails in which IRONSCALES detected no malicious intent or content. Due to the personal and sensitive information such emails may contain, the account owner needs to opt in for safe data collection and assign permissions to the relevant users to review safe emails. For details, see Presumed Safe Emails. For details, see Presumed Safe Emails.

(IC-26810) Show Presumed Safe emails for specific search

To further protect the privacy of your employees, we've imposed a search limitation on Presumed Safe emails. As such, privileged IRONSCALES users will be able to access specific Presumed Safe emails when searching for matching Subject/Sender criteria. This will ensure that only privileged users with specific knowledge of the emails will be able to view them. 

In addition, we have added Activity log events for monitoring searched Presumed Safe content.  

(IC-25780) Option to enable/disable Presumed Safe emails

To give you more control over your data, we have added an admin option allowing IRONSCALES to collect Presumed Safe data. The Collect and display presumed emails checkbox has been added to the General & Security settings page, and is enabled by default. To disable Presumed Safe, simply unselect the checkbox and save. 

(IC-26821, IC-26459) MSP Dashboard updates and an option to set Silent Mode

We're happy to announce that we've made some improvements to the MSP Dashboard to enhance visibility into the status of your companies and streamline their management.

We've numbered the updates for your convenience (Click to expand):

1.      Silent Mode icon indicates that the company is currently in Silent Mode FAQ. This icon is extremely useful to troubleshoot customer complaints. For example, if a customer complains that they're not getting alerts and notifications from IRONSCALES, or that phishing incidents are not being auto-classified by IRONSCALES, first check to make sure that the customer is not in Silent Mode.

2.      Tenant license status - green () indicates the license is active, grey () indicates it's inactive (e.g. expired)

3.      Trial Plan column indicates whether the company is on trial.

4.  Edit the 'Silent mode' option empowers partners and MSPs (in the partner tenant) to switch a company to Silent Mode by themselves without having to contact their Customer Success Manager. Please note that this option applies to active companies only.

Known Issues 

For the up-to-date list, see Known Issues.