New features in the release of our Sagan 3.0.1
Here are some of the cool, new features in our recent Sagan 3.0.1 release this week.
E-mail format changes:
- We have made some minor modifications to our alert e-mail format. The new format features the more important alert data toward the top of the e-mail. This change was initiated based on client feedback expressing the desire to have direct and faster access to important data. The new format also allows you to view important data quickly and more easily on mobile devices as well.
- Quadrant alert e-mails now include correlated events via the TCP/IP source address over the last 24 hours allowing you to not only view the current events in your e-mail, but also quickly see and access previous events from that source IP address.
- One common question our users ask is, "how far back does the Raw Log search go?" The new Raw Log Search screen displays the oldest known date of raw logs within Elasticsearch allowing you to quickly determine how far back you can search raw logs.
- We also added more flexibility to the Raw Log Search system. You can now search Raw Logs stored in Elasticsearch via a Standard keyword search, a Wildcard search or using Regular Expressions. This flexibility allows you to dig deeper into raw logs.
- Sometimes you might want to query the TCP/IP source, destination, or port from an external sources like IPVoid or SANS Port Lookup. You can now customize and add in your own external sources to query. To add a custom source, go into your Company settings and select Lookup Sources.