Prior Releases

turbine content march 2024 release drop 2 march 22, 2024 in this release, swimlane is updating the soc solution to version 1 2 6 this version allows the soc solution to install properly in tenants that previously may have experienced an issue due to a correlation field includes the following updated vics in the soc solution so that the threat intel playbooks continue to work when the assets are not configured correctly getenrichment from ipqualityscore get enrichment from urlhaus get enrichment from virustotal turbine content march 2024 release drop 1 march 15, 2024 in this release, swimlane is updating the soc solution to version 1 2 5 this version includes the following fixes missing threat intel record trigger added to the threat intel enrich observable playbook an input corrected in the run observable enrichments script known issue correlation fields installed via ssp will not correlate they must be re created after installation turbine content march 2024 release march 11, 2024 in this release, swimlane is updating the soc solution to version 1 2 4 this version fixes the following bugs in soc solution v1 2 3 threat intell is failing to complete when the extended value is set to null processing observables in soc solution fails for single observable signal display widget not showing images properly in addition, the recorded future vic is updated to map a failure to find an observable to the next action turbine content february 2024 release drop 1 february 22, 2024 in this release, swimlane is updating the soc solution to version 1 2 3 this version fixes a bug in soc solution v1 2 2 where it was missing its dashboards the soc solution also changed paths containing “/record2” to be “/record” any customer widgets referring to “/record2” should be modified to instead reference “/record” turbine content february 2024 release february 1, 2024 in this release, swimlane is addressing a bug where configured ids are present in the current soc solution these ids are now removed turbine content january 2024 release january 24, 2024 in this release, swimlane added a new functionality within the soc solution as an orchestrator, improve your phishing triage incident response by saving phishing email attachments to a threat intel (ti) record this allows you to interact with files to take appropriate actions using the ti application, which now has an easy to read widget that shows the name and hashes of the file, and has a download option additionally, we fixed two bugs when working with correlations, field values with the same uid were duplicating now, correlation fields do not duplicate instead they overwrite values with the same uid also, typos in the soc solution were fixed this bug did not affect functionality turbine content december 2023 release drop 2 december 22, 2023 in this release, we fixed an issue relating to a correlation functionality now, preconfigured correlation has been removed, and the correlation section will be completed manually turbine documentation, under case and incident management (cim) application https //docs swimlane com/turbine/marketplace/case and incident management application htm , provides step by step instructions on how to manually configure the correlation section to ensure cim records correlate turbine content december 2023 release drop 1 december 19, 2023 in this release, swimlane has enhanced the soc solution https //docs swimlane com/turbine/marketplace/soc solution htm based on your feedback now, the soc solution has new features under the case and incident management (cim) application https //docs swimlane com/turbine/marketplace/case and incident management application htm including knowledge base articles, remediation, correlation, and after actions reports (aars) the knowledge base section houses previously user created knowledge base articles (kbas) that allow you to access lessons learned and other tips for that record, or a similar record feature like signal type there is context summary, guidance, and date/time stamps to ensure you are accessing the most detailed and recent kbas the new remediation section executes playbooks for remediation actions for a cim record as an orchestrator, you can customize these remediation playbooks to block/unblock observables, disable/enable users, isolate/rejoin hosts, notify managers, and perform a siem query the new correlation section provides 15 fields for matching observables, text strings, and file attachments upon correlation with a matching cim record, tracking ids for the matching records are provided, which also now display under the cim tab, with a new widget for better visual representation of the current and correlating records and more fields for alert and phishing cases in addition, we are introducing the post incident activity section that generates an aar in a pdf file that has an easy to read layout that includes the following information for that record case number automated brief investigation summary remediation actions taken timeline summary incident handler information additionally, there are improved banners for incident promotion and/or de escalation new turbine connectors devo api recorded future sandbox sekoia io xdr threatstop wazuh open cti connectwise manage ibm xforce sailpoint identitynow updated turbine connectors active directory (on prem) turbine content november 2023 release december 4, 2023 in this release, we are introducing the new turbine collaboration solution that provides the capability to send messages out to non swimlane users over email, slack, or teams message recipients can select from user configured responses like approve, deny, confirm, yes, no, etc also, the collaboration solution can improve existing workflow (including the soc solution https //docs swimlane com/turbine/marketplace/soc solution htm ) click collaboration solution https //docs swimlane com/turbine/marketplace/collaboration solution htm to access documentation for the collaboration solution, including installation, configuration, and usage information in addition, we have enhanced the soc solution https //docs swimlane com/turbine/marketplace/soc solution htm by using newer turbine native features such as loops, if/else conditions, and variables we also optimized playbooks by using the new and improved, faster, and more reliable turbine record actions feature lastly, we now document playbook actions in the newly created description field per action new turbine vendor interaction components netscope get alerts analyst1 get indicators dataminr get alerts new turbine connectors tripwire enterprise knowbe4 bitbucket cloud servicenow cmdb azure devops server workday o365 ediscovery github updated turbine connectors oasis stix/taxii