New feature: Test nodes in playbooks​

The new Test Node toggle on nodes allows you to test individual nodes in playbooks without having to run the entire playbook, offering greater control over node configuration and troubleshooting.

What's new:

• Provide mock values for variables used in the node, and run the results to see the output and any errors.
• Available on action, condition, user choice, and task nodes. (It is not available on filter or nested playbook nodes.)
• Testing nodes counts against your action limit quota.

For more information, see Test nodes in a playbook.

August release​

Changes and enhancements​

Platform​

Default action limit increased to 500.

Integrations​

• [UPDATED] Trend Micro Vision One
  • Fixed type SHA1 issue in action Add Object To Suspicious Object List and Delete Object From Suspicious Object List.
  • Added SHA256 support in action Add Object To Suspicious Object List and Delete Object From Suspicious Object List.
• [UPDATED] CrowdStrike Falcon
  • Resolved timeout issues across all actions, including daemons and enrichment queries, for improved stability and performance.
• [UPDATED] ManageEngine Desktop Central
  • Added support for both Cloud and On-prem based account type authentication.

Bug Fixes​

Playbooks​

• Fixed a bug causing false loop detection in playbook execution.
• Fixed operator inconsistencies within conditions for condition and filter nodes.

Integrations​

Resolved installation error for App Central integrations conflicting with existing custom integrations of the same name.

Incidents​

Fixed unlimited file upload vulnerability in the Incident documentation feature.

May release​

Changes and enhancements​

New feature: Enable/disable playbooks​

This feature allows users to easily enable or disable playbooks without deleting them, offering greater control over their execution.

What's new:

• Switch playbooks' status to enabled or disabled directly from the playbook details page.
• The playbooks listing page now shows a status column to display the status of the playbooks.
• Disabled playbooks will not execute from any linked triggers like monitors, insights, or incident rules, enhancing operational safety.
• By default, playbooks with any published version are set to enabled, while those that are draft-only or have been deleted remain disabled.
• Audit logs are generated whenever playbooks are enabled or disabled manually.

For more information, see Enable or disable playbooks.

Integrations​

• [NEW] Google Workspace IDP – This integration automates user and group management in Google Workspace, simplifying identity and access control for improved security and efficiency.
• [UPDATED] Microsoft EWS Daemon - Enhanced the handling of email attachments that may lack file extension, ensuring consistent detection and processing.
• [UPDATED] TheHive - Modified TheHive integration with case and observable enhancements:
  • Fixed parsing issues for date related inputs with inconsistent formatting.
  • Fixed SSL-related warning issues.
  • Added organization name field in resource which will included in the headers.
  • Enhanced error handling and made the integration more resilient to malformed inputs.
• [UPDATED] Sumo Logic Automation Tools - Introduced the new "Scaled Decimal to Percentage" action, which converts a scaled decimal value into a percentage.
• [UPDATED] Microsoft Sentinel - Enhanced the "Microsoft Sentinel Incidents Daemon" action, and added support to seamlessly fetch subsequent paginated data.

Bug Fixes​

Playbooks​

• Fixed an issue where users were unable to use the "Answer by Email" option when selecting the authorizer as a playbook input variable.
• Fixed long text getting cropped in filter and conditions nodes preview.

Rules​

• Resolved an issue where empty keys within nested list objects were not properly filtered during rule execution. This fix ensures accurate evaluation of isnot and notcontains conditions by excluding empty keys, resulting in improved data processing accuracy and rule performance.

Incidents​

• Resolved data loading issue on incidents and triage listing tables.
• Fixed issue related to user redirection to the logic page on session timeout.

March and April releases​

Changes and enhancements​

Integrations​

• [NEW] ThreatDown Oneview. The ThreatDown OneView integration has been built from scratch to facilitate seamless security operations management.
• [NEW] Atlassian Jira Cloud. The Atlassian Jira Cloud integration has been developed from the ground up to streamline issue tracking and project management.
• [UPDATED] AWS WAF. Added a new Update IP Set action in the AWS WAF integration that allows users to update an existing IP set.

Platform​

Playbooks​

• Improved the user experience in the node popup when loading dynamic fields.
• Added a confirmation dialog to alert users about pre-existing playbook drafts to avoid accidental overwriting while editing playbooks.
• Implemented an alert popup to prevent accidental loss of unsaved changes when closing a node popup.
• Added audit logs for failed nodes due to errors or exceptions during playbook execution.

Bug fixes​

General​

• Fixed a session timeout issue when the user is active in Automation Service, but inactive in Sumo Logic Log Analytics.
• Fixed cursor positioning issue while typing in text areas.

Integrations​

• Resolved a next page token and pageSize related issues in the List Permissions action of the Google Drive integration.
• Added a new impersonate_user field in List Permission and Delete Permission actions, allowing actions to be performed on a user's behalf.

February release​

Changes and Enhancements​

Platform​

New feature release: Dynamic Array Handling

We are excited to introduce an enhancement to the action node—dynamic array handling. You can now loop through arrays directly within a text area field in an action node, making it easier and more efficient to work with lists in a playbook.

When selecting an array variable in the text area, you will have two options:

• Iterate through the array so that the action runs for each value in the array.
• Process the array as a comma-separated list.

If the iterate option is selected, an icon will appear in front of the variable inside the text area to indicate that iteration is enabled. The action will then execute as many times as there are elements in the array.

Learn more.

January release​

Changes and Enhancements​

Platform​

🚀 New feature release: Autosave for playbooks

We’re excited to introduce autosave for playbooks, a feature designed to make workflow changes seamless by automatically saving your progress as draft and preventing accidental data loss. Here's what's new:

• Playbooks now automatically save your changes, including node updates, connections, and position adjustments.
• Multiple changes made in quick succession are saved together to improve performance.
• Visual indicators display the saving status whether in progress, successfully saved, or failed.
• Warnings appear when users attempt to close or navigate away from a playbook with unsaved changes.
• Users can enable or disable auto-save as needed.

AuditService:​

• Removed the Body field from the email audit log to enhance security and optimize log storage

Bug Fixes​

• Playbooks:
  • Fixed granular field path drill-down in textArea for arrays with array output fields.
  • Resolved issue where the Authorizer value in playbook action nodes was not persisting on the UI.

This release introduces new integrations, new playbooks, and several updates.

Integrations​

• [Updated] Darktrace
• [Updated] HTTP Tools
• [Updated] ServiceNow V2
• [Updated] Slack
• [Updated] Sumo Logic Cloud SIEM

Changes and Enhancements​

Platform​

• Playbooks:
  • Performance optimisations on Incidents page.
  • Faster onboarding and provisioning for new Cloud SOAR and Automation service customers.
  • Display Integration Name and Cartesian product in node details popup.

Bug Fixes​

• Playbooks:
  • Added validations for required fields in playbook nodes.
  • Updated error messages for required fields.
• Integrations:
  • Fixed an issue with API authorization in the Sumo Logic Log Analytics integration.
  • Fixed the issue of action details not persisting on failure while testing an action.
• Incidents:
  • Fixed an issue where the Incident Owner field appeared empty in the incident close audit log.

This release introduces new integrations, new playbooks, and several updates.

Integrations​

• [Updated] Azure AD
• [Updated] Google Chat
• [Updated] Sumo Logic Log Analytics
• [Updated] Sumo Logic Notifications By Microsoft

This is an archive of 2024 Cloud SOAR release notes. To view the full archive, click here.

This is an archive of 2023 Cloud SOAR release notes. To view the full archive, click here.