With each product release, we document changes to the ContraForce Portal. Product releases can include bug fixes, new features, and performance related improvements. We will send an email each time indicating a new release has occurred.
Dec 7th, 2024
Dec 7, 2024
This release includes updates to provide user management across multiple workspaces and the ability to add multiple tenants to an end-customer tenant. Additionally, this release includes our ServiceNow integration for ticket management and association to incidents in ContraForce..
If you have any questions, please feel free to contact us at support@contraforce.com.
New
-
ContraForce IAM - This feature includes some powerful user management and access functionality. This will enable organization/user administrators to grant access to users in desired workspaces.
-
Organization roles
-
Organization Admin
-
User Admin
-
Workspace Admin
-
Org Member
-
-
Workspace roles
-
Workspace Owner
-
Workspace Content Admin
-
Incident Responder
-
Incident Analyst
-
-
-
ServiceNow Ticket Management - this integration will now allow users to create/associate and manage tickets that is connected to their organizations ServiceNow instance
Sep 9, 2024
This release includes our improved IP address entity insights
If you have any questions, please feel free to contact us at support@contraforce.com.
Improvements
-
ContraForce Insights now supports IP address entity
-
for every IP address that appears as an entity in a ContraForce incident, ContraForce Insights will pull in signin logs from that IP address and will show if the signins are from a registered device
-
September 3rd, 2024
This release includes our new detection module SentinelOne. This includes gamebook actions for assets (endpoints) registered in SentinelOne
If you have any questions, please feel free to contact us at support@contraforce.com.
New
-
SentinelOne Integration
-
Threats (incidents) are now available in the ContraForce platform
-
Gamebook actions availble to SentinelOne
-
Disconnect from network (isolate endpoint gamebook)
-
Reconnect to network (unisolate endpoint gamebook)
-
Initiate scan (scan endpoint gamebook)
-
-
Improvements
-
New and improved nav bar menu. This will help users navigate the platform in a better way.
Bug fixes
-
n/a
August 2, 2024
This release includes our new detection module Splunk. This will be a beta release of Splunk and will role out enhancements over time.
If you have any questions about version 2024.08.02 please feel free to contact us at support@contraforce.com.
New
-
CalVer versioning system is going to be used from now on
-
Splunk Module (Beta) - Splunk notable events will be now visible as a ContraForce incident in the platform. Features include:
-
Assign users to notable events
-
Change notable event status
-
filtering notable events by title, severity, status and time
-
Entities and alert timelines are only supported in Splunk notable events when Microsoft Defender logs are present
-
Improvements
-
n/a
Bug fixes
-
CSS bugfix with gamebook queue in incident detail page
July 15, 2024
This release includes the launch of the UIE 2.0 and Service Provider Onboarding.
New
-
Unified Investigation Experience (UIE) 2.0 is now available in production. This release standardized an investigation of an incident for a user in the ContraForce platform. Every incident, regardless of source (SIEM or XDR), will have ContraForce insights and enriched entities available in the incident detail view and gamebook workbench.
-
For User/Account entity, sign-in and audit logs are displayed in a table with a time filter option
-
For IP Address entity, ContraForce specific insights are displayed in the insights tab
-
Related incidents tab shows a related incident feed that shows an incident investigation audit with incident closing comment (if incident is closed)
-
-
Service Provider Onboarding has enabled service providers to get started and pre-onboard their customers faster than ever. In a few steps, service providers can connect their ticketing system (AutoTask), add users, and pre-onboard customers before they get to the main ContraForce platform.
Improvements
-
New quick link buttons in incident table
-
Gamepad button - takes you straight to desired incident gamebook workbench
-
Expand button - takes you straight to the incident detail
-
Bug fixes
-
n/a
June 4th, 2024
This release includes the launch of the Email Gamebook Actions and Microsoft Entra ID SIgn-in logs.
New
-
General availability of Email Gamebook actions. The email gamebook actions allows users to remove specific emails from an inbox when phishing or malicious activity is suspected. This is the first action that we are making available related to email. More to come in the future.
-
Microsoft Entra ID sign-in logs for an account entity in gamebook workbench
-
In the gamebook workbench, you can now click on an Account entity and it will fetch sign-in logs from Microsoft Entra ID. This will only fetch sign-in logs from that account entity if the user exist in the specific Microsoft Entra ID tenant.
-
Improvements
-
Incident caching
-
this allows the incident data to be cached temporarily so that the incident data doesn’t have to be fetched again. This has increased efficiency and load times of the portal.
-
Bug fixes
-
Bulk update for incidents bug fix
-
Bulk update would not successfully send the request to change/update the incident from the command page
-
-
Consenting gamebook modules from gamebooks workbench redirect bugfix
-
When consenting a gamebook module from the gamebook workbench, the redirecting from Microsoft Identity Platform to the ContraForce Platform would cut off the redirect link and cause the incident entities/information to not be present in the gamebook workbench page.
-
April 26th, 2024
This release includes the launch of the Autotask workspace module. It is the first of our series of ITSM integrations.
New
-
General availability of the Autotask workspace ITSM module. Connecting this module allows creating, linking, and managing Autotask tickets to ContraForce Incidents in the ContraForce platform
-
Updated data mapping for QRadar offense data in the ContraForce incident modal
- Optimized multitenancy data flow for service provider accounts
-
Corrected CrowdStrike Falcon XDR workspace module labels.
April 3rd, 2024
This release includes the launch of the CrowdStrike Falcon XDR Workspace module.
New
-
General availability of the CrowdStrike Falcon XDR Workspace module. Connecting this module to a workspace allows for CrowdStrike Falcon XDR incidents to be managed in ContraForce
Improvements
-
Updated onboarding flow to allow for onboarding a workspace without connecting an incident source
Bug fixes
-
Resolves issue with Command page incident severity filtering
March 11th, 2024
This release includes several new features, including: the IBM QRadar Workspace module; consolidation of our SIEM incident sources into its own page and XDR incident sources into its own page; and a new workspace onboarding flow.
New
-
General availability of the IBM QRadar Workspace Module. Connecting this module to a workspace allows for IBM QRadar offenses to be managed as incidents in ContraForce.
-
General availability of the SIEM Incidents page for management of aggregated incidents across all SIEM incident sources
-
General availability of the XDR Incidents page for management of aggregated incidents across all XDR incident sources
-
General availability of the workspace onboarding flow to support pre-configuring which modules additional workspaces can configure during onboarding
Improvements
-
Updated workspaces page that enables a user to manage the configuration of their workspace modules and enterprise application permissions
-
Updated interface for the Endpoints page
-
Graceful handling of unsupported incident management flows
-
Automated comments on Defender XDR Incident management actions
-
Microsoft Defender XDR Account Gamebook coverage enhancements
December 4th, 2023
This release includes several new features, as well as significant improvements to the architecture of the ContraForce applications. These include Portal support for the Microsoft Defender incident source, Advanced Hunting for both Microsoft Sentinel and Microsoft Defender, and a distributed service principal application deployment.
New
- General availability of the Microsoft Defender Incidents page in both global and single-tenant contexts. This page provides a dedicated Portal interface for managing Microsoft Defender incidents, including their ownership, status, and comments.
- General availability of the Microsoft Sentinel Incidents page in both global and single-tenant contexts. This page provides a dedicated Portal interface for managing a connected workspace’s Microsoft Sentinel incidents.
- General availability of the Microsoft Defender Advanced Hunting page in both global and single-tenant contexts. This page empowers users to hunt for deeper event context by directly querying Defender's raw data with KQL. Query editor interface provides real-time IntelliSense autosuggest and workspace schema tree visibility for accelerating query writing.
- General availability of the Microsoft Sentinel Advanced Hunting page in both global and single-tenant contexts. This Portal page empowers users to hunt for deeper event context by directly querying their Microsoft Sentinel workspace(s) with KQL. Query editor interface provides real-time IntelliSense autosuggest and workspace schema tree visibility for accelerated query writing.
Improvements
- Automated post-onboarding downgrade of subscription-scoped Azure RBAC Owner Role for ContraForce API service principal
- Distributed application permissions across multiple service principals designed for least-privilege access
August 5th, 2023
This release includes major features for the ContraForce portal, including the "Bring your own Sentinel" deployment model and support for multi-tenant management. Additionally, the ContraForce API has been made available for use by service providers.
New
- General availability of the Gamebooks History page into the Portal. This page provides users the ability to manage Gamebook requests, as well as view any gamebook actions that have been run by the organization in the ContraForce portal. The status of each gamebook, the associated incident, and the entity each Action operates on are shown. Only users with the appropriate ContraForce permissions can grant approval for Gamebook Actions that require it.
- General availability of the ContraForce API. The ContraForce API empowers service providers to leverage ContraForce functionality in their own incident automation and service workflows. Users can list and query for their organization's incidents, as well as retrieve the evidence, entities, and detail data associated with any specific incident.
- General availability of the Bring Your Own Sentinel deployment method. This capability enables organizations to augment and optimize an existing Sentinel environment with the Gamebooks, Data Connectors, and Security Engineering on Demand that ContraForce's hyperautomated security platform provides.
- General availability of the Managed Tenants Settings page. This capability gives service providers a self-service method to onboard additional customer Azure tenants into ContraForce. When a user with the appropriate RBAC permissions uses the service provider's ContraForce onboarding link, the customer’s Azure environment will automatically be linked to the service provider’s, allowing a service provider to manage delivery of security outcomes rapidly and effectively.
- General availability of related incidents per entity. When viewing an incident entity in ContraForce, all incidents related to that entity are shown to help the user understand where that entity may also demonstrate suspicious activity in their environment.
- General availability of threat intelligence into ContraForce using Virus Total. For entities associated with an incident, any flags of the entity on Virus Total are shown to help the user validate the reputation of a selected entity.
- General availability of the Global Command page. The Global Command page empowers service providers to monitor and respond to incidents for all their customers through a single pane of glass. The Global Command page features:
- An Incident Tracker table that displays aggregate and per-workspace incident metrics
- A Data Connector Anomalies card that provides visibility when a workspace's data connector has an anomalous ingestion gap
- A Workspaces dropdown that enables users to dynamically select which of their onboarded workspaces to include in the Global Command page
- An aggregate incident table showing all open or active incidents to enable collaborative incident response and case management at scale
Improvements
-
Workbench Actions that require administrative approval display a red padlock
- Gamebook Workbench navigation and display enhancements
- Ability to switch between multiple incidents using tabs on the incident summary page
Bug Fixes
- Ensure sufficient permissions for successful deployment of resources with Azure RBAC Subscription 'Owner' onboarding check
April 17, 2023
This release included backend infrastructure improvements, and updates to the Command page in ContraForce.
New
- Email notifications can be customized by incident severity.
- Permissions can now be enabled for Gamebook actions from the Settings page. Consenting gamebooks permissions allows ContraForce to deploy remediation actions to affected incident entities.
- On the Command page, multiple incidents can be selected and the incident status can be managed in bulk.
Improvements
- The backend deployment infrastructure of ContraForce onboarding has been optimized to decrease deployment time.
- The Incidents page was removed a data cards from the Incidents page was integrated into the Command page. Various data cards on the Command page were also removed resulting in a more-streamlined incident management dashboard.
Bug Fixes
- Spelling corrections for various elements throughout the ContraForce portal
September 1st, 2022
This release includes the launch of One-Click Response and Gamebooks. With One-Click Response and Gamebooks, IT professionals can manage full-lifecycle security operations from a single interface with a single click. The addition of this capability further advances ContraForce's mission to make cybersecurity easy, affordable, and accessible.
New
- One-Click Response is available for medium and high severity incidents.
- 8 Playbooks are available for One-Click Response. The playbooks can be combined together to create a Gamebook. Gamebooks allow users to respond to incidents with multiple actions using just a single click.
- Lockout User
- This playbook disables a user’s account and prevents them from signing in.
- Reset User Password
- This playbook prevents a user from generating new sign ins without first resetting their password during their next sign in attempt.
- Invalidate Existing Sessions
- This playbook ends a user’s signed in sessions, preventing the authorization of additional actions associated with those sessions
- Isolate Endpoint
- This playbook disables an endpoint's external networking capabilities.
- Scan Endpoint
- This playbook triggers an anti-virus scan on an endpoint.
- Acknowledge Response
- This playbook updates an incident, adding a comment containing a timestamp and the username of the user who executed the playbook.
- Quarantine File
- This playbook stops a file from being used by other programs and deletes it.
- Block IP
- This playbook updates a firewall’s rules to block network traffic from a specific IP address.
- Lockout User
- 8 Playbooks are available for One-Click Response. The playbooks can be combined together to create a Gamebook. Gamebooks allow users to respond to incidents with multiple actions using just a single click.
- On the Command Page, the Needs Attention table has an Action column. When an incident with One-Click response is available, a Respond button is shown.
- Clicking Add to Gamebook or Go to Gamebook will direct the user to the Investigate page. This is where different playbooks can be combined to create Gamebooks.
- Playbooks are added to a Gamebook by clicking the green plus (+) sign button. They are removed by clicking red minus (-) sign.
- For Medium and High severity incidents, email notifications will include a Respond and a Launch Portal button.
- Once a One-Click response has been performed, the user receives a confirmation message and are returned to the incident detail page.
- If a One-Click Response fails, a Run Again message will be shown or you will have the option to contact the ContraForce team.
Improvements
- Onboarding Welcome page fields have been streamlined to require less input from the user to start the onboarding process.
- Error messaging and handling has been improved throughout the onboarding flow.
Bug Fixes
- Fixes to the security infrastructure deployment during the onboarding process.
April 12th, 2022
Today, we are thrilled to announce the general availability of Self-Service Onboarding, Subscription Plans, Billing Management, and the Data Sources management page. We have seen tremendous growth and interest after 12-months of early access in the market. With today’s release, ContraForce has the ability to bring enterprise-scale cybersecurity to small and medium businesses.
New
-
Self-Service Onboarding
- Customers can register, subscribe, and connect security supported data sources completely on their own using a self-service flow.
If you wish to connect a data source but do not see it listed please submit a request to the ContraForce Support Team. We are more than happy to assist with any more detailed connections.
- New Subscription Plans and Billing Management
- We now support 4 new subscriptions plans that can be reviewed in the Subscription tab of the Settings page.
- Freemium Forever, Priority Zero, Priority Cloud, and Priority Network
- Existing customers will be automatically grandfathered into their current corresponding subscription plan.
- We now support 4 new subscriptions plans that can be reviewed in the Subscription tab of the Settings page.
- Billing Management
- New customers can now manage their subscription payment method in the Billing tab of the Settings page.
- Data Sources Management
- Users can now add, edit, and remove data sources connected to ContraForce.
Improvements
- Time Filter selection is now persistent across all pages in ContraForce.
- Time filter updates will now trigger an automatic data refresh on the selected page without needing to click the data refresh icon.
- The data refresh icon can still be used to refresh fetched data at any time or as needed.
- Users can now search for ContraForce users in the User Management tab of the Settings page.
Bug Fixes
- Updated Missing Investigation Graph Icons.
- Improved client side error handling.
- Browser card sizing issues addressed.
-
-
Minor bug fixes throughout the ContraForce Portal.
-
February 2nd, 2022
This release focused on UI improvements and performance optimization for the ContraForce Portal. A new sorting feature was added to the Endpoint page.
New
-
On the Endpoints page, the Endpoint Inventory table can now be sorted by “Device Name.”
Improvements
-
Performance optimization for back-end servers.
-
Minor UI improvements throughout the ContraForce Portal.
Bug Fixes
-
Minor bug fixes throughout the ContraForce Portal.
October 29th, 2021
This release focused on implementing support request functionality into the ContraForce Portal. Additional performance improvements were also made.
New
-
From any page within the ContraForce Portal, users can now submit a ticket directly to our Support Team. On the bottom right of a page within the ContraForce Portal, there is a “Contact Support” widget. It will prompt the user to ask what type of assistance is needed. From here any relevant support documentation will populate. Alternatively, there will be a support option where details about the issue can be added and submitted for review by our Support Team.
Improvements
-
On the Incidents page the response time of the Incidents table when viewing a large amount of incidents has improved. This is common when using the 14 or 28 day time period. At the bottom of the table there is now a “Load More” button. By clicking “Load More” an additional 50 incidents will be loaded per click resulting in a much quicker review experience.
-
Minor UI improvements to cards on various portal pages.
October 1st, 2021
This release was focused on bug fixes related to the last product release (1.1).
Bug Fixes
-
The Incident Response card on the Command page now shows correct incident values when the “Last 28 Days” timeframe has been selected.
-
When hovering over the Cloud icon within the Incident Response card on the Command page, the total amount of incidents shown is correct.
-
The count of incidents shown on the Incidents page will match the data shown on the Command page.
September 21st, 2021
Our team is very excited about the 1.1 release! This release was heavily driven by customer feedback. First, you will notice the portal has a new look! Second, you will notice that some pages have been removed. Don’t fret, these pages are not gone forever. Our Development Team will be heavily focusing on these pages to improve the functionality over the coming months. Our goal is to provide our users with effective fully functional tools, and we look forward to showing the new versions of these pages when they are ready.
New
-
The portal has a new look!
-
Now following industry standard by implementing material design for all portal pages.
-
-
On the Navigation bar, the tabs for the Compliance, Profiles, Training and Marketplace pages have been removed.
-
Command Page
-
The labeling and layout of cards on the Command page has been simplified to provide a better overview from the Command page. For an overview on the functionality of each of these cards, please visit the Command Page Overview documentation.
-
Open Incidents has changed to Incident Response
-
Critical and High Severity Incidents has changed to High Severity Incidents
-
Incidents Severity has changed to Open Incidents
-
Alerts has changed to Current Alerts
-
MITRE ATT&CK Alert Map has changed to MITRE ATT&CK Threat Detectors
-
Security Events By Source is unchanged
-
-
Ticketing, Data Source Misconfigurations, and Open Versus Closed Tickets have all been removed from the Command Page.
-
-
Incidents Page
-
The Investigate page has been renamed to Incidents. For an overview on the functionality of each of the cards on the Incidents page, please visit the Incidents Page Overview documentation. The new cards on this page provide the user with data to assist with investigations and incident management.
-
-
Endpoints Page
-
This page is largely the same.
-
-
Settings Page
-
We have removed all functionality except the ability to add and remove Roles assigned to users within the portal.
-
Improvements
-
The load times of the portal are twice as fast as the previous version.