Skylight interceptor 23.08 Release Notes

Executive Summary

This article highlights the new features and enhancements for Skylight interceptor 23.08.

Allowlist Enhancements

• Values that can be used as allowlist conditions are pre-populated and can be added by clicking the corresponding “+” icon.
• Any additional values or conditions can be added manually by clicking the “+ Conditions” link.
• The Time conditions grid is bigger.
• It is possible to delete saved time templates from the list.
• Existing allowlists for the selected alert types can be edited or deleted from the Allowlists form on the Alerts page.
• An interactive window that asks about closing alerts for the save detection type with the same artifacts displays when saving changes in the Allowlists form.
• It is possible to delete the allowlist from the Alerts page.

Smart Incident Management

Smart Incident Management is a functionality that automatically analyses clusters of alerts in incidents and, according to a given logic, decides whether this cluster contains false positive alerts and needs to be closed or not.

Honeypots

The honeypot solution can run inside the customer network and track an attacker’s activity. This activity is then displayed as an alert on the Interceptor UI. The SMB flavor of honeypots has been added in this release.

Dashboard Interceptor Data Support

All Interceptor data is fully-supported in dashboards.