Release Notes (2022-12)

December release notes detailing the evolution of the Stairwell platform

December 21st, 2022

New Feature: Introducing User Opinions! 🎉

The Inception platform shines in its ability to serve as a digital evidence locker for all of your files.  Over time, the platform grows in its diversity of objects collected, and because of its ability to enhance threat hunting, IR, and other use-cases, customers have asked for the ability to annotate & provide opinions onto files.

Customers now have the ability to capture file opinions.

Simply click into an object and leverage the new opinion dropdown menu, which allows you to render one of the following opinions:

• No opinion (default value)
• Trusted
• Grayware
• Malicious

You can optionally add  context in the form of a comment.

Any opinions will be captured in the History tab that appears within each object's details pane:

Finally, opinions (trusted, grayware, or malicious) are now available via search:

December 20th, 2022

UX Enhancement: Environment simplification and new object details pane!

Inception is a powerful platform that provides organization's a very unique look into their environment by virtue of pre-preserving and analyzing files across the environment.  In an effort to improve quality of life and to expedite triaging and hunting, we've made a number of frontend changes:

The "environment picker" has been removed

Traditionally, the Inception platform required users to leverage an "environment picker", that existed as dropdown in the top-left of the app, to toggle various YARA and malware environments that influenced the behavior of which objects and rules were displayed through the app while searching, viewing objects, etc.

As a result of customer feedback, we fully removed this functionality and have designed a seamless experience that no longer requires you to think about which "environments" are selected - we now perform, for example, searches across all objects (organizationally and globally via malware feeds) by default and make it much more clear to you where these files exist:

Notice the new "My Objects" and "Global Objects" tabs that exist in search results:

This integrated and simplified experience has been designed into the very fabric of the platform, and also makes for an elevated experience when viewing YARA rules, object details, etc:

📘

Yara Rule Filter Default

Clicking into the main YARA Rules page now shows all rules by default - both the rules you author and the rules that our research team provides - and there's now a new filter menu that allows you to better navigate and view all of the rules.

• Redesigned object details that puts the information you care the most about directly at your fingertips

With this launch, we've included a redesign of the object details pane, which appears each time you click into an object, resulting in an improved analyst experience:

All of the rich information that Inception extracts is neatly organized into a number of redesigned tabs:

By default, you will be presented with a new Summary tab that incorporates the most useful information you need to quickly glean analyst context:  Things like hashes, file names, first seen times, matching AV and YARA hits, embedded hostnames and IP addresses, certificate data, etc.

In addition, we immediately show you links/hashes to any relevant parent or child objects, thus removing the need to click multiple times to find such relationships. 🎉