Release Notes (2023-04)
April release notes detailing the evolution of the Stairwell platform
April 21st, 2023
New file attribute: MIME Type
MIME Types are now displayed within the object detail pane and can also be searched/pivoted on:
April 20th, 2023
Enhancement: You can now search against additional PE fields!
In an effort to continuously expand the power of search, there are a number of new searchable fields:
- PE import and export functions
- PE import DLL
- PE company name, description, product name, etc.
Enhancement: Quickly test your configured webhook(s)!
You can now quickly test your configured webhooks via a new "Test" button that exists within the event notifications configuration dialog:
The new "Test" button is shown in the above screenshot.
April 17th, 2023
New user setting: File sizes!
There is a new user setting that allows you to specify the formatting of file sizes that are displayed throughout the app: rounded (1.1kb) or exact numbers (1153 bytes).
Head over to your user settings to check it out!
April 14th, 2023
Enhancement: Additional PE data reflected in object details panel!
A slew of additional data has been added into the "PE Data" tab that appears within each object's details pane. Let's take a look at a weaponized version of putty as an example:
Additional File Version Information appears, to include product name, version, description, internal name, etc. Imports are also included.
Enhancement: Hex offset locations are displayed when performing YARA test scans
The Stairwell platform includes the capability to perform "must match" and "must NOT match" test cases when authoring YARA. We've enhanced these tests to display the exact offsets of strings that match objects that you reference when performing tests to ensure your YARA rule is working as intended:
April 12th, 2023
Enhancement: Filter threat reports by matches
A new "Filter by object matches" filter has been add into Threat Reports, affording the ability to quickly down-select to reports that contain IOCs that match objects that have been collected in your environment(s).
Enabling the filter will return threat reports that contain matches on objects / files within your organization, as indicated by the red icon next to each report:
Enhancement: Easily copy parent and child objects
New context menu options have been implemented to allow you to easily copy/paste parent and child object hashes for a given file. Simply right-click any hash from the search results / list view to view these new options:
As a reminder, the Stairwell Platform automatically performs unpacking upon ingesting files. For example, Stairwell my recognize and unpack an item that is embedded into a container (like a zip or ISO) or even files that have been packed via a number of malware packers.
April 4th, 2023
Enhancement: Global search bar!
The object search bar is now included on top of all pages within the Inception platform, enabling quick access to powerful search capabilities from any where!
The global search bar is akin to the search capability that is present on the primary "Search" page, but is now available from any page to afford the ability to perform a variety of searches from anywhere within the app.
- You can search for simple attributes, like hashes, domains, and IPs
- You can click on the gear icon to open the query builder to perform more complex searches
- You can also access search history by simply clicking into the search bar