Oort is now part of Cisco  |  Learn more

Try it free

Release Notes: Week 30, 2022

It’s been another busy week for us with some of our team at CSA Western Michigan’s CloudCon conference and others at AWS re:Inforce in Boston.

cloudcon-oort Screen-Shot-done

Although it’s been a busy week, there’s been even more action happening behind the scenes, so let’s dive right in to the magic that’s quickly making Oort the leading identity threat detection and response solution for enterprise organizations.

AWS EventBridge

Oort now supports real-time Okta logs in AWS EventBridge! This capability allows greater fidelity and time-sensitive reporting on several behavioral Identity Security Checks in Oort. If you are using Oort for threat detection in Okta and want this turned on, please contact Andy Winiarski and he will get you set up right away.


New Features

💬 Free Text Search In Activity

User activity can now be searched with free text for all available information. This new feature speeds up threat investigations by an order of magnitude, enabling SOC and security analysts to find pertinent information much faster during any threat investigation.

📥 Download User Activity

You can now download the activity of any user into a convenient .csv file. The downloaded file comes populated with post-filter information, so once you zero in on the criteria or filter out any information that might not be relevant to your identity threat investigation, your download will be full of “just the facts, ma’am.”

🗓 Custom Date Ranges

You can now apply a custom date range to any user activity. This is in addition to existing presets for 1 hour, 4 hour, 1 day, 2 days, 3 days, 7 days, 15 days, and 30 days. This is useful when the boss calls and says “get me Bob’s authentication history from July 4th through the 7th.”


**NEW** Identity Security Checks:

✅ Users with New Email Forwarding Rule

We have a new check for data leak prevention (DLP) that alerts on users who have set up email forwarding from their corporate Google Workspace account. For insider threat detection, the presence of an email forwarding rule is a leading indicator of risk, especially when it’s set to forward to a non-corporate or external email account.

That’s a wrap for this week! Make sure you subscribe to our updates up top so you don’t miss any new features or announcements coming from Oort! Can’t wait? Get a demo today!

Get a Demo

Recent Blogs

This week we’re introducing two new checks, a “registered location” tag, and more. Read on to learntrue

There have been plenty of exciting releases to get excited about over the last year. However, thistrue