Do not update Bootstrap for the following upgrades of Kaspersky Next XDR Expert:
Version 1.4 Hotfix 3 → Version 1.4 Hotfix 6 or later
Version 1.4 Hotfix 4 → Version 1.4 Hotfix 6 or later
To upgrade Kaspersky Next XDR Expert, run the following command:
./kdt apply -k <path_to_XDR_updates_archive>
You can now set a fixed response time (SLA) for incident handling. SLA metrics include the time to resolve an incident fully, the time to first response, and the time to confirm the incident.
You can now add or delete worker nodes included in the Kubernetes cluster, without restarting the cluster nodes.
Saving a playbook as a draft is supported. The playbook draft cannot be launched, but it is available for editing in the tenant to which the playbook belongs. To launch the playbook draft, you need to publish it first.
You can now export to a CSV file information about assets affected by or involved in the alert or incident, as well as information about observables that relate to the alerts linked to the current incident.
You can assign alerts and incidents to a user group manually or by using a playbook. If you want alerts and incidents to be automatically distributed among users of the group based on their workload and availability status, you can enable automatic assignment.
The playbook visual editor is now used to create playbooks. The playbook visual editor allows you to build and visualize the playbook execution flow and the relations between the playbook algorithm steps.
Names of an alert and incident are displayed when linking the alert to an incident. This allows filtering alerts and incidents by their names.
Connection profiles for out-of-office users with Linux devices are now available. By using connection profiles, you can configure the rules for Network Agents on Linux devices to connect to the same or different Administration Servers, depending on the device location.
You can now create a child incident. Child incidents allow you to investigate and respond to incidents across different tenants.
Kaspersky NGFW is supported for incident response scenarios. You can create the services for Kaspersky NGFW by using the KUMA inventory file. Kaspersky NGFW includes the following features:
Pre-validation of parameters in the configuration file. Kaspersky Deployment Toolkit verifies the presence and values of parameters in the configuration file before starting the installation or update of Kaspersky Next XDR Expert. The feature is available for both single-node and multi-node deployments.
The following dashboard widgets now display information on unclosed incidents:
Active incidents
Active incidents by tenant
Incidents by severity
Affected assets in incidents
Affected asset categories in incidents
Latest incidents
The limit on the number of alerts linked to incidents that you can merge has been increased. The maximum number of alerts linked to incidents for merging is 1000. When merging incidents, the number of alerts linked to these incidents is displayed in the Merge incidents window.
Private IP addresses are no longer included in the observables related to the alert or incident.
Kaspersky Next XDR Expert has several new features and improvements:
An updated version of Bootstrap is used in the application. Before you install the new version of Kaspersky Next XDR Expert, update Bootstrap by running the following command:
Deployment preliminary checks. Before you deploy Kaspersky Next XDR Expert, you can now check if the system requirements are met. Kaspersky Deployment Toolkit (KDT) checks your hardware, operating system, software, and network environment. If at least one requirement is not met, KDT interrupts the deployment and provides you a detailed report.
You can now attach files to alerts or incidents. If necessary, you can remove or download the attached files.
Customizable incident handling process by using incident types.
When creating a playbook, you can configure the playbook algorithm to edit the incident properties or the alert properties.
You can export information about all incidents displayed in the incident table to a JSON file. This may be required when you have to provide this information to third parties.
AI-based asset scoring. A machine learning-based engine helps you evaluate the processes running on an asset, and define if a particular process is normal or if it is unusual and requires attention from a SOC analyst.
You can reduce or increase the retention periods of alerts and incidents, depending on your needs. By default, the retention period of alerts and incidents is 360 days.
Uninstallation of Kaspersky Next XDR Expert. All created data will also be removed.
From a shortcut menu in the alert details window or incident details window, you can now open the Threat hunting page on a new browser tab.
In the alert details window or incident details window, you can now search through affected assets and observables.
Ability to configure alert aggregation rules through the REST API.
When you open the Threat hunting page from the alert details window or incident details window, the search is now performed for the period between the first and the last event of the alert or incident, and not for the last 24 hours.
Deployment preliminary checks. Before you deploy Kaspersky Next XDR Expert, you can now check if the system requirements are met. Kaspersky Deployment Toolkit (KDT) checks your hardware, operating system, software, and network environment. If at least one requirement is not met, KDT interrupts the deployment and provides you a detailed report.
Open Single Management Platform can now be installed on the Nutanix AHV virtualization platform.
OSMP Console optimization: the console windows, login page, and the Dashboard now load faster.
You can now switch from the incident details window to the incident-related events on the Threat hunting page.
You can now refresh the information in the alert details window and the incident details window by clicking the refresh icon.
Kaspersky Next XDR Expert 1.1
Kaspersky Next XDR Expert has several new features and improvements:
An updated version of Bootstrap is used in the application. Before you install the new version of Kaspersky Next XDR Expert, update Bootstrap by running the following command: