Skip to content

Test run, new date operator and case manager efficiency

Compare
Choose a tag to compare
@Arnaudschw Arnaudschw released this 13 Dec 08:31
· 16 commits to main since this release

Right in time for the holidays, it's one of our largest release yet!

Test run

Modifying a scenario or a rule safely is challenging : you'll want to check the impact on detection volumes and efficiency before pushing to production.
With our test run feature, you can know modify an existing scenario, and run the new version in parallel during a set period.

Marble provides you in realtime the difference between both version, both in scenario outcome and rule by rule.
You are now able to check for abnormalities, wrong checks and volume mismatch before releasing a new version of a scenario in production. And you can keep the test run synthesis as an audit proof for the rationale behind every modification.

The test run allows you to compare a scenario version to a live one and define a maximum duration for the run.
Available for SaaS or under self-hosted licencing

Case manager efficiency

With our latest phase of case manager redesign, we're now reducing context switching with :

  • Alert prioritization : a default activated toggle displays only the rules generating a hit for the case in each decisions
  • Direct to decision display : the decision tab is now set as the default display when opening a case
  • Foldable case history : the case timeline is accessible through a button on the right side of the screen and can be folded to save space for investigations
  • Trigger object display : the trigger object is now easily accessible at the right of each linked decision
  • Pivot accessibility : the pivot value has been moved to the top of each decision trigger object, making it easy to reach and copy in your own back-office.
    Those improvements should significantly reduce the number of clicks needed to overview a case and start the investigation.

We've also added the possibility to upload several files at once to a case.

Hour / Day / Month / Year operator

The builder now allows you to get an extract of a timestamp to use within rules. Based on a timestamp, you can extract the hour, the day of the week (1 = monday), the day of the month, the month of the year or the year.
It's now really easy to check if an operation happened in the middle of the night, or to integrate specific checks during weekends.
You'll need to set the timezone of your instance in the new setting / scenario tab.

Self-hosting

API timeout delays can now be configured

⚠️ API breaking change

We unfortunately had to make a breaking change to the decisions listing API. The GET /decisions endpoint no longer returns the count nested object, the start_index and the end_index of the returned items. Instead, the endpoint now returns a has_next_page boolean field that lets you know if a next pagination page is available. See our documentation page for the up-to-date details.
We absolutely hate to make breaking changes to our public API, but this was one case where the implementation proved fundamentally not scalable, on a feature that we expect was not widely used by API, and where we preferred to make the breaking change now rather than later.

Bugfixes and others

  • data model tables, fields, links can now only be created in lower case alphanumeric and "_", and must start with a letter. Backward compatibility is maintained for older fields and tables, but this will avoid errors in the future
  • The timeout durations for the API endpoints can now be configured, for self-hosted users of Marble. See the .env.example file for examples (use the BATCH_TIMEOUT_SECOND environment variable)
  • Fix a bug where a "required" field in a table could not be added once there were objects ingested into the table. "Requiredness" is now enforced at ingestion time, not in the table itself.

We're not done for this year, stay tuned !