CYBERSIFT Change.log 03.25

This March, the CyberSift team continues to sharpen our platform’s performance, user experience, and accuracy - bringing smoother operations and deeper insights to our clients. These latest improvements target critical areas including automated certificate provisioning, vulnerability triage, and firewall log interpretation. Let’s dive in!

DRIVE Updates:

1. Automated HTTPS Certificate Provisioning

   • CyberSift Drive now supports automatic provisioning of HTTPS certificates via Let’s Encrypt using the https-domain command-line flag - making setup and maintenance of secure file transfers even easier​.

TUTELA Updates:

1. New Meta CVE: CS-INFO-TLS-CERT-INFO

   • Introduced a new meta CVE to display details about detected TLS (HTTPS) certificates, offering more visibility into certificate health and validity​.

2. Improved UI for CVE Triaging

   • Enhanced usability with expandable rows for deeper vulnerability insights

   • “Fixed In” package versions are now highlighted when available, speeding up patch prioritization

   • RHSA references are included for Red Hat and its derivatives, where applicable.

SIEM Updates:

1. Improved Checkpoint Firewall Log Accuracy

   • Fixed an issue where some “Connection terminated…” logs were being misclassified as “Action: Accepted”, ensuring better alert reliability.

2. Palo Alto Firewall Log Improvements

   • Enhanced parsing of:

     • Threat Logs (IPS logs)

     • Audit Logs (Admin activity)

3. Large Report Generation Handling

   • Improved stability and performance when generating large, complex reports, supporting better scalability in enterprise environments​.

These updates continue to refine how our platform delivers security insights, automates protection, and supports compliance efforts - all while reducing friction for your teams.