Release Notes
Also available as:

New Features

HCP is a cybersecurity application framework that provides the ability to parse diverse security data feeds, enrich, triage, and store the data at scale, and detect cybersecurity anomalies. HCP 1.1.0 provides the following new features:

  • Support for running HCP in a Kerberos environment

  • Significant improvements to Management module

    • Threat triage configuration

    • Enrichment configuration

  • Support for full numeric types in Stellar .

  • Support for Common Event Format (CEF) parser.

  • HyperLogLogPlus (HLLP) sketches for Stellar and profiler for cardinality estimations.

    Now you can answer questions like "# of distinct IPs did this user connect to?" in triage rules.

  • Geo enrichment no longer relies on MySQL.

  • Removed all dependencies on MySQL simplifying licensing and installation.

  • Performance improvements for enrichment loading.

  • Stellar transformations are now enabled in enrichment loading.

  • Stability and robustness improvements to the profiler and core Stellar functions.

  • Indexes can be turned on and off at the sensor granularity (for example, you can write to HDFS without writing to Elasticsearch).

  • Support for Zeppelin notebooks.