Release Notes

2020

July

Here are some freshly added features and improvements:

  • ETS

    1. Implemented a Quick Scan API

    2. GSuite, Profiles, and Advanced Scan fixes & improvements are made.

  • Investigations

    1. When a deleted email is tried to send analysis, a warning message is displayed to the user as a deleted email shall not be sent to the analysis.

  • Training Reports

    1. In multi-company selection, the remove icon is renewed to the trash can instead of displaying a large X.

    2. An error fixed that causes the warning messages displayed twice after clicking the send button.

    3. Updated warning messages for each type of training resend operations to define the operation in a much more clear/obvious way.

  • Training List

    1. Added a chip display in the search bar when clicked System Training category.

    2. Fixed an error of duplicate listing of the Custom category.

    3. Added training items are listed latest to oldest for company admin (language selection are also applied here, English first)

    4. Fixed an error on the search bar.

    5. Fixed some UI bugs.

  • General

    1. Migrated jQuery to v2 to v3.5 for fixing vulnerabilities of jQuery.

    2. Fixed some IDOR vulnerabilities.

    3. Data research completed. Company Info encryption in database PoC completed.

    4. Offboarding application for production PoC completed.

    5. For LDAP integrations, name and surname fields are separated.

  • User KPI’s

    1. The training score is displayed as 50 for newly added users. Implemented a feature to display as 0.

  • Playbook

    1. Fixed an error that causes saved investigation scan types not to display when editing.

    2. Fixed an error on notifying user action.

  • Phishing Scenarios

    1. Fixed the error when on attachments that prevent saving the template for *.xlsm files.

    2. URL Clone feature is improved-no need to refresh the page now.

    3. Editor file upload support.

    4. Fixed some UI bugs.

October-1

  • SCIM settings page implemented.

  • The training marked as test excluded from dashboard statistics.

  • Implemented sending Campaign finished emails only to the campaign creator.

  • Forgot password page white labelling

  • Implemented shortcode usage in training enrollment email's subject in notification templates.

  • New dashboard search problems fixed by adding a search button.

  • Page state kept when there is a validation error on the phishing scenario create / edit page.

  • When the company admin creates a new phishing scenario, redirection changed to edit instead of the list page submitting initial info.

  • Removed set default checkbox on the company settings page for time zone. It automatically picks up the selected time zone for the company on the pages like the campaign start page.

  • When training sent to multi groups, if an email address exists on multiple groups, it had enrolled various times—fixed for single enrollment.

  • Improved performance of the training list page.

  • Training & Target User API s implemented.

  • Implemented role cloning for system users.

  • Fixed various bugs.

October -2

  • Advanced Reporting Change Enrolled Date to Actual Mail Send Date

  • Last 6 Months Performance Graph Total Points Change

  • Phishing Simulator, Data Capturing Settings

  • Azure AD Sync to only one group (Set by Default Group) feature.

  • Exam score bug fix

  • Dashboard type bug fix

  • Reseller role clone bug fix

December

  • Select All Target Groups on Send Training Multi-Tenant Email Groups

  • Scorm Training Title Character Error Fix

  • The new feature, Certification email, and Training email will show up on Sending Report as two rows. We can see if Certificate went successfully or training easily.

  • On the training report, we can see if the certificate has been chosen for the training and which certificate it is-Certificate preview button.

  • Training sending report type column (certificate and training can be filtered easily)

  • Campaign Reports Sort & Filter fix and feature.

  • Training Reports Sort & Filter fix and feature.

  • Company User Limit Label change (new name: Active Users) - (Company List)

  • Company User Limit and Renewal Date sorting bug fix. (Company List)

  • Notification clone template. You can clone the notification templates to another company easily.

  • Company White Labeling Favicon feature has been added.

  • Company White Labeling Support email feature has been added.

  • The training reminder feature has been added. It is possible to customize the training reminder notification template.

  • Pie Chart has been developed and fixed.

  • Bug fixes

  • Internet Explorer bug improvements.

2021

January

  • O365 Phishing reporter extension can be used for reporting emails on Office 365 mailboxes.

  • Column names and column orders are made the same as the UI’s default column order and names when exporting to PDF, Excel, and CSV.

    • Target Groups

    • Company Groups

    • Company Group Details

  • On threat sharing, reported emails, target users, company groups, and investigation details pages after an operation that requires users to land another page, users can stay exactly where they are after coming back to the corresponding page. For instance; when email details are clicked after navigating through pages when the back button of the browser is pressed, the reported email table displays the results where you left off.

  • Server-side pagination, filter, and search are implemented in the following pages for better performance.

    • Threat Sharing Communities

    • Threat Sharing Incidents

    • Company List

    • Reported Emails

    • Target Users

  • For a better user experience, a loading indicator is added to the company switch popup for listing the companies.

  • On analysis results for reported emails, the Clean verdict is changed to Undetected since there is no 100% clean.

  • A new design for the “Reported Emails” data table’s clustering feature is added with clustering by the reporter as well. When one of the cluster options is selected, the last item for that cluster is displayed in order to take quick action. For other emails with the selected cluster option, a detailed view is added.

  • For the Rest API clients, IP restriction is configurable for each client separately: the client is allowed by any IP address or only from the selected IP addresses.

  • “Notification Template” template category label is changed to the template type.

  • Better search experience on data tables is provided by adding a one-second delay after writing a text into the search box.

  • Google Tag Manager is added to the UI for collecting anonymous usage data.

February -1

  • On the Create Company and Edit Company pages, select a Reseller is no longer optional for Reseller roles. A Reseller selection obligation has been created for users with the Reseller role. If the Reseller selection field is left blank, an error display is provided for users who create companies (custom company admin).

  • Performance improvements were made on Exchange EWS integration and investigation features.

  • User’s department name added on both “Leader Board” and “User Performance” column on the Gamification Report.

  • The User’s department name also added to the excel report on the Gamification Report.

  • {TO} and {TONAME} shortcodes added to Scheduled Report email template.

  • Bug fixing on Virustotal API key create/edit page. Trim has been made for errors that occur in VirusTotal API keys.

  • Favicon featured added to Phishing Campaign.

  • When a user deletes a training report, all statistics related to deleted training are automatically removed:

    • Leader board

    • User performance

    • Training engagement

    • Company score

    • User KPI statistics

  • Report Manager > Training Report List > Sending Report page has a delete option now to remove user’s data from training report and as well as all related reports.

  • Report Manager > Training Report List > Sending Report page has a restore option now to restore user’s data from training report and as well as all related reports.

  • Mark as a test option added to Training report

February -2

  • On the Target User page, bulk upload field mapping on the data table custom field’s columns is changed to display in the latest order.

  • Fixed an error on bulk upload function on the target user page - when Firstname and Lastname fields are empty on the provided excel file.

  • Following improvements are implemented for Incident Responder Investigations:

    • Target Group / Target Users selections are implemented. You can start an investigation by selecting specific target users or multiple target groups.

    • For a clear and more focused investigation experience, items like Calendar meetings, Notes are discarded and provided an investigation for only mail items in scanned mailboxes.

    • When configuring O365, testing the mail configuration functionality is provided on the given mail address. In addition, for the actions like creating or updating a category in the test process, marked as a test for the indication.

    • Investigation for multi-language O365 accounts is implemented. Mails are displayed in the corresponding folder even if the mailbox of the user is in a different language.

    • Keyword regex and IP match condition filters are improved.

    • O365 investigation performance improvements are implemented.

  • Column names and column orders are made the same as the UI’s default column order and names when exporting to PDF, Excel, and CSV for the following tables.

    • Phishing reporter users

    • Investigation details

    • Target group details

    • Company list

    • SMTP settings

    • Notification templates

    • Rest API settings.

  • Exported files are now named the same as an exported data table.

  • The left menu is re-ordered for better navigation. While settings-related menus are moved down, menus that have critical system functions are moved upwards.

  • The company logo and user profile part of the left menu is fixed, and a new scroll has been added to the left menu for easy navigation.

  • A fresh button is designed for adding new items to the data table for better visibility.

  • Minor changes have been made on the Playbook’s query builder for clarifying the rules you’ve created.

  • Investigation filters are now grouped by type, and they are searchable now.

  • A little “Folder” indicator label has been added to the Investigation details page on the folder list.

  • SMTP settings have an easier configuration page by adding descriptions to the fields like Reply-To, Error To fields.

  • Threat sharing post attribute selection when sharing an incident has been revised for hiding/showing items on the shared incident.

March -1

  • Multi-factor authentication support is added after a period of time multi-factor authentication will be required to log in for all users. We recommend setting up multi-factor authentication until this date with Authenticator tools like Authy, Duo Mobile, LastPass Authenticator, Microsoft Authenticator, Google Authenticator.

  • An error on target user deletion is fixed.

  • The Menu icon will now be correctly positioned on higher resolutions.

  • Pages with excel export support will use a newer .xlsx file format rather than .xls format.

  • A number of UI improvements are made on the investigation details page.

  • The filtering experience on the investigation list page is improved.

  • Target user and phishing reporter list operations are switched to the server-side for improved experience and stability.

  • We enabled retrieving all records for the audit log page by placing a load all button.

  • Filter options are added on pages with a listing, such as setting up a default filter for a better experience.

  • Two new analysis engine integrations, FortiNet and VMRay are added.

  • Suspicious email reporting is enabled on Outlook inspector mode for imported files on Outlook Desktop.

  • Field customization is added for Office 365 integration.

  • Some IDOR vulnerabilities are fixed.

  • Sending mail to inactive users after mail analysis is prevented.

March - 2

  • White labelling options are added to the system. Now you can set up your Keepnet product with your own brand by customizing the product logo, brand name, favicon, footer links, and etc.

  • Search functionality and performance are enhanced on the Switch Company page. Also, we added a link to the Companies page where the user can see the full list of companies he/she authorized to switch.

  • The performance is greatly increased while uploading and importing a large file containing a large number of target users.

  • Sensitive data like system user first name, last name, the email address will now be kept encrypted in the application database. These encryption changes are applied to System User, Target User, Company Info, SMTP settings, and Integrations data.

  • IBM X-Force analysis engine integration is added.

  • Analysis engine results that are still pending will now show as Undetected instead of N/A. Custom fields can now be filtered in Target User, Target Users Import, and Add User To Target Group pages.

  • The dashboard background on page load now shows correctly on Safari browsers. System users who are created after creating a company are now correctly added under this newly added company, instead of the active company for logged-in user.

  • All Audit log page operations like filtering and sorting now switched to server-side. Implemented various UI enhancements on e-mail template design editor.

  • We added support for editing HTML and CSS of an email template and fixed cases where CSS classes do not get applied to the elements.

  • We removed the option for disabling multi-factor authentication once the user successfully finished setting up multi-factor authentication, and we added the option for users to switch multi-factor authentication to the application on the security page.

  • We refreshed minor UI elements and labels for Multi-Factor Authentication login.

  • We removed 100 record limits from Community and Incident lists

  • We implemented a fix where the user will no longer see posts from communities he left in the Threat Sharing module.

  • The system pop-up dialogues are refreshed for a better user experience.

  • On the Integration add edit page, the description field is changed to the text are for providing a better view when entering a description for the analysis engine.

  • Exporting data to the excel file label is changed from XLS to XSLX on the data table export feature.

  • Investigations list table columns are updated with displaying the Investigation triggers as Automatic, Manual as Playbook, etc.

  • Test connection feature is added for VmRay integration.

  • Also, an issue is fixed for blocked uploads to VmRay when some characters exist in the filename.

  • Left menu collapse animations are synchronized with the left menu items' movements.

  • We fixed the errors below:

    • An error when hash scan and file upload analysis status displayed incorrectly in some situations.

    • An error when the logged-in user company displayed incorrectly in some situations.

    • An error while filtering the AnalysisSource column in the Reported Emails table.

    • An error while importing target users using an empty excel file which is downloaded from google sheets.

    • An error where a deleted user role is also shown in addition to the current user role for logged-in users.

    • An error when a logged-in user role is displayed as Phishing Reporter in some situations.

    • An error on VMRay integration

    • An error on investigations when causing to display all users scanned when scanned user count is 0.

    • An error while uploading an empty spreadsheet file.

April - 1

  • Numerical values in Line Graph and in Training Reports were fixed. We show the view duration between 0-100 percentage. It will be much easier to understand the data in the training report excel on SCORM training.

  • Training Logging Mechanism was fixed. We log basically every action that users make in the training list or in the training report such as, delete, launch, edit a reminder, disable reminder, any action on the training report menu.

  • We fixed the bug that the system was submitting the same action after refreshing the page.

  • Training Report Menu Not Loading Data Real-Time was fixed. We improved this page to make this page loads in real-time without needing to refresh the page in order to see new data on the training report.

  • Small typos/ bugs are fixed on the company selection structure.

  • Virustotal Link Shows Up in Phishing Campaigns was fixed. The admin sends a phishing campaign to the employee, employee report this phishing campaign without clicking it. But when the user reports it, the user is seemed to click the link because of the Virustotal scanning in the phishing campaign.

  • Sub Reseller can't be Reseller of Master Reseller bug was fixed.

  • The admin is able to get unique training URLs of each user from specific training.

  • We fixed the {FirstName} variable not displaying in the preview error. When a user previews the phishing campaign, it doesn't show the user's first name, but this feature normally works as expected. We fixed this case.

  • Page loading was improved on Advanced Reporting Dashboard, and page loads under 1 second.

  • A Bug fixed on the Company group. When Reseller adds a company to a company group, the company gets training, but also some training doesn't show up in the customer profile. We fixed the business logic permanently.

  • Phishing Simulator Duplicate User Sending bug was fixed. When the admin sends a phishing campaign to multiple groups and if X user in these 3 multiple groups, for example, the user receives a phishing campaign three times. This business logic has been developed in this release.

  • XML Button - Suspucius Email "To" feature was added. When the user reports a suspicious email, the original email will be sent to the IT or SOC email group.

  • White labelling Menu Favicon bug was fixed. When Reseller simulates a company that is under the reseller and goes to the White labelling menu of the company, the Keepnet logo was showing up automatically instead of the Reseller. We fixed this and showed the Reseller's logo instead of Keepnet.

  • Training Report Reminder Date improved, and the bug was fixed.

  • Reseller Menu Added to Multitenant Training Page. The admin will be able to see the Reseller name in the Reseller menu on the Multitenant Training Send page.

  • The 'Hide EULA' option was removed from the company edit page to the Whitleabeling menu.

  • Awareness Educator module iSpring integration upgraded from 8.7 to 9.7 version.

  • The exchange XML button is now compatible with Outlook Desktop on Apple Mac OS X, Microsoft Outlook, and OWA applications.

April - 2

  • Reanalyze option is added for sending reported emails. You can send an email to the analysis using the integrations you’ve. The undetected items will be rescanned.

  • Scanned items in reported emails now check the verdict in the analysis engines once - instead of polling them for 24 hours if no verdict has found for the item.

  • API Keys for integrations are now masked for security purposes.

  • Custom roles are implemented. Custom roles with custom permissions can be created and selected as well as made available for the tenants.

  • When creating a system user, the default selected role is now set Company Admin instead of Root in order to make system user creation easier.

  • Company switch performance and search are significantly improved.

  • Client secrets are masked now on the Rest API client’s edit page for security reasons.

  • Multi-Factor Authentication SMS codes countdown is added for improved user experience. A minute countdown can be seen on the MFA screen prior to sending an SMS again.

  • Sender email address and Sender name columns are added to the reported emails table.

  • The footer design is refreshed.

  • Notification templates can be seen and filtered as a separate column by module they belong to on the Notification Templates page.

  • GrapesJS Editor functionalities are improved.

  • URL Analysis Result tab for reported email tables is refreshed. It is possible to see more details about integration that the given URLs in the reported email are scanned with.

  • Performance is significantly improved for O365 investigations as well as target user bulk add operations.

  • Target users’ bulk update field selection dropdown now has the “None selected” option as an escape for correcting selections for mismatched properties.

  • The investigation option for Threat Sharing posts is now displaying all items that can be investigated with displaying harmful items option.

  • Performance improvements have been made when sending a new post on a crowded Threat-Sharing community.

  • Playbook action now has a status field. Reported emails’ status can be set automatically when matched a playbook with status action.

  • Office 365 settings are stored as encrypted on the DB.

  • The test button for SMTP settings is added.

  • Some labels and snack bars on the UI are fixed.

  • Some bugs on the several modules system for stability are fixed.

April - 3

Bug fixes:

  • System Role name not matching in the System User menu bug is fixed.

  • Incident Responder Notification Template not being cloned as Custom bug is fixed.

  • Office365 Phishing Report Picture no loading bug is fixed.

  • The bug in the Get Email field is fixed.

  • The bug that was downloading Encrypted Attachments on the Analysis Detail page is fixed.

  • Office365 MD5 investigation bug is fixed.

  • The reminder bug is fixed.

What's New:

  • Captcha for custom Whitelabeled SSL domains is now available.

  • Copy button is added in the Analysis detail menu in Incident Responder reported email page to copy URLs with one click.

  • Updating user's email addresses in Azure/Okta without creating duplicate records in the system is available.

  • The Auto Investigation feature now supports Office365.

  • Reseller column developed and can be filtered in the Companies menu.

  • Training and Reminder notification templates have a 'first name' tag feature now.

  • System Training's URL will be automatically changed when the training synchronized in On-Premise servers.

Improvements:

Advanced Reporting Dashboard speed improvements are made.

May -1

Bug fixes:

  • The certificate now can be resent in the Sending menu on the training report.

  • After you edit the phishing campaign after sending the phishing campaign by using Campaign Manager, you now see the correct template settings that you sent.

  • The phishing reporter MSI add-in can be downloaded from the menu in EMEA Keepnet Labs Cloud.

What's new:

  • The video forward bar can be disabled or activated in Video training. The user cannot pass quickly from beginning to end while watching the video. The progress bar will be disabled if the option chosen in the video training edit menu.

  • Both EMEA and Global Keepnet Labs Cloud have Forti Sandbox integration for Incident Responder.

  • Phishing Report Mark As Test feature is developed. You can now mark the phishing campaign as Test. The related phishing campaign statistics will be removed from the User KPI.

  • New APIs have arrived. You can now be able to create, delete, list target groups or users. You can now be able to list phishing campaigns, and inside of the phishing campaigns, you can get information from Summary, Department, Phishing Report, Sending, Campaign Clicked, Campaign Opened, Campaign Submitted, No Response, Macro Attachment menu(s).

  • Show unique domains: You are now able to see unique domains in the target group with one click and be able to whitelist the domains in the customer profile.

Improvements:

  • The old flash-based serious games have been removed from the training list. The new HTML5-based serious games will be uploaded to the platform.

  • The target groups which belong to an Inactive company will not be seen in the multi-tenant launch menu.

May - 2

Bug Fixes:

  • Fixed several bugs, improved security, performance, and stability throughout the platform.

What's new:

  • Investigations now scan emails from the enterprise vault for Outlook Addin; users, as well as emails in the enterprise vault, can be deleted from the Investigation details page. In addition, users can report emails for scanning in the enterprise vault with Outlook Addin.

  • Phishing Reporter User’s email addresses are now persisted as encrypted.

  • Audit logs are now can be found in the Event Logs.

  • Logging API requests/responses are now configurable.

  • The source column can be filtered on the Reported Emails table.

  • AddIn Status and Diagnostic Tool status columns are now filtered on the Phishing Reporter Users data table.

  • The login page is updated for Identity Provider (like SAML) implementations for the next releases.

  • The server-side pagination feature is expanded for the entire data tables on the system.

Improvements:

  • Timezone and date-time settings improved. Users can now alter their settings without logging out and in.

  • Consistency is provided on data displayed after deleting an item from the last page of the datable.

  • Target User Bulk Operation with Excel feature performance is significantly improved.

June -1

Bug Fixes:

  • This release contains majorly fixed bugs, improved security, performance and stability throughout the platform.

What's New:

  • SAML integration is implemented. Companies can create an integration for their SAML identity providers and users now can login using SAML integration. When using SAML, a user who doesn’t exist on the system is created with their assigned user information and role on the SAML identity provider.

  • Audit logs can now be displayed and exported on Windows Event Logs.

Improvements:

  • In Phishing Reporter Users table, Status column is renamed as Add In Status.

  • Phishing Reporter Outlook Add In performance is improved when Outlook is started.

  • Target user custom fields with the date and date-time types can now be filtered and displayed within the option of active user’s timezone and date-time format selection.

  • Datatable filter for the multi-select search box is improved. When an item count is less than 5, the search box is not displayed. Otherwise, users can search using multiple filter items.

  • Permission names are listed in a user-friendly way on Custom Role create/edit pages.

  • Investigation actions are improved for consistency and better user experience both on playbook and investigation start pages.

June - 2

Bug Fixes:

  • A bug causes scrolling problems on the modal popups.

  • Bug fixes on security, performance and stability throughout the platform.

What's new:

  • Investigation regex filter on mail body feature is implemented. When a filter is selected, scanned emails that match to the given regex shall be displayed on the investigation results. (* This feature requires the update of the Outlook AddIn clients)

  • New Company onboarding wizard is implemented. When resellers create a new company, settings like SMTP and white-labelling of the new company can be configured quickly with a click of a button.

  • Notified email result field text can be customized by the selected company’s language.

Improvements:

  • When downloading the current page of the Phishing Reporter users, the users listed on the page and on the excel page do not match since the last seen information of the users is updated. Now, the displayed user list is reflected to excel.

  • List pages’ performance has been optimized throughout the system.

  • On the Investigation List page, user count and progress calculation performance is improved.

  • Authorization flow is reimplemented for performing better authentication/authorization checks.

July-1

Bug Fixes:

  • The date and time was fixed for some users and system-wide in Gamification Dashboard.

  • The timezone has been fixed in Phishing Simulator > Campaign Manager menu. The date and time which are chosen while sending the phishing camping should be sent on the correct date and time related to the company's timezone.

  • A control mechanism was added to the users who have low-level roles. The low-level role user can't change the role of the high-level user.

  • The MP4 training contents can be watched in the browser as full-screen by default.

  • The User KPI menu was improved and a bug was fixed.

  • The training which was published via the Available For feature wasn't being saved the first time with a custom email template - this bug is fixed.

What's New:

  • A new report generator that provides information about the summary of the training deployed was developed for Resellers.

  • The user roles are now optional for Resellers. The Resellers are able to choose which roles the customer will have.

  • If the customer has a custom Relay SMTP rule, the SMTP Relay test is now optional to be active or inactive.

Improvements:

  • The system performance and stability increased.

  • The Restrict Email Addresses menu works server-side now, this will create performance for listing and adding.

  • The Reseller is able to add different types of domains to the Restrict Email Address menu now.

  • The O365 integration automatic status checker was improved to detect whether or not the O365 integration works correctly.

  • Incident Responder, Manuel investigation is now supported different characters while searching an email in the users' inboxes.

  • The customer is now able to upload different image files which include spaces or different characters in the image file name to the Whitelabeling menu.

  • The new training is now saved as the System Email Template option as default until the user decides to use the Custom Email Template option in the training.

July -2

Bug Fixes:

  • A bug causes marking items as malicious when posting a new incident on Threat Sharing was fixed.

  • A bug that causes the investigation to be interrupted for O365 inbox scans was fixed.

  • A bug on the Outlook AddIn that stops sending heartbeat was fixed.

  • A bug that users with unconfirmed emails fail to log in after a SAML configuration is applied was fixed.

What's New:

  • The Incident Sharing feature is implemented with Cross Company Integration which extends the analysis capabilities of an incident. Customers can open their analysis engines to our other products, which can be configured by their Integrations and Rest clients with many reporting features.

  • Investigations for Exchange Web Services are implemented. EWS can be configured from the Mail Configurations page and users' mailboxes are scanned when starting a new investigation.

Improvements:

  • We improved performance on the Company Group Details page.

  • We improved performance on the Target Group Details page.

  • Company Create quick links are opened on the new browser tab when clicked.

  • Users logging in with MFA now can select don’t ask again on this computer option so that they do not have to enter MFA code each time they log in.

  • We improved performance on reporter emails’ analysis.

  • Outlook AddIn now can report emails that are opened in a separate Outlook window.