Release: GreyMatter Transit
GreyMatter Transit is a new cloud-native data ingestion and routing service that enables detection-in-transit capabilities. Transit allows security teams to detect threats in near real-time as data moves through the pipeline, before it reaches storage. The service provides intelligent filtering and routing of security telemetry to optimize costs and provide flexible data architecture options.
Learn more about GreyMatter Transit.
Enhancement: GreyMatter Phishing Analyzer
GMPA has been enhanced with additional data enrichment capabilities. It now includes a list of recipients for the email, a list of users who clicked on links within the email, a list of users who downloaded attachments, and a list of email repliers. These improvements provide more comprehensive insights into email interactions and full scope of impact for user reporting phishing. Please note this feature is only available for Microsoft Defender customers.
Learn more about the GreyMatter Phishing Analyzer.
Enhancement: Discover
Customers can now save, name, edit, and clear their asset table filters and queries, eliminating the need to recreate complex views each time they navigate away from the page. The query builder includes a new "Query on: Managed Assets" dropdown option to easily apply queries to managed assets.
Learn more about GreyMatter Discover.
Enhancement: Workflows
New enhancements to GreyMatter Workflows include case creation triggers, artifact-based trigger conditions, advanced switch statements, data filter nodes, task creation nodes, and dynamic artifact context in notifications with domain control for enhanced security. These improvements enable customers to design more tailored workflows that cover a broader spectrum of use cases and facilitate clearer communication across their teams.
Learn more about GreyMatter Workflows.
Enhancement: GreyMatter Mobile App
The Takedowns feature on the GreyMatter Mobile App now includes a new takedown type for social media impersonations.
Learn more about the GreyMatter Mobile App.
Enhancement: GreyMatter Intel Subscriptions
New GreyMatter customers are now automatically subscribed to Threat Advisories and Weekly Intelligence Summaries. Customers also have the ability to update their subscription preferences for the Threat Advisories and Weekly Intel Summaries directly within GreyMatter. These updates ensure customers are receiving the latest Threat Intelligence updates from ReliaQuest as soon as they receive access to GreyMatter.
Learn more about GreyMatter Intel.
Release: Direct Sources
Source | Supported GreyMatter Capabilities |
Asset Inventory, Detect, Respond, Investigate, Hunt | |
Respond |
Enhancement: Direct Sources
Source | Updated GreyMatter Capabilities |
New Respond playbooks: Initiate Scan IP, Scan Results, Initiate Scan Host | |
New Respond playbooks: Enrich Hash, Enrich Domain, Enrich URL, Analyze URL |