Over the past quarter, the Cado team has been hard at work bringing new features and enhancements to the Cado platform. Here's an overview of what we’ve been up to:
As we continue to enhance and expand the capabilities of the Cado platform, Q4 brought a host of updates designed to improve the efficiency and effectiveness of your cloud investigations. This quarter’s updates focus on better monitoring, detection, and acquisition workflows to streamline your security operations.
Import UX Improvements
Import Multi-Select
Multi-select even supports resources from across multiple projects.
The Cado Platform now allows you to select multiple resources to import at once, saving time and streamline investigation kick off.
Cloudgrep Integration for S3
By embedding Cloudgrep (A Cado Open-Source Project) into the Cado platform, we enable security teams to search cloud storage logs efficiently and import only the relevant data for analysis. This approach provides several benefits:
Search Before Ingesting
Instead of importing entire log repositories, analysts can now perform targeted searches across AWS, Azure, and GCP storage. This helps teams quickly find relevant log files while reducing unnecessary ingestion.
Faster Investigation Workflows
The new 'Search content' action type allows users to identify and extract only the logs that contain relevant indicators of compromise (IoCs), accelerating the time to insight.
Improved Filtering and Precision
With new filtering options, users can refine searches by Name and Type, ensuring they retrieve only the most pertinent log files.
Types of Events in an example log file
Seamless Review and Import
Security teams can now:
- Review selections before ingesting data
- Execute search queries with detailed summaries
- Import files containing search hits for deeper forensic analysis
Certificate Based Authentication for Azure
Users can now use certificate based authentication when working in and with Azure environments
Browse Disk Improvements
Users now have the ability to do the following, which massively streamlines workflows:
- Find files
- Jump straight to files, based on a path
- Filter all files by malicious/suspicious
Vulnerability Scanning For Linux Resources
The Cado Platform now has vulnerability scanning into its investigation pipeline.
This new capability enables automated full-disk vulnerability scanning, providing security teams with comprehensive visibility into risks hidden within forensic evidence.
The vulnerability discovery feature can be run as part of an acquisition, or via a faster ‘Scan only’ mode.
A fast vulnerability scan being performed on the acquired evidence
Once the acquisition has completed, the user will have access to a ‘Vulnerabilities’ table within their investigation, where they are able to view and filter open vulnerabilities (by Severity, CVE ID, Resource, and other properties), as well as pivot to the full Event Timeline. In the Event Timeline, the user will be able to identify whether there is any malicious, suspicious or other interesting activity surrounding the vulnerable package, given the unified timeline presents a complete chronological dataset of all evidence and context collected.
Vulnerabilities discovered on the acquired evidence
Role Based Access Control Improvements
There are now 5 roles available in the platform:
|
User Role |
Description |
|
Administrator |
Ability to access all functionality in the Cado platform |
|
Platform Administrator |
A more restricted set of permissions than Administrator, with a focus on operational aspects of the platform including upgrades, account management, and troubleshooting. |
|
Lead Analyst |
A restricted set of permissions with a focus on managing investigations including user access and taking response actions |
|
Analyst |
A more restricted permission set than the Lead Analyst role, with a focus on conducting investigations including acquiring and analysing evidence |
|
Read only Analyst |
Most restricted role with read only access |
This update gives administrators more granular control over account permissions in the platform, allowing for better control over what can access what data. More information about the roles can be found here.
It is also now possible in the platform to allow an API key to be assigned to a role as well allowing better control over what data can be accessed via a given API key.
This is just a brief look into the recent achievements and progress the Cado team has made over the past quarter. We’re extremely excited about the positive impacts these new features are having on our customers. While these features and improvements are another step forward in revolutionizing forensics and incident response, there’s much more to come!
If you want to see how Cado can revolutionize your investigative workflow, schedule a demo with our team.
More from the blog
View All Posts
Subscribe to Our Blog
To stay up to date on the latest from Cado Security, subscribe to our blog today.