v2.1.2¶

Version 2.1.2 provides new features, existing feature enhancements, and fixes.

New features¶

This section describes the following new features that we are releasing with version 2.1.2:

• Comments section in tickets

• Microsoft Sentinel SIEM Integration

• Specify the default email quarantine folder

1 - Comments section in tickets¶

Comments can now be added to tickets. This is advantageous for both Coro customers and Coro SOC team members when communicating ticket analysis and recommended actions. Comments can also provide general information.

Comments in tickets can increase the efficiency of ticket resolution by eliminating the need to manually communicate ticket-related information via email or other messaging platforms.

In addition, customers will be able to respond to SOC's analysis and add their own general notes to tickets. Comments can also be sent to customers directly from the Coro console.

For further information, see Adding comments to tickets.

2 - Microsoft Sentinel SIEM Integration¶

Coro now supports Microsoft Sentinel SIEM Integration.

For further information, see Microsoft Sentinel.

3 - Specify the default email quarantine folder¶

You can now specify the default folder where phishing emails are stored for Microsoft 365 and Gmail.

For further information, see Specify the default email quarantine folder.

Enhancements¶

This section describes the enhancements that we’re releasing with version 2.1.2:

• Import protected users from a CSV file

• Import email security Allow/Block lists from a CSV file

• Download suspicious emails for further inspection

• Detection of phishing URLs encoded in QR codes

• MSP portal export workspace list to CSV

• MSP portal workspace list reordered

• Minor MSP portal column changes

1 - Import protected users from a CSV file¶

You can now add users to protection by importing a CSV file containing a list of user email addresses. This improves the existing method of pasting a list of email addresses into the Add users to Coro protection dialog on the Protected users page. This feature is especially useful for clients who do not use Microsoft 365 or Google Workspace

For further information, see Import protected users from a CSV file.

2 - Import email security Allow/Block lists from a CSV file¶

You can now add existing email security allow/block list data by importing a CSV file containing a list of user email addresses with their corresponding list (Allow/Block) .This improves the existing method of pasting a list of email addresses into the Add to Allowlist/Add to Blocklist dialogs on the Allow/Block tab on the Emails page. This feature is especially useful for clients who do not use Microsoft 365 or Google Workspace

For further information, see Import email security Allow/Block lists from a CSV file.

3 - Download suspicious emails for further inspection¶

Email Phishing tickets now have an additional action which allows you to download the suspicious email (.eml format). This allows you to thoroughly examine potentially malicious emails before taking any further action. This download action applies to both open and closed Email Phishing tickets.

For further information, see Downloading suspicious emails for further inspection.

4 - Detection of phishing URLs encoded in QR codes¶

Coro’s phishing in email mechanism has been enhanced to identify phishing attempts within emails containing phishing URLs encoded as QR codes.

This mechanism is initiated when phishing URLs encoded as QR codes are detected within an email, and the email contains one or more predefined words in the subject of the email.

5 - MSP portal export workspace list to CSV¶

You can now export (filtered) lists of workspaces as CSV files from the MSP portal, which can then be downloaded from the Activity Log.

To export a workspace list to a CSV file:

1. From the MSP portal, filter the workspaces list using the Plan, Add-on, and Type filters:

   

2. Click ACTIONS:

   

3. Select Export to CSV:

   

   A message is displayed to confirm the CSV export is in process:

   

   After the export is complete, the CSV can be downloaded from the Activity Log.

4. Select Activity Logs from the toolbar:

   

5. Navigate to the new entry which confirms a CSV report has been generated:

   

6. Click DOWNLOAD:

   

   The CSV export file is downloaded:

   

The following workspace information is included in the CSV export file:

• Company name

• Display name

• Workspace ID

• Workspace type

• Parent workspace ID

• Plan

• Days left of Coro subscription

• Number of Protected users

• Number of Protected devices

• Number of Protectable users

• Max number users under the license

• Last active

• For each workspace module and add-on: A flag to indicate whether a particular module/add-on is applicable to the workspace

6 - MSP portal workspace list reordered¶

The MSP portal workspace list has been re-ordered according to the following workspace types:

• Coro.net workspaces

• Channel workspaces

• Child workspaces

• Regular workspaces

7 - Minor MSP portal column changes¶

Minor column changes have been made to the MSP portal.

Renamed columns:

• Protected users > Users
• Max protected users > Max users
• Protectable users > User potential

Removed columns:

• Open tickets

New columns:

• Devices (protected devices)

Fixed items¶

The following fixes are included with version 2.1.2:

• Fixed an issue in which excluding emails from sensitive data scans based on subject line keywords did not work correctly if special characters were included in the keywords.

• Fixed a permission-related issue that was preventing the successful execution of the suspend/unsuspend user action for specific users within the Microsoft 365 cloud service.