July 4, 2023—The Detection Model Management app now offers the ability to create custom
filters using search query syntax. Create custom detection models that use the new
custom filters
to trigger the generation of custom Observed Attack Techniques events and Workbench
alerts.
The custom Observed Attack Techniques events and Workbench alerts are accessible by
several
downstream features and services, including the Observed Attack Techniques app, the
Workbench
public API, widgets, and third-party SIEM integrations. In addition, the new custom
detection
models can be leveraged by the Security Playbooks app to create automated response
actions.