Recent Topics
Permissions Needed for Managing Compliance Configurations
With Compliance Profiles being deprecated in place of Compliance Configurations, I'm curious if anyone knows what permissions need to be enabled in a given role to allow for access to the Compliance Configurations features. Compliance Profiles are managed
Release notes-Release 106069
June 2, 2022 XDR New Feature Global Threat Intelligence (GTI) Uptycs GTI feature for the Security/SOC analyst to identify threat indicators such as bad IP addresses or suspicious domains, along with evidential data and insightful information from various
Release notes-Release 105051
May 15, 2022 XDR Enhancements Support to attach global rule exceptions to event rules and alert rules automatically based on matching table name. For more information, see Global Rule Exceptions. Kubernetes Security Posture Management (KSPM) Enhancements
Release notes-Release 104065
April 29, 2022 SaaS New Feature Zero Trust Score Capability to specify severity for a compliance check per OS. When a compliance check runs on an endpoint, a zero trust score is calculated by the pass/fail status of the compliance check and the specified
Release notes-Release 103055
April 10, 2022 SaaS New Feature Exploit Tracker New dashboards to monitor Spring Shell and Spring Cloud vulnerabilities. For more information, see Exploit Tracker. Enhancements Bulk enable, disable, or delete Global Rule Exceptions. For more information,
Release notes-Release 102039
March 27, 2022 SaaS New Feature Managed Anti-virus (AV) Dashboard - Beta Managed AV dashboards to monitor Windows defender status and threat history of Windows endpoints. For more information, see Managed AV Dashboards. New Feature Disk Scans - Beta
Osquery Release notes - Release 5.0.2.28
Release 5.0.2.28 This osquery release includes the following features, enhancements, and bug fixes: General # Enabled commands to check the standard output for NTP records. Enabled commands to exclude registry events based on exclude path.
Osquery Release notes - Release 5.0.2.26
Release 5.0.2.26 This osquery release includes the following features, enhancements, and bug fixes: General Added a new table docker_container_envs to include docker container environment variables. The curl table now returns certificates even if the
Osquery Release notes - Release 5.0.1.26
Release 5.0.1.26 This osquery release includes the following features, enhancements, and bug fixes: General Added the java_packages table to detect Log4j vulnerabilities for Linux, Mac, and Windows. Detection of LDAP bind operation in the new ldap_events table.
Osquery Release notes - Release 5.0.1
Release 5.0.1 This osquery release includes the following features, enhancements, and bug fixes: General # Support for new tables and columns from open-source osquery 5.0.1. Synced the pci_devices table with open-source osquery 4.9.0. Refactored the chrome_extensions table
Osquery Release notes - Release 4.6.6
Release 4.6.6 This osquery release includes the following features, enhancements, and bug fixes: Features and Enhancements Support to capture eBPF based DNS lookup events in case of failed look up events. A new table windows_defender_preference to show
Release notes-Release 101028
March 11, 2022 Endpoint Enhancements Enhanced support for Remediation and Blocking: Specify blocking policy values in bulk via lookup tables. Add new firewall rules for Windows. For more information, see Remediations and Blocking. Bulk update osquery
Release notes-Release 100042
February 27, 2022 Endpoint Enhancements Enhanced support for Remediation and Blocking: For Linux, the capability to add new firewall rules for IP-based remediation and IP-based blocking. For macOS, support to quarantine hosts. The Timeout field is now
Release notes-Release 99047
February 12, 2022 Cloud Enhancements Support to monitor CloudTrail events from all accounts of an organization based on the organization account configuration. If the organization account and the associated account both are configured individually, duplicate
Release notes-Release 98047
January 28, 2022 Endpoint New Feature Quarantine List View and manage quarantined hosts in real-time on the Quarantine List page. For more information, see Quarantine List. Cloud Enhancements Capability to filter each column of the Top Non Compliant
Release notes-Release 97057
January 16, 2022 Endpoint New Feature Log4j Exploit Tracker Added the Log4j Exploit Tracker dashboard to: Monitor hosts, dockerd, and containerd Log4j exploits Download the list of vulnerable JARs, hosts, and images View all Log4j instances running, irrespective
Release notes-Release 96058
January 2, 2022 Endpoint Enhancements Capabilities to detect Log4j vulnerabilities include: Query pack and queries to collect version information of all Log4j jars and exploits in log files. Reports to identify all vulnerable Log4j jars, a full inventory
Release notes-Release 95040
December 12, 2021 This release includes the following features and enhancements: Endpoint Enhancements Blocking policies can now be configured using multiple comma-separated signature values or a CSV file. For more information, see Blocking Policy. Container
Release notes-Release 94051
December 01, 2021 This release includes the following features and enhancements: Endpoint Enhancements Support to delete the firewall rules for Windows endpoints. For more information, see Endpoints > Remediation. Cloud Enhancements New column to distinguish
Release notes-Release 93037
November 14, 2021 This release includes the following features and enhancements: Endpoint New Feature Threat Hunting Dashboard-Beta Threat hunting dashboard to provide threat hunting capabilities for non-alert-centric workflows. Contact Uptycs support
Release notes-Release 92043
November 01, 2021 This release includes the following features and enhancements: Endpoint Enhancements Support to add exceptions directly from the Alert Rules page. For more information, see Alert Details > Add Exception. Cloud Enhancements Support for
Release notes-Release 91040
October 15, 2021 This release includes the following features and enhancements: Endpoint Enhancements A new tab CVE Search on the Host Vulnerabilities page to search a host with the CVE ID. Platform Enhancements Support to manage tags for each configuration
Release notes-Release 90064
October 1, 2021 This release includes the following features and enhancements: Cloud Enhancements Support to edit Pub/Sub, Bucket, and VPC flow log configurations on the GCP Integrations page. Added new event rules for GCP container services. Platform
Release notes-Release 89044
September 17, 2021 This release includes the following features and enhancements: Cloud New Feature Microsoft Azure - Beta Support for Microsoft Azure integration and security audit capabilities by introducing the following features: Azure integration
Release notes-Release 88059
September 06, 2021 This release includes the following features and enhancements: Cloud Enhancements AWS integration by using Terraform script. Real-time alerts for AWS events by fetching Cloudtrail events from Amazon Kinesis Data Firehose. Lookup tables
Release notes-Release 87035
August 22, 2021 This release includes the following features and enhancements: Platform New Feature OpenID Connect (OIDC) authentication Support for new identity provider - OIDC authentication. Enhancements Increased retention period for Automated Threat
Osquery 4.6.5 Release notes
This osquery release includes and following features, enhancements, and bug fixes: Features and Enhancements This osquery release includes the following features and enhancements: UptycsProtect: UptycsProtect engine support for multiple path regex. UptycsProtect
Release notes-Release 86078
August 5, 2021 This release includes the following features and enhancements: Cloud New Feature Google cloud platform (GCP) - Beta Support for GCP integration and security audit capabilities by introducing the following features: GCP project integration
Release notes-Release 85054
July 19, 2021 This release includes the following features and enhancements: Platform New feature: Exposed audit configurations in the upt_asset_audit_configurations table. New feature: Support to filter event and alert rules based on common tags. Enhancements:
Release notes-Release 84052
June 29, 2021 Remediation and Blocking - Limited Availability Added remediation and blocking support for endpoints running on the osquery version 4.6.5 and higher. Contact Uptycs support to preview this addon feature. UptycsProtect Osquery enabled with
Release notes-Release 83028
June 7, 2021 Features Enhancement in the event rule builder Added a new transformation function cast to support type conversions into a string, number, boolean, or timestamp and save the result under a new label. For more information, see Event rules.
Release notes-Release 82040
May 27, 2021 Features Enhancement in the event rule builder Added a new transformation function cast to support type conversions into a string, number, boolean, or timestamp and save the result under a new label. For more information, see Event rules.
Release notes-Release 81044
May 12, 2021 Features Audit Groups A new AUDIT GROUPS tab is available on the Configuration > Audit Rules page. An audit group is a collection of audit rules. Use the AUDIT GROUPS tab to seamlessly create and manage audit groups and assign those to assets
Release notes-Release 80049
April 25, 2021 Features Navigation menu Re-arranged the left navigation menu items for easy navigation across the UI. For more information, see Uptycs help. Kubernetes dashboard New Kubernetes dashboard monitors cluster activities and compliance. Use
Release notes-Release 79033
April 6, 2021 Features Download filtered assets list Added support for downloading filtered assets list in a CSV file from the Assets under management page. For more information, see Asset management. Recent remote user activity On the Asset Details
Osquery Release Notes-Older releases
Depreciated the docker_host table. Added a filter in HTTP events to exclude internal traffic. Enhanced the shell_history table to include fisshell history. Added binary_type and arch columns in apps table to distinguish between 32 & 64-bit applications
Osquery Release Notes-Release 4.2.xx.xx
The following features and enhancements have been added: Support for YARA process memory scanning with the YARA table, YARA process events, and process memory carving for Linux and Windows. Merged eBPF tables into Audit tables. New columns added in the process_events, process_file_events,
Osquery Release Notes-Release 4.4.xx.xx
The following features and enhancements have been added: Enhanced password validation criteria for files with pam_cracklib.so configured. A new custom parameter patterns added for the CIS section 1.4.2 and improved regex for the CIS section 2.2.1.2. Enhanced
Osquery Release Notes-Release 4.5
The following features and enhancements have been added: Fix for the unwanted filesystem access by SQLite ATTACH. Remote/local option support for the user_groups table. Fix for vulnerability scanning. Fix for CIS caching issue. Support to enumerate user_account_control in
Osquery Release Notes-Release 4.6
The following features and enhancements have been added: Support to configure fatal_cvss_score in the osquery-scan script. Support for the regex patterns ending with .*$ in the kernel. Support for ECS fargate tables. Support for farquery to include secrets/hostname