Security Bulletin: Update on CVE-2021-44228 - log4j vulnerability
We have patched all Uptycs application systems that use log4j to version 2.16. Please refer to this article for additional details.
Announcements
Release notes-Release 106069
June 2, 2022 XDR New Feature Global Threat Intelligence (GTI) Uptycs GTI feature for the Security/SOC analyst to identify threat indicators such as bad IP addresses or suspicious domains, along with evidential data and insightful information from variousRelease notes-Release 105051
May 15, 2022 XDR Enhancements Support to attach global rule exceptions to event rules and alert rules automatically based on matching table name. For more information, see Global Rule Exceptions. Kubernetes Security Posture Management (KSPM) EnhancementsRelease notes-Release 104065
April 29, 2022 SaaS New Feature Zero Trust Score Capability to specify severity for a compliance check per OS. When a compliance check runs on an endpoint, a zero trust score is calculated by the pass/fail status of the compliance check and the specifiedRelease notes-Release 103055
April 10, 2022 SaaS New Feature Exploit Tracker New dashboards to monitor Spring Shell and Spring Cloud vulnerabilities. For more information, see Exploit Tracker. Enhancements Bulk enable, disable, or delete Global Rule Exceptions. For more information,Release notes-Release 102039
March 27, 2022 SaaS New Feature Managed Anti-virus (AV) Dashboard - Beta Managed AV dashboards to monitor Windows defender status and threat history of Windows endpoints. For more information, see Managed AV Dashboards. New Feature Disk Scans - Beta
Recent Articles
How to Retrieve Software Bill of Materials (SBOM) Using the Uptycs API: A Step-by-Step Guide
To get SBOM(Software Bill of Material) information for your resource through Uptycs API, follow below step → Obtain Access Keys: • Login to the Uptycs console • Go to Account Settings • Create an API Key • Download the API Key in JSON format. For ...Manual Uninstall of Uptycs Protect on MAC
Uninstallation of Uptycs Protect on MAC: 1. First, unload the osquery daemon from the terminal by executing the commands below: sudo launchctl unload /Library/LaunchDaemons/com.facebook.osqueryd.plist sudo rm -rf private/var/osquery ...How should I configure custom Jira fields when creating a Jira destination?
When setting up a Jira destination, the Custom Jira Fields section must be populated with the required custom fields from the linked Jira account in JSON format. These fields are mandatory for the creation of a ticket, even though standard fields ...What should be entered in the "Username" field when configuring a Jira destination?
When setting up a Jira destination, the Username field should contain the email address associated with the Jira account you are linking. Make sure this email is the one used for logging into the Jira system.Shell script to extract required files in case of an osquery related issue on linux endpoint
If any issue occurs on an endpoint because of osquery and if we need to collect all the required logs at one go or using one single script/command to not miss any information, please refer to the below: Please run the above command on the endpoint ...
Recent Topics
Permissions Needed for Managing Compliance Configurations
With Compliance Profiles being deprecated in place of Compliance Configurations, I'm curious if anyone knows what permissions need to be enabled in a given role to allow for access to the Compliance Configurations features. Compliance Profiles are managedRelease notes-Release 106069
June 2, 2022 XDR New Feature Global Threat Intelligence (GTI) Uptycs GTI feature for the Security/SOC analyst to identify threat indicators such as bad IP addresses or suspicious domains, along with evidential data and insightful information from variousRelease notes-Release 105051
May 15, 2022 XDR Enhancements Support to attach global rule exceptions to event rules and alert rules automatically based on matching table name. For more information, see Global Rule Exceptions. Kubernetes Security Posture Management (KSPM) EnhancementsRelease notes-Release 104065
April 29, 2022 SaaS New Feature Zero Trust Score Capability to specify severity for a compliance check per OS. When a compliance check runs on an endpoint, a zero trust score is calculated by the pass/fail status of the compliance check and the specifiedRelease notes-Release 103055
April 10, 2022 SaaS New Feature Exploit Tracker New dashboards to monitor Spring Shell and Spring Cloud vulnerabilities. For more information, see Exploit Tracker. Enhancements Bulk enable, disable, or delete Global Rule Exceptions. For more information,Release notes-Release 102039
March 27, 2022 SaaS New Feature Managed Anti-virus (AV) Dashboard - Beta Managed AV dashboards to monitor Windows defender status and threat history of Windows endpoints. For more information, see Managed AV Dashboards. New Feature Disk Scans - BetaOsquery Release notes - Release 5.0.2.28
Release 5.0.2.28 This osquery release includes the following features, enhancements, and bug fixes: General # Enabled commands to check the standard output for NTP records. Enabled commands to exclude registry events based on exclude path.Osquery Release notes - Release 5.0.2.26
Release 5.0.2.26 This osquery release includes the following features, enhancements, and bug fixes: General Added a new table docker_container_envs to include docker container environment variables. The curl table now returns certificates even if theOsquery Release notes - Release 5.0.1.26
Release 5.0.1.26 This osquery release includes the following features, enhancements, and bug fixes: General Added the java_packages table to detect Log4j vulnerabilities for Linux, Mac, and Windows. Detection of LDAP bind operation in the new ldap_events table.Osquery Release notes - Release 5.0.1
Release 5.0.1 This osquery release includes the following features, enhancements, and bug fixes: General # Support for new tables and columns from open-source osquery 5.0.1. Synced the pci_devices table with open-source osquery 4.9.0. Refactored the chrome_extensions tableOsquery Release notes - Release 4.6.6
Release 4.6.6 This osquery release includes the following features, enhancements, and bug fixes: Features and Enhancements Support to capture eBPF based DNS lookup events in case of failed look up events. A new table windows_defender_preference to showRelease notes-Release 101028
March 11, 2022 Endpoint Enhancements Enhanced support for Remediation and Blocking: Specify blocking policy values in bulk via lookup tables. Add new firewall rules for Windows. For more information, see Remediations and Blocking. Bulk update osqueryRelease notes-Release 100042
February 27, 2022 Endpoint Enhancements Enhanced support for Remediation and Blocking: For Linux, the capability to add new firewall rules for IP-based remediation and IP-based blocking. For macOS, support to quarantine hosts. The Timeout field is nowRelease notes-Release 99047
February 12, 2022 Cloud Enhancements Support to monitor CloudTrail events from all accounts of an organization based on the organization account configuration. If the organization account and the associated account both are configured individually, duplicateRelease notes-Release 98047
January 28, 2022 Endpoint New Feature Quarantine List View and manage quarantined hosts in real-time on the Quarantine List page. For more information, see Quarantine List. Cloud Enhancements Capability to filter each column of the Top Non CompliantRelease notes-Release 97057
January 16, 2022 Endpoint New Feature Log4j Exploit Tracker Added the Log4j Exploit Tracker dashboard to: Monitor hosts, dockerd, and containerd Log4j exploits Download the list of vulnerable JARs, hosts, and images View all Log4j instances running, irrespectiveRelease notes-Release 96058
January 2, 2022 Endpoint Enhancements Capabilities to detect Log4j vulnerabilities include: Query pack and queries to collect version information of all Log4j jars and exploits in log files. Reports to identify all vulnerable Log4j jars, a full inventoryRelease notes-Release 95040
December 12, 2021 This release includes the following features and enhancements: Endpoint Enhancements Blocking policies can now be configured using multiple comma-separated signature values or a CSV file. For more information, see Blocking Policy. ContainerRelease notes-Release 94051
December 01, 2021 This release includes the following features and enhancements: Endpoint Enhancements Support to delete the firewall rules for Windows endpoints. For more information, see Endpoints > Remediation. Cloud Enhancements New column to distinguishRelease notes-Release 93037
November 14, 2021 This release includes the following features and enhancements: Endpoint New Feature Threat Hunting Dashboard-Beta Threat hunting dashboard to provide threat hunting capabilities for non-alert-centric workflows. Contact Uptycs supportRelease notes-Release 92043
November 01, 2021 This release includes the following features and enhancements: Endpoint Enhancements Support to add exceptions directly from the Alert Rules page. For more information, see Alert Details > Add Exception. Cloud Enhancements Support forRelease notes-Release 91040
October 15, 2021 This release includes the following features and enhancements: Endpoint Enhancements A new tab CVE Search on the Host Vulnerabilities page to search a host with the CVE ID. Platform Enhancements Support to manage tags for each configurationRelease notes-Release 90064
October 1, 2021 This release includes the following features and enhancements: Cloud Enhancements Support to edit Pub/Sub, Bucket, and VPC flow log configurations on the GCP Integrations page. Added new event rules for GCP container services. PlatformRelease notes-Release 89044
September 17, 2021 This release includes the following features and enhancements: Cloud New Feature Microsoft Azure - Beta Support for Microsoft Azure integration and security audit capabilities by introducing the following features: Azure integrationRelease notes-Release 88059
September 06, 2021 This release includes the following features and enhancements: Cloud Enhancements AWS integration by using Terraform script. Real-time alerts for AWS events by fetching Cloudtrail events from Amazon Kinesis Data Firehose. Lookup tablesRelease notes-Release 87035
August 22, 2021 This release includes the following features and enhancements: Platform New Feature OpenID Connect (OIDC) authentication Support for new identity provider - OIDC authentication. Enhancements Increased retention period for Automated ThreatOsquery 4.6.5 Release notes
This osquery release includes and following features, enhancements, and bug fixes: Features and Enhancements This osquery release includes the following features and enhancements: UptycsProtect: UptycsProtect engine support for multiple path regex. UptycsProtectRelease notes-Release 86078
August 5, 2021 This release includes the following features and enhancements: Cloud New Feature Google cloud platform (GCP) - Beta Support for GCP integration and security audit capabilities by introducing the following features: GCP project integrationRelease notes-Release 85054
July 19, 2021 This release includes the following features and enhancements: Platform New feature: Exposed audit configurations in the upt_asset_audit_configurations table. New feature: Support to filter event and alert rules based on common tags. Enhancements:Release notes-Release 84052
June 29, 2021 Remediation and Blocking - Limited Availability Added remediation and blocking support for endpoints running on the osquery version 4.6.5 and higher. Contact Uptycs support to preview this addon feature. UptycsProtect Osquery enabled withRelease notes-Release 83028
June 7, 2021 Features Enhancement in the event rule builder Added a new transformation function cast to support type conversions into a string, number, boolean, or timestamp and save the result under a new label. For more information, see Event rules.Release notes-Release 82040
May 27, 2021 Features Enhancement in the event rule builder Added a new transformation function cast to support type conversions into a string, number, boolean, or timestamp and save the result under a new label. For more information, see Event rules.Release notes-Release 81044
May 12, 2021 Features Audit Groups A new AUDIT GROUPS tab is available on the Configuration > Audit Rules page. An audit group is a collection of audit rules. Use the AUDIT GROUPS tab to seamlessly create and manage audit groups and assign those to assetsRelease notes-Release 80049
April 25, 2021 Features Navigation menu Re-arranged the left navigation menu items for easy navigation across the UI. For more information, see Uptycs help. Kubernetes dashboard New Kubernetes dashboard monitors cluster activities and compliance. UseRelease notes-Release 79033
April 6, 2021 Features Download filtered assets list Added support for downloading filtered assets list in a CSV file from the Assets under management page. For more information, see Asset management. Recent remote user activity On the Asset DetailsOsquery Release Notes-Older releases
Depreciated the docker_host table. Added a filter in HTTP events to exclude internal traffic. Enhanced the shell_history table to include fisshell history. Added binary_type and arch columns in apps table to distinguish between 32 & 64-bit applicationsOsquery Release Notes-Release 4.2.xx.xx
The following features and enhancements have been added: Support for YARA process memory scanning with the YARA table, YARA process events, and process memory carving for Linux and Windows. Merged eBPF tables into Audit tables. New columns added in the process_events, process_file_events,Osquery Release Notes-Release 4.4.xx.xx
The following features and enhancements have been added: Enhanced password validation criteria for files with pam_cracklib.so configured. A new custom parameter patterns added for the CIS section 1.4.2 and improved regex for the CIS section 2.2.1.2. EnhancedOsquery Release Notes-Release 4.5
The following features and enhancements have been added: Fix for the unwanted filesystem access by SQLite ATTACH. Remote/local option support for the user_groups table. Fix for vulnerability scanning. Fix for CIS caching issue. Support to enumerate user_account_control inOsquery Release Notes-Release 4.6
The following features and enhancements have been added: Support to configure fatal_cvss_score in the osquery-scan script. Support for the regex patterns ending with .*$ in the kernel. Support for ECS fargate tables. Support for farquery to include secrets/hostname
