Announcing Uptycs platform 57026, released Mar 20, 2020
New Features
VirusTotal Integration
VirusTotal inspects items with antivirus scanners and URL / domain blacklisting services, in addition to a myriad of tools to extract signals from the studied content. With this release, Uptycs provides the capability to leverage existing VirusTotal account to lookup checksum of potential malicious files based on process events.
Tags for Event & Alert Rules
With this release, Uptycs provides the powerful capability to assign tags to individual event / alert rules. Tagging of event / alert rules facilitate further analysis of events / alerts by categorizing them / grouping them corresponding to different frameworks.
Enhanced Linux auditing capabilities
Audit rules enhanced with new columns
- ruleType
- action
- msgType
- subType
Ability to backup / restore data to / from an S3 bucket
Uptycs provides the capability to backup global data to an S3 bucket for data archival of all data beyond standard storage retention that is configured on Uptycs platform. This data can be restored into a Hive metastore for further analysis.
Improvements / Fixes
Display IP address(es) for each asset in Asset Details page
"Interfaces" section on the Asset Details page displays all IP addresses assigned to an endpoint.
Display / Configurable Default Exclude Profile
Uptycs default exclude profile can be modified under Config -> Event Exclude Profile screen
Capability to filter Alerts with no Asset
With this release, additional filtering capabilities have been added to filter Alerts that do not have associated asset by selecting the "No Related Asset" checkbox.
Following customer related issues were also addressed in this release.
Miscellaneous
Only one http destination can be configured for a scheduled query.
Uptycs Support Team