Portal 35011 : Release Details

Portal 35011 : Release Details

Welcome to release 35011, released Mar 18, 2019

Following are the key fixes / improvements in this release:

  • Introducing Event Exclude Profiles - You can now specify rules to filter out events from all of the _events tables. For example, you can now collect process events for processes with a specific name. You can use this to dramatically reduce the number of events that osquery and Uptycs processes, thus reducing the load on the endpoint, while still doing deep monitoring of events that are critically relevant. The event exclude profiles UI is located under the configuration page, and behaves similar to other priority-based profiles. 

  • Change in Per Asset investigate button behavior - Instead of opening a popup allowing realtime query for a single asset, the button now directs the user to the new investigate page, pre filtered on the asset hostname and set to time machine. Not only is the query experience more uniform, but you can now click on an asset and do both realtime and global queries on that asset. The previous UI limited you to realtime queries.

  • Report UI query editor sidebar improvements :- The sidebar (when shown) now has the new schema and query selection tabs, similar to those available in the new investigate page.

  • HTTP destination added for Alert notifications - Alerts can now be directed to an arbitrary HTTP service, in addition to Slack, email and PagerDuty. This will enable you to easily integrate Uptycs with other alert processing systems you may already have in place.

Let us know if you have any questions / concerns.

Uptycs Support Team