Release notes-Release 104065

Release notes-Release 104065

April 29, 2022

New Feature Zero Trust Score

  • Capability to specify severity for a compliance check per OS. When a compliance check runs on an endpoint, a zero trust score is calculated by the pass/fail status of the compliance check and the specified severity. For more information, see Zero Trust Score.


  • SQL alert rules are now automatically disabled if they fail over a period of seven days and a notification is displayed.

  • Remediation and blocking:

    • Support to kill all sub-processes associated with a process from the detection graph view.

    • Process nodes in the detection graph now includes an option to delete binary.

      For more information, see Detections.

  • Detection details page enhancements:

    • Displays asset quarantine status.

    • A new icon to navigate to the user analysis page for a Lateral movement from the Advanced Threat section.

    • Add notes from the Activities section for a detection.

    • For an alert, view the list of hosts/endpoints that had the same alert in the last seven days.

    • View the SQL Investigate query for a particular process from the detection graph view.

      For more information, see Detections.

  • Usability enhancements:

    • The Asset Management page now displays the capabilities that are enabled, disabled, and partially enabled on the asset in the Capabilities column. For more information, see Asset Management.

New Feature Identity and Entitlement Analytics

Ensure you have a minimum of CSPM Audit functionality. To activate the Identity and Entitlement Analytics feature, contact Uptycs support.

  • New feature to monitor Identity and Entitlement Analytics for AWS:

    • Identity Posture—An overall posture for a specific AWS account or across all AWS accounts to monitor risk and governance that may lead to increased attacks.

    • Visualize Identity Relationships—Inspect AWS accounts and their association with services, roles, policies, or risk factors.

    • Investigate Access—Monitor granted and denied accesses for accounts, services and users.

    • Policy Analysis—Monitor the IAM policies for your AWS resources to verify that the least required privileges are granted.

    • Permission Gap Analysis—Monitor unused permissions assigned to an identity. This helps you implement the least privilege model using policy recommendations.

      For more information, see Identity and Entitlement Analytics.

New Feature Workspaces Dashboard

  • New dashboard to monitor AWS workspaces and bundles for accounts. For more information, see Workspaces.

  • Run compliance checks for a specific cloud compliance standard and generate cloud compliance reports for AWS, GCP, and Azure. For more information, see Cloud > AWS, Cloud > GCP, and Cloud > Azure.


  • Revamped AWS schema tables for improved table names. For more information, see AWS Schema.

  • Revamped cloud compliance checks to match the new schema table names. Few checks after this release need to be manually re-configured. To view the list of manual checks, click here.

  • Deprecated the upt_cloud_dns_logs table.


  • The Vulnerability Dashboard now provides additional insights on vulnerabilities and images. You can view the details about each CVE score and affected images. For more information, see Container > Vulnerabilities.


  • A new check to ensure that the incoming API authorization token has an expiry time set. API authorizations received after their expiry time will not be honored and responded to as unauthorized. For more information, see API Overview.

  • Added/enhanced the following APIs. For more information, see the API Documentation.

    /yaraScanJobsRun a yara scan in real time on any online asset

  • The aws_kms_key_policy table displays a single row for duplicate policy statements.

  • The aws_workspaces_directory table displays only the directories which are registered with workspaces.

  • The aws_workspaces_image table can fetch the resource details only from the next cycle—maximum 12 hours after the image is created.

  • SQL based AWS event rules revert to default behavior after upgrade.

  • If the container specification does not have the allowPrivilegeEscalation: false setting, kubequery uses the default setting of allowPrivilegeEscalation of the cluster.