April 29, 2022
New Feature Zero Trust Score
Enhancements
SQL alert rules are now automatically disabled if they fail over a period of seven days and a notification is displayed.
Remediation and blocking:
Support to kill all sub-processes associated with a process from the detection graph view.
Process nodes in the detection graph now includes an option to delete binary.
For more information, see Detections.
Detection details page enhancements:
Displays asset quarantine status.
A new icon to navigate to the user analysis page for a Lateral movement from the Advanced Threat section.
Add notes from the Activities section for a detection.
For an alert, view the list of hosts/endpoints that had the same alert in the last seven days.
View the SQL Investigate query for a particular process from the detection graph view.
For more information, see Detections.
Usability enhancements:
New Feature Identity and Entitlement Analytics
Ensure you have a minimum of CSPM Audit functionality. To activate the Identity and Entitlement Analytics feature, contact Uptycs support.
New feature to monitor Identity and Entitlement Analytics for AWS:
Identity Posture—An overall posture for a specific AWS account or across all AWS accounts to monitor risk and governance that may lead to increased attacks.
Visualize Identity Relationships—Inspect AWS accounts and their association with services, roles, policies, or risk factors.
Investigate Access—Monitor granted and denied accesses for accounts, services and users.
Policy Analysis—Monitor the IAM policies for your AWS resources to verify that the least required privileges are granted.
Permission Gap Analysis—Monitor unused permissions assigned to an identity. This helps you implement the least privilege model using policy recommendations.
For more information, see Identity and Entitlement Analytics.
New Feature Workspaces Dashboard
New dashboard to monitor AWS workspaces and bundles for accounts. For more information, see Workspaces.
Run compliance checks for a specific cloud compliance standard and generate cloud compliance reports for AWS, GCP, and Azure. For more information, see Cloud > AWS, Cloud > GCP, and Cloud > Azure.
Enhancements
Revamped AWS schema tables for improved table names. For more information, see AWS Schema.
Revamped cloud compliance checks to match the new schema table names. Few checks after this release need to be manually re-configured. To view the list of manual checks, click here.
Deprecated the upt_cloud_dns_logs table.
Enhancements
Enhancements
A new check to ensure that the incoming API authorization token has an expiry time set. API authorizations received after their expiry time will not be honored and responded to as unauthorized. For more information, see API Overview.
Added/enhanced the following APIs. For more information, see the API Documentation.
| API | Description |
|---|---|
| /yaraScanJobs | Run a yara scan in real time on any online asset |
The aws_kms_key_policy table displays a single row for duplicate policy statements.
The aws_workspaces_directory table displays only the directories which are registered with workspaces.
The aws_workspaces_image table can fetch the resource details only from the next cycle—maximum 12 hours after the image is created.
SQL based AWS event rules revert to default behavior after upgrade.
If the container specification does not have the allowPrivilegeEscalation: false setting, kubequery uses the default setting of allowPrivilegeEscalation of the cluster.