Release notes-Release 106069

Release notes-Release 106069

June 2, 2022

XDR

New Feature Global Threat Intelligence (GTI)

  • Uptycs GTI feature for the Security/SOC analyst to identify threat indicators such as bad IP addresses or suspicious domains, along with evidential data and insightful information from various angles. For more information, see Threat Intelligence.

New Feature Automatic Remediation

  • Automatic Remediation (Auto-Remediation) capability to enable real-time actions against potential threats. These actions are triggered by alerts that have an underlying event rules built with specific criteria. Auto-Remediation can be set up for an event with the following actions:

    • Delete file

    • Delete user

    • Kill process

    • Quarantine host

      For more information, see Event Rules > Apply Auto-Remediation.

New Feature Custom Vulnerability Indicator

  • Create custom vulnerability indicators by uploading a CSV file that contains a list of user-defined vulnerabilities. For more information, e Threat Sources > User Defined Vulnerability.

New Feature TISAX Compliance

  • ISO27001 and VDA ISA compliance checks for Linux and Windows.

CSPM

New Feature AWS Vulnerability Dashboard

  • A new dashboard to monitor vulnerabilities found in AWS resources such as EC2, Lambda and S3. These vulnerabilities are detected by running queries on subnets, security groups, route tables and so on. For more information, see AWS Vulnerability.

New Feature Organization Integration

  • Integrate all or a subset of projects under the GCP organization. This also includes integration of projects under folders and sub-folders. For more information, see GCP Integration.

Enhancements

  • Manage cloud services in bulk for GCP project integrations. For more information, see GCP.

  • Manage cloud services in bulk for Azure subscription integrations. For more information, see Azure.

KSPM

Enhancements

  • Image Vulnerabilities dashboard to report vulnerabilities found during image build process. The dashboard also represents whether an image was allowed to progress through build pipeline based on the vulnerabilities found. For more information see Image Vulnerabilities.

  • Improved Kubernetes Overview to easily navigate through Uptycs monitored Kubernetes resources and find out vulnerabilities, threats, compliance or audit issues in these resources. To view this page, ensure you have the Kubequery agent version 3.10.2 installed. For more information, see Containers > Overview.

  • Added Group by Package option on the Containers Vulnerabilities page to display the packages that are most vulnerable and present in most images. For more information, see Image Vulnerabilities.

  • Container detections display the Kubernetes resources data in addition to the detection details. The cluster and namespace level filters allow fine-grain control over the dataset. For more information, Containers > Detections.

Known Issues

  • If an Auto-Exception is enabled for a file event, the Delete file auto-remediation action deletes the files in the first instance and does not delete the files generated in repetitive cycles.

  • If a process column is configured for redaction, the auto-remediation action does not apply for that column.

  • The cluster view threat detections include both closed and open detections.

  • Deleting VPC Flowlogs Monitoring service from AWS integration is currently not supported.