Bot user

Uptycs administrators can now add a bot user who can access Uptycs only by using APIs. For more information, see Users.

Editable host_identifier flag

The host_identifier flag is now editable from the Uptycs UI. It is used to identify a host with uuid (host or custom) in the Uptycs cloud. For more information, see Flag Profile.

Asset group name in the downloaded osquery package

Asset group name is added to the downloaded osquery package as a prefix. For more information, see Software Download.

osquery package download limit

To prevent excessive bandwidth usage, the osquery package download limit has been set to twice per day per endpoint. A notification is triggered for extra upgrade attempts. For more information, see Auto Update.

AWS resources

A Copy icon added to the AWS resources section that allows to copy ARN to clipboard. For more information, see Cloud Security.

AWS event rules

Added new AWS event rules to detect events associated with privilege escalation and defense evasion. For more information, see AWS.

Host data for the supported compliance standard

For the endpoints running on the osquery version 4.6 and higher, host data is now stored in a single compliance table. No change for the endpoints running on the earlier version of osquery.

Cloning of compliance configuration

Added a new Host compliance configuration option in the Configuration menu that allows cloning of Uptycs compliance and creating custom compliance for endpoints. This will supersede the existing Compliance Profile option which will be deprecated in the upcoming releases. For more information, see Host compliance configuration.

Compliance overview dashboard

The Compliance Overview dashboard now enables you to monitor both Host and Cloud compliance. For more information, see Compliance Dashboard.

The following enhancements are added to the Detections page:

• Clickable cells in the ATT&CK matrix column to filter signals in a detection
• In the Signals tab, the search bar now supports title, code, and value
• osquery version is removed from the Asset info panel

Process graph

The following enhancements are added to the process graph:

• Support to display process nodes from the ancestry list of a signal
• Dark mode theme for node icons
• Asset node is displayed as the root
• Support to toggle visibility of child process nodes
• Reset button to display the default view

For more information, see Detections.

• Added support to bulk update and delete APIs for eventRules and alertRules via the PUT method
• Removed the /externalDashboards API

For more information, see API documentation.

The following customer issues have been resolved:

• An issue was reported with the enabling of a few AWS event rules.

No known issues.