Release notes-Release 75042

Release notes-Release 75042

January 24, 2021

Features 

New UI for the asset details page

The asset details page UI has been significantly revamped to include:

  • Overview page that shows the information about hardware, software, users, network, compliance and start-up items
  • Real time actions for the selected asset
  • Asset insights that show rare items on the asset as well as an asset vs rest of the fleet comparison of rare items
  • New settings tab to view and edit asset-level configurations

For more information, see Asset Details.

Query pack run now option

Added a new Run now option in the query pack creation screen. It enables a query pack to run immediately after the query pack is assigned to an endpoint instead of scheduled intervals. For more information, see Query Packs.

New flag profile option for query performance logs

Added a new flag profile option enable_numeric_monitoring (boolean) to log query performance in a file. For more information, see Flag Profile.

Assign an alert destination to multiple alert rules

Added support to assign alert destinations to multiple alert rules. For more information, see Alert Rules.

Automatic Table Creation (ATC) queries

Added support to view and edit ATC queries generated by /atcQueries API from the Uptycs UI. For more information, see ATC Queries.

Filter schema search results

Added new options to filter schema search results by table or column names. For more information, see Investigation.

Cloud Security 

AWS Security Hub monitoring

Added support to capture events from AWS Security Hub findings by using the upt_cloud_security_hub_findings table. For more information, see Uptycs schema.

AWS event rules

Added new AWS event rules to detect events associated with discovery and persistence. For more information, see AWS Event Rules.

Notifications for crossing API limits

Added support to generate notifications for cloud inventory job failures due to API limits. For more information, see Notifications.

SOC2-AWS compliance reports

Added support to create SOC2-AWS reports from SOC2 scheduled group queries:

  • soc_2_compliance_action_report.yaml - For failed compliance checks
  • soc_2_compliance_audit_report.yaml - For passed compliance checks

For more information, see AWS Reports.

Compliance 

Host compliance dashboard

Added a new host compliance dashboard that includes:

  • Overview page
  • Scheduled scan and Scan now by uploading a list of hosts
  • Scan configuration

For more information, see Host Compliance.

Detections 

Auto-generated process graph

Added support to auto-generate up to 10 process graphs per day for the detections that have a score exceeding 7.5. For more information, see Detections.

API 

Added the following API enhancements:

APIDescription
/scansSupport to perform API scans by using the POST, GET, PUT and DELETE methods.
/rolesA new flag noMinimalPermission added to disable minimal roles permissions.
/imageLoadExclusionsSupport for image load exclusions, tag association, asset association and TLS changes to send excluded_images configuration to Windows endpoint.
/assets
  • Support to assign assets to a specific tag using the method POST https://{{domain}}.uptycs.io/public/api/customers/{{customerId}}/assets/tags
  • Support to download asset host_name associated with a tag using the method GET https://{{domain}}.uptycs.io/public/api/customers/{{customerId}}/assets/filters/tags/<tagid>/download
  • Support to GET asset details with full information of the finalAuditConfigurations from an endpoint.
  • Support to GET the list of directly assigned audit configurations and tag based audit configurations in separate fields i.e. auditConfigurations and tagAuditConfigurations.

For more information, see API documentation.

Known Issues 

  • ATC queries may not function if the debian platform of osquery mismatches with the endpoints of interest.