Release notes-Release 77103

Release notes-Release 77103

March 2, 2021

Tag management

Added a new Tag management option by replacing the Tag configuration and Auto tag rules options to view the list of tags, configure tag rules and apply tags based on the global tag database. For more information, see Tag management.

MITRE feature set

Added support to apply tags to enable the MITRE feature set (new event rules, alert rules, registry paths, and YARA group rules) based on your OS fleet. For more information, see Tag management.

Real-time query results download in 'JSON - lookup table format'

Added support to download the real-time query results in 'JSON - lookup table format'. For more information, see Investigate.

New destination type

Added support for S3 bucket as a new destination type. Contact Uptycs support to enable this feature. For more information, see Destinations.

GuardDuty monitoring

Added a new AWS integration service GuardDuty monitoring that enables the GuardDuty findings to be stored in the upt_cloud_guard_duty_finding_events table. For more information, see AWS.

Cloudtrail and VPC Flow Logs bucket

Added support to include the Cloudtrail and VPC Flow Logs bucket information during AWS integration. For more information, see AWS.

Scheduled scans

The Scheduled scans tab displays the associated Number of hosts in a column. The clickable counts in the column navigate you to the filtered list of hosts. For more information, see Host compliance.

Scan now

The Scan now option enables on-demand scans only for the endpoints running on the osquery version and higher. For more information, see Host Compliance > Scan now.

Events and alerts count

Enhanced the Summary card view to include events and alerts counts. For more information, see Detections.

Added/enhanced the following API support to:

/alertRulesAdd bulk exceptions to alert rules.
  • Delete bulk exceptions from all alert rules without deleting the exception entities.
    DELETE : https://{{domain}}{{customerId}}/exceptions/{{exceptionId}}/alertRules
  • Add bulk description to exceptions.
    PUT : https://{{domain}}{{customerId}}/exceptions/{{exceptionId}}
  • Count the number of alert rules associated with an exception.
    GET : https://{{domain}}{{customerId}}/exceptions/count
/scheduledQueriesExport scheduled query results to S3 bucket.

  • Generating UDS reports in Slack is now supported for Windows endpoints.