March 2, 2021
Added a new Tag management option by replacing the Tag configuration and Auto tag rules options to view the list of tags, configure tag rules and apply tags based on the global tag database. For more information, see Tag management.
MITRE feature set
Added support to apply tags to enable the MITRE feature set (new event rules, alert rules, registry paths, and YARA group rules) based on your OS fleet. For more information, see Tag management.
Real-time query results download in 'JSON - lookup table format'
Added support to download the real-time query results in 'JSON - lookup table format'. For more information, see Investigate.
New destination type
Added a new AWS integration service GuardDuty monitoring that enables the GuardDuty findings to be stored in the upt_cloud_guard_duty_finding_events table. For more information, see AWS.
Cloudtrail and VPC Flow Logs bucket
Added support to include the Cloudtrail and VPC Flow Logs bucket information during AWS integration. For more information, see AWS.
The Scheduled scans tab displays the associated Number of hosts in a column. The clickable counts in the column navigate you to the filtered list of hosts. For more information, see Host compliance.
The Scan now option enables on-demand scans only for the endpoints running on the osquery version 184.108.40.206 and higher. For more information, see Host Compliance > Scan now.
Events and alerts count
Enhanced the Summary card view to include events and alerts counts. For more information, see Detections.
Added/enhanced the following API support to:
|/alertRules||Add bulk exceptions to alert rules.|
|/scheduledQueries||Export scheduled query results to S3 bucket.|