Release notes-Release 84052

Release notes-Release 84052

June 29, 2021

Added remediation and blocking support for endpoints running on the osquery version 4.6.5 and higher. Contact Uptycs support to preview this addon feature.


Osquery enabled with UptycsProtect lets you remediate files/processes and set up blocking configurations. For more information, see Software download.


Use remediation actions (kill, pause, continue, delete files/processes) on file and process activities for an individual asset in real-time. This functionality also enables remediation actions from the detections graph view. For more information, see Assets > Real-time Actions and Detections.


Block process activities (based on path, binary - SHA256, or certificate values supported for all OS) and network activities (based on IP and domain supported only for macOS) by creating blocking policies. Added blocking dashboard to monitor blocked processes and rules. For more information, see Blocking.

Added the User analysis dashboard to monitor user sessions and activities. For more information, see User analysis dashboard.

Added new rules for NIST 800-53 macOS implementation. For more information, see osquery release notes.

Signal details

Enhanced the signal details quick view panel to display the following information:

  • the user who logged in,
  • the time when the signal triggered, and
  • the activity that caused the signal.

For more information, see Detections.

Event rule builder enhancement

Added a new order compare operator to compare the ancestor list paths with user inputs. You can use the operator to control the number of detections when the order of user input paths matches with the specified ancestor list paths.

Enables remediation actions.
Enables blocking functionalities.

Known Issues

  • Breadcrumbs may display IDs instead of configuration object names.
  • The 404 page may display breadcrumbs.
  • On the Remediation Logs page, the Actor username column may display user ID instead of the username.

  • Compliance dashboard data was not updated when no data reported by HDFS.
  • Event builder rule exceptions for the upt_asset_tags table were not functional.