Added remediation and blocking support for endpoints running on the osquery version 4.6.5 and higher. Contact Uptycs support to preview this addon feature.
UptycsProtect
Osquery enabled with UptycsProtect lets you remediate files/processes
and set up blocking configurations. For more information, see Software download.
Remediation
Use remediation actions (kill, pause, continue, delete
files/processes) on file and process activities for an individual asset
in real-time. This functionality also enables remediation actions from
the detections graph view. For more information, see Assets > Real-time Actions and Detections.
Blocking
Block process activities (based on path, binary - SHA256, or
certificate values supported for all OS) and network activities (based
on IP and domain supported only for macOS) by creating blocking
policies. Added blocking dashboard to monitor blocked processes and
rules. For more information, see Blocking.
Added the User analysis dashboard to monitor user sessions and activities. For more information, see User analysis dashboard.
Added new rules for NIST 800-53 macOS implementation. For more information, see osquery release notes.
Signal details
Enhanced the signal details quick view panel to display the following information:
For more information, see Detections.
Event rule builder enhancement
Added a new order compare operator to compare the
ancestor list paths with user inputs. You can use the operator to
control the number of detections when the order of user input paths
matches with the specified ancestor list paths.
| Description | ||
|
| ||
|
|