Release notes-Release 85054

Release notes-Release 85054

July 19, 2021

This release includes the following features and enhancements:



  • New feature: Exposed audit configurations in the upt_asset_audit_configurations table.
  • New feature: Support to filter event and alert rules based on common tags.
  • Enhancements:
    • New filter columns - Source and Service - on the Assets under management page. For more information, see Assets.
    • New dialog to manage tags on the Asset details > Settings tab. The Manage tag dialog lets you create a new tag or assign an existing tag using the drop-down list of tags. For more information, see Tag management.


  • Enhancement: Added the Rule count and Priority columns for the blocking policy profile list view. For more information, see Blocking.


  • New standard: DISA STIG available for CentOS 8 and Ubuntu 16 (Add-on).
  • New standard: NIST 800-53 for macOS.
  • Enhancements:
    • Added checks for endpoint battery condition (macOS).
    • Added state parameters for launched services - running, loaded, and disabled (macOS).
Note : These compliance features and enhancements are supported on the endpoints running osquery version 4.6.5.x and higher.


  • New feature: Support to add exceptions based on ancestry list - The Copy path button available to copy the ancestry list from the Alert Details page. For more information, see Alert Details.
  • New feature: Support to add exceptions to event rules (similar to alert rule exceptions) so events that match the exception are not stored in the DB. For more information, see Event Rules.
  • Changes to event rules:
    • Default rules: Enabled four rules for network IOCs in Uptycs Threat Intelligence.
    • Default rules: Retired three rules for network IOCs.
  • Enhancements:
    • Delete functionality for threat group profiles and toolkit profiles. For more information, see Threat Profiles.








No known issues.



  • AWS Report runs not visible
  • Duplicate locations in the 'cloud/location' API
  • Cloud compliance chart showing services instead of standards
  • NIST 800-53 standards reported true compliant for macOS endpoints even when the root login was enabled.
  • Host compliance evidence drill-down data not displayed
  • Event rule exception based on upt_asset_tag (when key and value are defined) not working
  • Binary path not included in the description of the process node when an event was reported to the process_file_events table.
  • Breadcrumbs are incorrect after specific navigation steps