Release notes-Release 86078

Release notes-Release 86078

August 5, 2021

This release includes the following features and enhancements:

Cloud

New Feature Google cloud platform (GCP) - Beta

Support for GCP integration and security audit capabilities by introducing the following features:

  • GCP project integration with Uptycs using Terraform.
  • GCP service inventory, configuration, and log ingestion for currently supported key services:
    • Compute Engine, Cloud Storage, Filestore, Cloud IAM, Cloud Run, Cloud Container, Cloud Functions, Cloud Logging, Cloud KMS, BigQuery, Cloud SQL, and Cloud DNS.
  • GCP insights dashboards for Compute, IAM, and Storage.
  • Event and Alert rules to perform best practice and vulnerability checks for the supported GCP services.
  • GCP CIS Compliance Standard with Alert rules support.

Platform

New Feature Graviton - Limited availability

  • Package download option for Graviton - AWS Linux architectures, currently limited to Ubuntu 20.

New Feature Event rule exceptions

  • Capability to create event rule exceptions. The configuration option Alert rule exceptions is revised to Rule exceptions that includes individual tabs for event rule and alert rule exceptions.

Enhancements

  • Tag and asset group filters on the Threats dashboard.
  • OS filter for the start up items on the Asset insights dashboard.

Blocking and remediation

Enhancements

  • Sample blocking policy profiles to log actions for each operating system.
  • The Apply permission for the Enforcer user role to apply blocking policies to desired resources.

Compliance

Enhancements

  • Additional fields in the host compliance details dialog - Description, Rationale, and Command.

Detections

Enhancements

  • New event rules for GCP KMS, GCP Bigquery, GCP Threats, and GCP cloud logs.
  • Container specific event rules for file events and host system call events.
  • Improved detection graph view, time span, and node details dialog.

API

API
Description
/alertsReporting, /alertsReporting/count, and /alertRules
Added the resourceType parameter to filter container related detections
/cloudTrailBuckets
Enhanced to support GCP account IDs and PUT requests
/cloudPubsub
New API to enable GCP Pub/Sub configuration
/cloudAccounts
Enhanced to support access configuration and deployment parameters


Known Issues

  • In rare situations, there could be GCP event ingestion delays that may occur in the Uptycs environment.
  • The Graviton package is currently not supported on the RHEL7 and CentOS7 endpoints.
  • The question and answer columns of the ebpf_dns_lookup_events table do not display expected results for the dig and nslookup commands.
  • Incorrect resource counts may appear on the GCP Overview page for the Cloud Run and Cloud Storage GCP services.
  • The Bucket history last 7 days bar chart on the GCP Cloud Storage dashboard displays incorrect counts when the Project filter is set to All.
  • Creating a GCP compliance configuration profile is not possible using the CSV file.

Resolved Issues

  • Incorrect online asset counts on the Asset Status section of the Overview dashboard.
  • Inactive Start Scanning button when scanning YARA processes.
  • Missing the blockRules API on the Swagger UI page.
  • When setting Notify Every Alert to No for a destination, multiple alerts with the same hash generated at the same time could not forward to the destination.