Customer Portal | Home

Security Bulletin: Update on CVE-2021-44228 - log4j vulnerability

We have patched all Uptycs application systems that use log4j to version 2.16.  Please refer to this article for additional details.


    • Announcements

    • Release notes-Release 106069

      June 2, 2022 XDR New Feature Global Threat Intelligence (GTI) Uptycs GTI feature for the Security/SOC analyst to identify threat indicators such as bad IP addresses or suspicious domains, along with evidential data and insightful information from various
    • Release notes-Release 105051

      May 15, 2022 XDR Enhancements Support to attach global rule exceptions to event rules and alert rules automatically based on matching table name. For more information, see Global Rule Exceptions. Kubernetes Security Posture Management (KSPM) Enhancements
    • Release notes-Release 104065

      April 29, 2022 SaaS  New Feature Zero Trust Score Capability to specify severity for a compliance check per OS. When a compliance check runs on an endpoint, a zero trust score is calculated by the pass/fail status of the compliance check and the specified
    • Release notes-Release 103055

      April 10, 2022 SaaS  New Feature Exploit Tracker New dashboards to monitor Spring Shell and Spring Cloud vulnerabilities. For more information, see Exploit Tracker. Enhancements Bulk enable, disable, or delete Global Rule Exceptions. For more information,
    • Release notes-Release 102039

      March 27, 2022 SaaS  New Feature Managed Anti-virus (AV) Dashboard - Beta Managed AV dashboards to monitor Windows defender status and threat history of Windows endpoints. For more information, see Managed AV Dashboards. New Feature Disk Scans - Beta
    • Recent Articles

    • Adding external or additional data into alerts and detections

      There might be a need to add extra data into alerts and detections ( e.g. External TIcket ID ). To do this in UI: Open Alerts or Detections page. Select the alert, click on the "Manage" icon and add the data into the "Additional Details" field. To ...
    • Blocking & Remediation Support Matrix

      Area Functionality Linux MacOS Windows Agent Version Requirement Remediation Kill Process 4.6.5.x + Remediation Quarantine 4.6.5.x + Blocking Process 4.6.5.x + Blocking DNS 4.6.5.x +
    • OpenVPN query

      The following query should identify all assets with OpenVPN installed and last time it was used SELECT p.upt_hostname AS asset_name, MAX(p.upt_time) AS openvpn_last_accessed FROM socket_events se JOIN processes p on se.pid = p.pid WHERE se.pid > 0 ...
    • Delete assets offline since a particular date using the API

      This script / procedure outlines the process to delete assets which have been offline before a particular date. Prerequisite tools iusql urestapi Procedure Download api key from Uptycs UI Download attached script, delete_offline_assets_since.sh     ...
    • Default ubuntu_seed Profile

      This Uptycs seed profile consists a default set of queries and interval timings for Ubuntu and other Debian based distributions. Name Query Interval Minimum osquery Version Description acpi_tables SELECT * FROM acpi_tables; 3600 1.3.0   apk_packages ...
    • Recent Topics

    • Release notes-Release 106069

      June 2, 2022 XDR New Feature Global Threat Intelligence (GTI) Uptycs GTI feature for the Security/SOC analyst to identify threat indicators such as bad IP addresses or suspicious domains, along with evidential data and insightful information from various
    • Release notes-Release 105051

      May 15, 2022 XDR Enhancements Support to attach global rule exceptions to event rules and alert rules automatically based on matching table name. For more information, see Global Rule Exceptions. Kubernetes Security Posture Management (KSPM) Enhancements
    • Release notes-Release 104065

      April 29, 2022 SaaS  New Feature Zero Trust Score Capability to specify severity for a compliance check per OS. When a compliance check runs on an endpoint, a zero trust score is calculated by the pass/fail status of the compliance check and the specified
    • Release notes-Release 103055

      April 10, 2022 SaaS  New Feature Exploit Tracker New dashboards to monitor Spring Shell and Spring Cloud vulnerabilities. For more information, see Exploit Tracker. Enhancements Bulk enable, disable, or delete Global Rule Exceptions. For more information,
    • Release notes-Release 102039

      March 27, 2022 SaaS  New Feature Managed Anti-virus (AV) Dashboard - Beta Managed AV dashboards to monitor Windows defender status and threat history of Windows endpoints. For more information, see Managed AV Dashboards. New Feature Disk Scans - Beta
    • Osquery Release notes - Release 5.0.2.28

      Release 5.0.2.28 This osquery release includes the following features, enhancements, and bug fixes: General # Enabled commands to check the standard output for NTP records. Enabled commands to exclude registry events based on exclude path.
    • Osquery Release notes - Release 5.0.2.26

      Release 5.0.2.26  This osquery release includes the following features, enhancements, and bug fixes: General  Added a new table docker_container_envs to include docker container environment variables. The curl table now returns certificates even if the
    • Osquery Release notes - Release 5.0.1.26

      Release 5.0.1.26  This osquery release includes the following features, enhancements, and bug fixes: General  Added the java_packages table to detect Log4j vulnerabilities for Linux, Mac, and Windows. Detection of LDAP bind operation in the new ldap_events table.
    • Osquery Release notes - Release 5.0.1

      Release 5.0.1  This osquery release includes the following features, enhancements, and bug fixes: General # Support for new tables and columns from open-source osquery 5.0.1. Synced the pci_devices table with open-source osquery 4.9.0. Refactored the chrome_extensions table
    • Osquery Release notes - Release 4.6.6

      Release 4.6.6  This osquery release includes the following features, enhancements, and bug fixes: Features and Enhancements  Support to capture eBPF based DNS lookup events in case of failed look up events. A new table windows_defender_preference to show
    • Release notes-Release 101028

      March 11, 2022 Endpoint  Enhancements Enhanced support for Remediation and Blocking: Specify blocking policy values in bulk via lookup tables. Add new firewall rules for Windows. For more information, see Remediations and Blocking. Bulk update osquery
    • Release notes-Release 100042

      February 27, 2022 Endpoint  Enhancements Enhanced support for Remediation and Blocking: For Linux, the capability to add new firewall rules for IP-based remediation and IP-based blocking. For macOS, support to quarantine hosts. The Timeout field is now
    • Release notes-Release 99047

      February 12, 2022 Cloud  Enhancements Support to monitor CloudTrail events from all accounts of an organization based on the organization account configuration. If the organization account and the associated account both are configured individually, duplicate
    • Release notes-Release 98047

      January 28, 2022 Endpoint  New Feature Quarantine List View and manage quarantined hosts in real-time on the Quarantine List page. For more information, see Quarantine List. Cloud  Enhancements Capability to filter each column of the Top Non Compliant
    • Release notes-Release 97057

      January 16, 2022 Endpoint New Feature Log4j Exploit Tracker Added the Log4j Exploit Tracker dashboard to: Monitor hosts, dockerd, and containerd Log4j exploits Download the list of vulnerable JARs, hosts, and images View all Log4j instances running, irrespective
    • Release notes-Release 96058

      January 2, 2022 Endpoint Enhancements Capabilities to detect Log4j vulnerabilities include: Query pack and queries to collect version information of all Log4j jars and exploits in log files. Reports to identify all vulnerable Log4j jars, a full inventory
    • Release notes-Release 95040

      December 12, 2021 This release includes the following features and enhancements: Endpoint Enhancements Blocking policies can now be configured using multiple comma-separated signature values or a CSV file. For more information, see Blocking Policy. Container
    • Release notes-Release 94051

      December 01, 2021 This release includes the following features and enhancements: Endpoint Enhancements Support to delete the firewall rules for Windows endpoints. For more information, see Endpoints > Remediation. Cloud Enhancements New column to distinguish
    • Release notes-Release 93037

      November 14, 2021 This release includes the following features and enhancements: Endpoint New Feature Threat Hunting Dashboard-Beta Threat hunting dashboard to provide threat hunting capabilities for non-alert-centric workflows. Contact Uptycs support
    • Release notes-Release 92043

      November 01, 2021 This release includes the following features and enhancements: Endpoint Enhancements Support to add exceptions directly from the Alert Rules page. For more information, see Alert Details > Add Exception. Cloud Enhancements Support for
    • Release notes-Release 91040

      October 15, 2021 This release includes the following features and enhancements: Endpoint Enhancements A new tab CVE Search on the Host Vulnerabilities page to search a host with the CVE ID. Platform Enhancements Support to manage tags for each configuration
    • Release notes-Release 90064

      October 1, 2021 This release includes the following features and enhancements: Cloud Enhancements Support to edit Pub/Sub, Bucket, and VPC flow log configurations on the GCP Integrations page. Added new event rules for GCP container services. Platform
    • Release notes-Release 89044

      September 17, 2021 This release includes the following features and enhancements: Cloud New Feature Microsoft Azure - Beta Support for Microsoft Azure integration and security audit capabilities by introducing the following features: Azure integration
    • Release notes-Release 88059

      September 06, 2021 This release includes the following features and enhancements: Cloud Enhancements AWS integration by using Terraform script. Real-time alerts for AWS events by fetching Cloudtrail events from Amazon Kinesis Data Firehose. Lookup tables
    • Release notes-Release 87035

      August 22, 2021 This release includes the following features and enhancements: Platform New Feature OpenID Connect (OIDC) authentication Support for new identity provider - OIDC authentication. Enhancements Increased retention period for Automated Threat
    • Osquery 4.6.5 Release notes

      This osquery release includes and following features, enhancements, and bug fixes: Features and Enhancements  This osquery release includes the following features and enhancements: UptycsProtect: UptycsProtect engine support for multiple path regex. UptycsProtect
    • Release notes-Release 86078

      August 5, 2021 This release includes the following features and enhancements: Cloud New Feature Google cloud platform (GCP) - Beta Support for GCP integration and security audit capabilities by introducing the following features: GCP project integration
    • Release notes-Release 85054

      July 19, 2021 This release includes the following features and enhancements: Platform New feature: Exposed audit configurations in the upt_asset_audit_configurations table. New feature: Support to filter event and alert rules based on common tags. Enhancements:
    • Release notes-Release 84052

      June 29, 2021 Remediation and Blocking - Limited Availability Added remediation and blocking support for endpoints running on the osquery version 4.6.5 and higher. Contact Uptycs support to preview this addon feature. UptycsProtect Osquery enabled with
    • Release notes-Release 83028

      June 7, 2021 Features Enhancement in the event rule builder Added a new transformation function cast to support type conversions into a string, number, boolean, or timestamp and save the result under a new label. For more information, see Event rules.
    • Release notes-Release 82040

      May 27, 2021 Features Enhancement in the event rule builder Added a new transformation function cast to support type conversions into a string, number, boolean, or timestamp and save the result under a new label. For more information, see Event rules.
    • Release notes-Release 81044

      May 12, 2021 Features Audit Groups A new AUDIT GROUPS tab is available on the Configuration > Audit Rules page. An audit group is a collection of audit rules. Use the AUDIT GROUPS tab to seamlessly create and manage audit groups and assign those to assets
    • Release notes-Release 80049

      April 25, 2021 Features Navigation menu Re-arranged the left navigation menu items for easy navigation across the UI. For more information, see Uptycs help. Kubernetes dashboard New Kubernetes dashboard monitors cluster activities and compliance. Use
    • Release notes-Release 79033

      April 6, 2021 Features  Download filtered assets list Added support for downloading filtered assets list in a CSV file from the Assets under management page. For more information, see Asset management. Recent remote user activity On the Asset Details
    • Osquery Release Notes-Older releases

      Depreciated the docker_host table. Added a filter in HTTP events to exclude internal traffic. Enhanced the shell_history table to include fisshell history. Added binary_type and arch columns in apps table to distinguish between 32 & 64-bit applications
    • Osquery Release Notes-Release 4.2.xx.xx

      The following features and enhancements have been added: Support for YARA process memory scanning with the YARA table, YARA process events, and process memory carving for Linux and Windows. Merged eBPF tables into Audit tables. New columns added in the process_events, process_file_events,
    • Osquery Release Notes-Release 4.4.xx.xx

      The following features and enhancements have been added: Enhanced password validation criteria for files with pam_cracklib.so configured. A new custom parameter patterns added for the CIS section 1.4.2 and improved regex for the CIS section 2.2.1.2. Enhanced
    • Osquery Release Notes-Release 4.5

      The following features and enhancements have been added: Fix for the unwanted filesystem access by SQLite ATTACH. Remote/local option support for the user_groups table. Fix for vulnerability scanning. Fix for CIS caching issue. Support to enumerate user_account_control in
    • Osquery Release Notes-Release 4.6

      The following features and enhancements have been added: Support to configure fatal_cvss_score in the osquery-scan script. Support for the regex patterns ending with .*$ in the kernel. Support for ECS fargate tables. Support for farquery to include secrets/hostname
    • Release notes-Release 74044

      January 04, 2021 Features  Bot user Uptycs administrators can now add a bot user who can access Uptycs only by using APIs. For more information, see Users. Editable host_identifier flag The host_identifier flag is now editable from the Uptycs UI. It is