● A new dashboard enables you to monitor endpoint anomalies● The Detections page includes the Anomaly Present filter for refining the detection list based on anomaly presence
● The Alerts Management page enables you to manage alerts using Metadata filter.● The Bulk Close Detections page enables you to bulk close detections using metadata.● The Integration and Downloads page includes osquery download option for Fedora & SUSE/SLES for IBM-Z.● A Threat Book now triggers notification only when at least one threat is detected during the Threat Book run.● The Flag Profile Configuration page includes a new flag win_allow_all_api_events that enables MITRE evaluation APIs.● The Report Runs include an option to download each section in an individual CSV file.● The Blocking page includes process telemetry for AIX endpoints.● The Secret Scan > Secret page includes an option to view the regex for each secret.● The Asset Details page includes machine models for MacOS devices such as Model Name, Dimension, Model number, and Manufacturing year.● The Investigate page includes a sample entry for upt_day in a variable instead of an exact date.● The Detection > Signal details page includes a chronological list of all signals without grouping them.● The chrome_download_history table includes new columns - url, referrer, start_time, end_time, state, and mime_type.
● AWS Telemetry enhancements:○ Added new table aws_rds_db_subnet_group for the DB Subnet Group service.○ Added a new column features to replace the following columns in the aws_guardduty_detector and aws_guardduty_detector_current tables due to the AWS Go SDK version upgrade:■ data_sources_flow_logs_status■ data_sources_s3_logs_status■ data_sources_dns_logs_status■ data_sources_cloud_trail_status■ data_sources_kubernetes_status
● Added support to configure global rule exceptions to add trusted source addresses and ports for NSG, Site access, Firewall NAT, Firewall Network, and SQL Firewall for internet exposure.● Attack path enhancements:○ Added support to view the security findings for VMs such as vulnerabilities, secrets, SSH lateral movement, compliance failures, and Misconfigurations forAzure agentless instances on the Security graph.○ Added a node Managed Identity to the Virtual Machine Attack Path graph that displays the risk details for the managed identity associated with the exposed VM.○ Added a node API Access to the Virtual Machine Security Graph that displays the assets from which a specific VM can be accessed using CLIs or APIs.○ Added severity filter for resources with inbound internet access for VMs. You can filter the resources per high, medium, and low exposure to the internet.GCP● Added new table gcp_secret_manager_secret_policy_binding for the Secret Manager Policy Binding service.
● The Audit events received from GKE clusters have limitations with respect to pod exec, where some of the fields are not available. Therefore correlation of detections for the pod exec event is not supported.● While downloading Container Vulnerabilities report, for osquery versions lower than 5.9.2.x, downloaded data can contain vulnerabilities from older versions of osquery which may be missing from vulnerable images in the UI.● Multi-architecture docker images with Fat digest are currently not supported in SDLC.