Disclaimer: This document is for information purposes only. It is subject to change due to
ongoing product development by Uptycs. You should not interpret this information as a binding
commitment from Uptycs. Without prior written consent from Uptycs, you must not reproduce,
store, or transmit any part of this document through electronic or mechanical means, recording,
or any other method.
Extended Detection & Response
New Features
Query Results Filter Methods
-The filter options for query results on the Investigate page are revamped to
provide new methods to filter the query results.
Enhancements
● Disk Scan enhancements:
○ Editable disk scan configuration: The Disk Scan Configuration page now
contains options to edit an existing disk scan configuration.
○ Rerun a disk scan configuration: The Disk Scan Configuration page now
contains options to rerun an existing disk scan configuration.
● New tab Application Monitoring on Endpoint Performance Monitoring that allows
you to group the processes that you want to monitor together.
● New filter Score on the Event Rules page that allows you to refine the detection list based on the threat score.
● The Alert Rules page now allows you to disable an alert directly from the Alert
Rules page itself instead of directing you to the Event Rules page.
● Uptycs Sensor LTS (Long-term support) package names are now appended with
the word LTS.
● New filter Services on the Agent-Based tab for Assets and Insights that allows
you to refine the list of assets based on Cloud services.
● The Investigate page now allows you to run queries to carve a folder from an
endpoint to the Uptycs cloud. Folder carving works for Uptycs Sensor version
5.10.2.10 and above.
● The detection template for Destinations includes two new fields agent and
resource Type.
● New option Processes and Ports for AIX assets on the REAL-TIME ACTIONS tab
for Asset Details that allows you to view the running processes with listening
ports and open ports.
Vulnerability
Enhancements
● Open Vulnerabilities page enhancements:
● New filter Package status that allows you to refine the open vulnerabilities list for
packages that are installed but not running, packages that are running as
privileged user, and packages that are running as non-privileged user.
● New filter CVE Label on the Open Vulnerabilities page that allows you to refine
the open vulnerabilities list as per CVE labels.
Cloud Security
New Features
Risk Prioritization for AWS
Risk Prioritization provides dynamic, context-rich analysis across cloud security
domains. Categorizing risks into Critical, High, Medium, or Low tiers, it tailors
prioritization to unique organizational security postures. Leveraging continuous
real-time data from the osquery and comprehensive Agentless Scanning, it ensures
nuanced risk assessment and a nimble response to evolving threats.
Enhancements
AWS
● Revamped the AWS Overview page to provide quick access to vital information
related to resource inventory, risky combinations, vulnerability insights,
compliance coverage and detections..
● Enhanced the Effective Permissions application to support the following tags in
condition blocks evaluation for both identity and resource-based policies:
○ AWS:PrincipalAccount
○ AWS:PrincipalARN
● Enhanced the Access Keys search on Cloud Threat Investigation Dashboard that
allows you to search for keys over the past 7 days, 30 days, or a custom date.
● Cloud Discovery IAM role relationship graph enhancements:
○ Added context menu on the Resource Affected card to help you navigate
to the security graph, other cloud discovery graphs, viewing the EP graph,
or asking graph questions.
○ View the identities capable of assuming the role, whether cross-account or
local to help for better role assumption insights
Azure
● For AKS, added an option in the Security Graph to navigate to the Kubernetes
details page to view more information.
● Added a new column flavor to the azure_cosmosdb_account_current table for
the CosmosDB service.
● Enhanced the Logs Analytics search on Cloud Threat Investigation Dashboard
that allows you to search for the logs for a custom date and service principal.
Kubernetes and Container Security
Enhancements
● For images scanned by registry scanner or CI scanner, you can view the latest
malware and secrets scan results. It provides you with visibility into potential
security threats associated with a given image.
● Enhanced the Registry onboarding process with a wizard to seamlessly integrate
the registry with real-time tracking of the onboarding process.
Known Issues
● Disk Scan results may show Partially Completed status even when all the hosts
have completed the scan and have returned the results. This will be addressed in
the next release.