- OSQUERY KILLS EC2 UPDATE
- OSQUERY KILLS EC2 CODE
- OSQUERY KILLS EC2 DOWNLOAD
- OSQUERY KILLS EC2 FREE
- OSQUERY KILLS EC2 WINDOWS
OSQUERY KILLS EC2 WINDOWS
Updated the application icon for the Windows agentĪdded timeout for evidence repositories on agent
OSQUERY KILLS EC2 CODE
Increased timeout duration for Azure Blob Storageįixed returning wrong http status code for invalid evidence repository Idįixed timeline wrong date range issue on exportįixed multiple role assignment issue on UIįixed showing "Reset filter" button in the timelineįixed privilege hierarchy issue between organization and global admin rolesįixed not showing 404 page for case sectionįixed webhook URLs display issue in some casesįixed duplicated start date field in scheduled task detailįixed no link issue on "see details" text on Settings > Connection pageįixed broken KB links for Webhooks and SSOĪdded Yara external variables and removed yara+ modules (file, process)Įnriched triage case report for file matches for LinuxĪdded webhook support for Elasticsearch Logstash Kibana (ELK) InterACT: A cross-platform remote shell session capability that allows the users to run commands on remote endpoints for triage, mitigation, and remediation purposes in situations such as cyber incident response activities. Improved evidence repository background upload mechanism with persistent retriesįixed minor memory leak of canceled tasksįixed interACT exec command stdin issues on Windowsįixed a bug related to listing unsupported drone analyzersįixed policy list on task creation, missing policies
OSQUERY KILLS EC2 FREE
Improved evidence collection on low capacity endpoints by letting AIR automatically select the volume with the greatest available free space ( credits: Babak M.)
OSQUERY KILLS EC2 UPDATE
Improved zip command in interACT - Now zips to folderĪdded new metrics for case report memory sectionįixed unquoted service path issue after a config update (CVE-2021-42563)įixed evidence repository name and path validation issueįixed system resource usage not updating in interACT session issueįixed an issue that allowed task assignment to endpoints with an old agentįixed webhook addresses not updated after a change of console addressįixed opening report issue in Safari browserĪdded autocomplete functionality to interACTĪdded new privilege to allow changing endpoint labelĪdded auto asset tag rules for Docker and KubernetesĪdded ability to handle Unicode file paths in YARA scannerĪdded ability to specify a temporary staging directory for acquisition tasks that use evidence repository Added total and per channel limit for Events of Interest and Event Records analyzer.įixed evidence repository path validation bugįixed interACT curl command's missing CA certificates on Windowsįixed a bug in sigma triage to kill DRONE process when task is canceledįixed an issue with the DRONE Linux x86 build.Īdded e-Discovery collection to acquisition profiles ( credit Yalkin D.)Īdded agent support for Linux arm64 (aarch64)Īdded IP Address column to Endpoint tableĪdded silent installation tooltip for SCCM agent deploymentĭRONE keyword search capability is now more visible Improved DRONE Ransomware Analyzer performance. Improved triage to allow the same Yara rule name in different rulesetsĪdded time frame limit to DRONE Event Records Analyzer Upgraded interACT curl executable to version 7.82.0 Hardened to prevent less-privileged users from accessing sensitive settings data View and Update Organization privileges moved from system privileges to user privileges
OSQUERY KILLS EC2 DOWNLOAD
Improved security of sensitive credentials saved in the AIR settingįixed an issue with the status of the agent update taskįixed a minor bug in unique case directory creation on endpointsĪdded sort and tree options to interACT pslist commandĪdded auto asset tag rules for Apache, Redis, Mysql and RabbitmqĪdded tamper detection type to audit log descriptionĪdded filtering audit logs by endpoint nameĪdded TACTICAL and DRONE KB download linksĪdded required privileges section to interACT command help pages Improved UI performance in various locations Improved Auto Asset Tagging task assignment Improved performance of agent installation on Windows Upgraded interACT osquery executable to version 5.2.3
Upgraded interACT curl executable to version 7.83.1
Improved evidence compression performanceĮnabled option not to compress evidence on collection You can now have interACT sessions with isolated Windows endpointsĪdded new evidence and artifact types to Windows acquisitionĪll active interACT sessions are now ended when interACT is disabled from settingsĪdded "New Rule" shortcut to Triage assignment screenĪdded keyboard support for confirming and dismissing popups (Enter/Esc) Added support for FTPS evidence repositories
0 kommentar(er)
