Middleware (REST Servers)
- _General
- Middleware 01.23
- Middleware 04.23
- Middleware 08.23
- Middleware 11.23
- Middleware 04.24
- Middleware 09.24
- Middleware 05.25
- Middleware 12.25
_General
Middleware 01.23
Features
Implemented controller for training licenses and added a training license expiration service.
Updated each endpoint to account for the web application’s new training mode feature along with tests to each endpoint for training mode.
Added an endpoint for resetting all of a parent group’s training data to its original state.
Implemented endpoints for the new password aging policy setting for groups.
Adding documentation for the Reactive Springboot endpoints.
Middleware 04.23
Features
Partner Portal Updates:
Implemented endpoints for the new Register Deal process with Cyber Crucible approval of deals
Updated the PartnerDeal model to have a type associated with deals, each having a percentage discount associated with them
Also updated the PartnerDeal model for both Referral type deals to store the Dashboard User Account to associate with the licenses for the deal
Updated the PartnerDeal model to be able to separate Monthly vs Annual billing for payment of deals
Includes updating existing endpoints to account for Monthly vs Annual billing for Stripe
Implemented endpoints to be able to send quotes through Stripe for a deal
Implemented endpoint to resend the Stripe invoice for a deal
Implemented endpoint to edit multiple fields for a deal at the same time, associated with the edit deal modal in the Web Application
Agent/License Management:
Implemented endpoint to bulk assign licenses to agents
Implemented endpoint to change the automatic re-licensing setting for a given agent
Implemented endpoint to release a license from an agent by passing the agentId in the request
Implemented endpoints to retrieve and save the user setting to show the installer script config icon on the Groups grid
Implemented endpoint to retrieve the Agent Installer Script Client Auth value for a group
Updated our AV Scanner Service to search in the identity incident collection in addition to the process creation collection
Various updates to our list of default data + identity whitelists for AVs.
Implemented new change stream endpoint to listen for new Extortion Response insertions
Implemented endpoint to copy whitelists to another group
Implemented endpoint to download the Memory Diff File for an incident
Implemented categorizing identity incident programs into applications
Implemented saving column modes for each web page grid and saving chart visibility settings
Middleware 08.23
Features
Partner Portal Updates:
Implemented endpoints to be able to create a POC for approved partner deals
Implemented endpoints for the Distributor Group Management page in the Web Application
Implemented endpoint to return the data for the Payment Management grid in the Web Application
Implemented the ability to change a partner deal’s owner
Implemented the ability to set a custom memo for partner deals that appear on the Stripe invoices and quotes
Implemented endpoint to be able to resend user account invitations
Added more application labeling options for Identity Access objects
Updating the Group model for partner groups to have new boolean fields for the type of partner
Updating the Group model to have a list of canary extension configs
Various updates to our list of default data + identity + cert whitelists for AVs
Enabling HTTP/2 support
Upgrading our Spring Boot to the latest version along with various other dependencies
Implemented notification alerts for Abnormal Identity Accesses
Enabled server response compression for agents
Implementing filtering for the Identity Access grid’s No Trusted Cert column in the Web Application for the “Disconnected Retrieving Cert Info” and “Timed Out Retrieving Cert Info” options
Fixed issue in our partner deal expiration notification service to not send expired emails for completed deals
Middleware 11.23
Features
Whitelist Updates
Implemented the ability to create an exception with the parent program path and arguments
Implemented the ability to create an exception to match extortion responses when there are only trusted certs, match only when there are no related injections, and match only when there is no modified memory
Implemented the ability to create an exception to match specific file access triggers
Implemented group setting for automatically freeing licenses for inactive agents
Updated Group model to have setting for when to free licenses from inactive agents in the group. Options are 30/60/90 days, or have this setting turned off
Updated Agent model to have new inactive status
Implemented service to automatically free inactive agents' licenses according to their group setting
Updated the endpoint for the retrieving extortion responses to include the parent program path and arguments
The parent program path and arguments are now also included in the unique extortion response counts for the Web Application, Security Notification alerts, and Executive Summaries
Updated our Executive Summary Reports to separate out the Licenses slide to individual Desktop and Server Licenses slides
Updated Security Email Notification model and the Security Notification service to include two new alert types
Behavioral Model Tuned
New Agent Version
When a group’s managed update settings are changed to have auto update turned off, a New Agent Version notification is automatically created for the group
User Role/Permission Updates
Updated the Role model Incident Manager permissions to now only have view/edit for whitelists and silent response rules
Groups now have 3 default roles that are not user editable:
Admin
Read Only
Guest
Users added to a group by default are assigned the Guest Role
Implemented endpoints for the Web Application Browser Utility Process Tuning Modal to easily manage how agents in groups should respond to chrome utility processes
Updated the endpoint for the Agents page chart to be able to limit counts to agents that have called in over the past 30/60/90 days
Updated the Security Notification Ransomware Activity email alert to include a link that will automatically redirect users to the Extortion Responses page with the a filter to show the responses the alert was for
Implemented group setting for agents in a group to run in safe mode or not
Implemented a powershell script option for installing agents
Upgrading our Spring Boot to the latest version
Various updates to our list of default data + identity + cert whitelists for AVs
Middleware 04.24
Features
Implemented the group setting and related endpoints for the setup and management of proxy configurations to assist in agent deployment
Updated our telemetry data endpoints to be able to view all telemetry data or only data directly related to an extortion response
Implemented the group setting for automatically hiding agents in groups when a license is released from an agent, an agent is marked as inactive, or an agent completes an uninstall
Updated the links to our dashboard in our notification emails to contain a URL Parameter used to automatically filter data on the related frontend grid to show what triggered the notification
Updated the endpoint used for the frontend Agent Licenses chart to include counts for both Desktop and Server licenses
Implemented endpoints for the new Customer Deployment Health frontend page
Updated our process tuning to account for Microsoft Edge WebView
Middleware 09.24
Features
Implemented the endpoints for the new Group DMZ Mode setting
Updated the Deal Registration endpoints to be able to register multi-year deals with the ability to pay up front or pay yearly for multi-year deals
Added the ability to view the root cause analysis for Identity Accesses
Implemented Temporary Tailored Behaviors
Updated the User model to save the setting for hiding or showing expired Agent Licenses by default on the Agent Licenses grid
Updated the Security Notification model and related endpoints/services for the new offline agent alert options of Partially and Fully Offline agents
Updates to the endpoints related to adding the new columns on the frontend on the Agents grid to show when the assigned license expires, and when the license was assigned to the agent
Added setting to the Group Model for agents in the group to show the agent icon in the related agent machine’s system tray
Updated the server side grid queries to be able to take in multi condition filters for the same key/column
Middleware 05.25
Features
Updated the Sales Notification model with new types:
Distributor Partners can receive alerts when their reseller subgroups create a new Deal Registration
Partner Deal POC activity
Updated the authentication process to allow for SSO integration with Microsoft Entra ID (Azure Active Directory)
Updated the agent installer endpoint to allow for a new installer type for Native Cli
Updated the endpoints for the Distributor Partner new updates
Added a new Partner in Motion model
Updated the Partner Deal Registration model to add the ability for distributors to approve their reseller subgroup’s deals
Added ability for Distributor Partners to edit the multi year discounts for their reseller subgroups
Added ability for distributors to send themselves quotes with their distributor pricing for a reseller subgroup’s deal
Added requirement for when a reseller subgroup registers a deal to require the Subgroup Reseller Agreement to be uploaded by their parent distributor on the Distributor Group Management page
Updated the Role model with a new Partner Deal Manager for deal registration operations and updated each related endpoint to check for permission
Added the endpoint for editing a group setting’s in bulk
Upgraded our Spring Boot to the latest version
Improved the queries used for generating executive reports to reduce the time it takes to generate the report
Moved our telemetry collections in the database to use sharding
Updated the agents query used for the dashboard grid to include if the agent is a server or not
Updated the /updateGroupAutomaticallyHideAgentsReactive endpoint to retroactively apply the update to existing agents
Major authentication updates to allow agents to call into our REST Servers with the new hosted OAuth authentication
Added new endpoints for DLL telemetry submission by agents
Middleware 12.25
Features
Added new endpoints for DLL Visualization on the dashboard for viewing related untrusted module loads for Extortion Responses, Process Creations, Process Injections, and Identity Accesses
Updated the Extortion Response and Identity Access endpoints for the dashboard queries to return additional fields for DLL Visualization including modified module memory, modified module path, etc
Updated the Agent model to have new fields for if the agent is fully configured and the date the agent was first fully configured
Added new endpoints and controller for the AI Firewall Management page
Updated the endpoint that returns the list of agents for the dashboard to include new fields for which rest server and OAuth server the agent is calling to, and the WAN IPv4 and IPv6 of the agent
Added new endpoint for the Extortion Responses page that allows users to view all fields for an Extortion Response in this endpoint rather than using the existing endpoint that offers a condensed view of the fields and requires an additional api call to get more details.
Users on the dashboard can use the toggle on the Extortion Responses page to use the previous grid option and the new grid option that returns all fields in one grid
Added a new option to Security Notifications to include a CSV file in the email alert for Ransomware and Identity Access Alerts containing information on why the alert was triggered.