# Middleware (REST Servers)

# _General

<title id="bkmrk-cyber-crucible-knowl">Cyber Crucible Knowledge Base : Middleware (REST Servers)</title> <link href="styles/site.css" id="bkmrk-" rel="stylesheet" type="text/css"></link> <meta content="text/html; charset=UTF-8" http-equiv="Content-Type" id="bkmrk--1"></meta></head><body><div id="bkmrk-created-by-dennis-un"><div class="aui-page-panel" id="bkmrk-created-by-dennis-un-1"><div id="bkmrk--2"><div id="bkmrk--3"> </div> </div><div class="view" id="bkmrk-created-by-dennis-un-2"><div class="page-metadata"> Created by <span class="author"> Dennis Underwood</span> on Jan 02, 2023 </div><div class="wiki-content group" id="bkmrk--4"></div> </div> </div><div id="bkmrk-document-generated-b" role="contentinfo"> <section class="footer-body">Document generated by Confluence on May 18, 2026 19:42

<div id="bkmrk-atlassian">[Atlassian](http://www.atlassian.com/)</div> </section> </div> </div>

# Middleware 01.23

# Features

- Implemented controller for training licenses and added a training license expiration service.
- Updated each endpoint to account for the web application’s new training mode feature along with tests to each endpoint for training mode.
- Added an endpoint for resetting all of a parent group’s training data to its original state.
- Implemented endpoints for the new password aging policy setting for groups.
- Adding documentation for the Reactive Springboot endpoints.

# Middleware 04.23

# Features

- Partner Portal Updates:
    
    
    - Implemented endpoints for the new Register Deal process with Cyber Crucible approval of deals
    - Updated the PartnerDeal model to have a type associated with deals, each having a percentage discount associated with them
        
        
        - Also updated the PartnerDeal model for both Referral type deals to store the Dashboard User Account to associate with the licenses for the deal
    - Updated the PartnerDeal model to be able to separate Monthly vs Annual billing for payment of deals
        
        
        - Includes updating existing endpoints to account for Monthly vs Annual billing for Stripe
    - Implemented endpoints to be able to send quotes through Stripe for a deal
    - Implemented endpoint to resend the Stripe invoice for a deal
    - Implemented endpoint to edit multiple fields for a deal at the same time, associated with the edit deal modal in the Web Application
- Agent/License Management:
    
    
    - Implemented endpoint to bulk assign licenses to agents
    - Implemented endpoint to change the automatic re-licensing setting for a given agent
    - Implemented endpoint to release a license from an agent by passing the agentId in the request
- Implemented endpoints to retrieve and save the user setting to show the installer script config icon on the Groups grid
- Implemented endpoint to retrieve the Agent Installer Script Client Auth value for a group
- Updated our AV Scanner Service to search in the identity incident collection in addition to the process creation collection
- Various updates to our list of default data + identity whitelists for AVs.
- Implemented new change stream endpoint to listen for new Extortion Response insertions
- Implemented endpoint to copy whitelists to another group
- Implemented endpoint to download the Memory Diff File for an incident
- Implemented categorizing identity incident programs into applications
- Implemented saving column modes for each web page grid and saving chart visibility settings

# Middleware 08.23

# Features

- Partner Portal Updates:
    
    
    - Implemented endpoints to be able to create a POC for approved partner deals
    - Implemented endpoints for the Distributor Group Management page in the Web Application
    - Implemented endpoint to return the data for the Payment Management grid in the Web Application
    - Implemented the ability to change a partner deal’s owner
    - Implemented the ability to set a custom memo for partner deals that appear on the Stripe invoices and quotes
- Implemented endpoint to be able to resend user account invitations
- Added more application labeling options for Identity Access objects
- Updating the Group model for partner groups to have new boolean fields for the type of partner
- Updating the Group model to have a list of canary extension configs
- Various updates to our list of default data + identity + cert whitelists for AVs
- Enabling HTTP/2 support
- Upgrading our Spring Boot to the latest version along with various other dependencies
- Implemented notification alerts for Abnormal Identity Accesses
- Enabled server response compression for agents
- Implementing filtering for the Identity Access grid’s No Trusted Cert column in the Web Application for the “Disconnected Retrieving Cert Info” and “Timed Out Retrieving Cert Info” options
- Fixed issue in our partner deal expiration notification service to not send expired emails for completed deals

# Middleware 11.23

# Features

- Whitelist Updates
    
    
    - Implemented the ability to create an exception with the parent program path and arguments
    - Implemented the ability to create an exception to match extortion responses when there are only trusted certs, match only when there are no related injections, and match only when there is no modified memory
    - Implemented the ability to create an exception to match specific file access triggers
- Implemented group setting for automatically freeing licenses for inactive agents
    
    
    - Updated Group model to have setting for when to free licenses from inactive agents in the group. Options are 30/60/90 days, or have this setting turned off
    - Updated Agent model to have new inactive status
    - Implemented service to automatically free inactive agents' licenses according to their group setting
- Updated the endpoint for the retrieving extortion responses to include the parent program path and arguments
    
    
    - The parent program path and arguments are now also included in the unique extortion response counts for the Web Application, Security Notification alerts, and Executive Summaries
- Updated our Executive Summary Reports to separate out the Licenses slide to individual Desktop and Server Licenses slides
- Updated Security Email Notification model and the Security Notification service to include two new alert types
    
    
    - Behavioral Model Tuned
    - New Agent Version
        
        
        - When a group’s managed update settings are changed to have auto update turned off, a New Agent Version notification is automatically created for the group
- User Role/Permission Updates
    
    
    - Updated the Role model Incident Manager permissions to now only have view/edit for whitelists and silent response rules
    - Groups now have 3 default roles that are not user editable:
        
        
        - Admin
        - Read Only
        - Guest
    - Users added to a group by default are assigned the Guest Role
- Implemented endpoints for the Web Application Browser Utility Process Tuning Modal to easily manage how agents in groups should respond to chrome utility processes
- Updated the endpoint for the Agents page chart to be able to limit counts to agents that have called in over the past 30/60/90 days
- Updated the Security Notification Ransomware Activity email alert to include a link that will automatically redirect users to the Extortion Responses page with the a filter to show the responses the alert was for
- Implemented group setting for agents in a group to run in safe mode or not
- Implemented a powershell script option for installing agents
- Upgrading our Spring Boot to the latest version
- Various updates to our list of default data + identity + cert whitelists for AVs

# Middleware 04.24

# Features

- Implemented the group setting and related endpoints for the setup and management of proxy configurations to assist in agent deployment
- Updated our telemetry data endpoints to be able to view all telemetry data or only data directly related to an extortion response
- Implemented the group setting for automatically hiding agents in groups when a license is released from an agent, an agent is marked as inactive, or an agent completes an uninstall
- Updated the links to our dashboard in our notification emails to contain a URL Parameter used to automatically filter data on the related frontend grid to show what triggered the notification
- Updated the endpoint used for the frontend Agent Licenses chart to include counts for both Desktop and Server licenses
- Implemented endpoints for the new Customer Deployment Health frontend page
- Updated our process tuning to account for Microsoft Edge WebView

# Middleware 09.24

# Features

- Implemented the endpoints for the new Group DMZ Mode setting
- Updated the Deal Registration endpoints to be able to register multi-year deals with the ability to pay up front or pay yearly for multi-year deals
- Added the ability to view the root cause analysis for Identity Accesses
- Implemented Temporary Tailored Behaviors
- Updated the User model to save the setting for hiding or showing expired Agent Licenses by default on the Agent Licenses grid
- Updated the Security Notification model and related endpoints/services for the new offline agent alert options of Partially and Fully Offline agents
- Updates to the endpoints related to adding the new columns on the frontend on the Agents grid to show when the assigned license expires, and when the license was assigned to the agent
- Added setting to the Group Model for agents in the group to show the agent icon in the related agent machine’s system tray
- Updated the server side grid queries to be able to take in multi condition filters for the same key/column

# Middleware 05.25

# Features

- Updated the Sales Notification model with new types:
    
    
    - Distributor Partners can receive alerts when their reseller subgroups create a new Deal Registration
    - Partner Deal POC activity
- Updated the authentication process to allow for SSO integration with Microsoft Entra ID (Azure Active Directory)
- Updated the agent installer endpoint to allow for a new installer type for Native Cli
- Updated the endpoints for the Distributor Partner new updates
    
    
    - Added a new Partner in Motion model
    - Updated the Partner Deal Registration model to add the ability for distributors to approve their reseller subgroup’s deals
    - Added ability for Distributor Partners to edit the multi year discounts for their reseller subgroups
    - Added ability for distributors to send themselves quotes with their distributor pricing for a reseller subgroup’s deal
    - Added requirement for when a reseller subgroup registers a deal to require the Subgroup Reseller Agreement to be uploaded by their parent distributor on the Distributor Group Management page
- Updated the Role model with a new Partner Deal Manager for deal registration operations and updated each related endpoint to check for permission
- Added the endpoint for editing a group setting’s in bulk
- Upgraded our Spring Boot to the latest version
- Improved the queries used for generating executive reports to reduce the time it takes to generate the report
- Moved our telemetry collections in the database to use sharding
- Updated the agents query used for the dashboard grid to include if the agent is a server or not
- Updated the /updateGroupAutomaticallyHideAgentsReactive endpoint to retroactively apply the update to existing agents
- Major authentication updates to allow agents to call into our REST Servers with the new hosted OAuth authentication
- Added new endpoints for DLL telemetry submission by agents

# Middleware 12.25

# Features

- Added new endpoints for DLL Visualization on the dashboard for viewing related untrusted module loads for Extortion Responses, Process Creations, Process Injections, and Identity Accesses
- Updated the Extortion Response and Identity Access endpoints for the dashboard queries to return additional fields for DLL Visualization including modified module memory, modified module path, etc
- Updated the Agent model to have new fields for if the agent is fully configured and the date the agent was first fully configured
- Added new endpoints and controller for the AI Firewall Management page
- Updated the endpoint that returns the list of agents for the dashboard to include new fields for which rest server and OAuth server the agent is calling to, and the WAN IPv4 and IPv6 of the agent
- Added new endpoint for the Extortion Responses page that allows users to view all fields for an Extortion Response in this endpoint rather than using the existing endpoint that offers a condensed view of the fields and requires an additional api call to get more details.
    
    
    - Users on the dashboard can use the toggle on the Extortion Responses page to use the previous grid option and the new grid option that returns all fields in one grid
- Added a new option to Security Notifications to include a CSV file in the email alert for Ransomware and Identity Access Alerts containing information on why the alert was triggered.