1.4

Detect 1.4 was released on Aug 14, 2023

Prelude is excited to bring you the next version of Detect. This release includes the following improvements:

Host Management

  • Various improvements were made to the Tagging experience to make it more user friendly.
  • Test results in the Host Detail view now provide user friendly terms for test results and provide a link to the associated Test Detail view.
  • The Host Detail view now displays the last beacon time for the host.
  • We've resolved an issue that could result in duplicate tags being applied to a single host.
  • Importing credentials in Safari should now succeed on the first try.
  • Prelude will now expire trial accounts that have been inactive for 45 days.

Test Scheduling

  • Following the introduction of Monday, Tuesday, Wednesday, Thursday, Friday, Saturday, Sunday, and First day of the month test frequencies, Detect has deprecated "Weekly" and "Monthly" frequencies. Tests scheduled for Weekly have been migrated to Every Monday. Tests scheduled for Monthly have been moved the First day of the month.
  • We resolved an issue in which under rare circumstances Prelude could continually run tests when scheduled to run every 4 hours.

Advisories and Tests

  • Prelude has updated our Advisory pages. These pages are publicly available and provide details about CISA Advisories including testing insights from Prelude's security testing team. When viewing Advisory pages, Detect users see details about their environment with easy access for testing and remediation workflows.
  • Detect's main page now includes a filter for Advisories, Health Checks, and Response Tests. Date filtering has been pulled up into the filter bar.
  • Detect's Test Detail view now includes additional information including the MITRE ATT&CK techniques at work in the tests, and any associated CISA Advisories.
  • Detect now preserves filter and sorting choices when navigating back and forward in your browser.
  • Various performance enhancements have been made to Detect's executive dashboard, the page should load faster now.
  • Cross-Origin Resource Sharing (CORS) policy enforcement has been improved reducing erroneous CORS errors when browsing Detect.
  • Health test result codes now correctly match their intended status, unhealthy findings are red, healthy results are green.
  • The following new security tests were added to Detect:
    • CVE-2022-26134
    • CVE-2022-30190
    • CVE-2022-1388
    • CVE-2022-22960
    • CVE-2022-22954
    • CVE-2021-26084
    • CVE-2021-40539
    • ProxyShell
    • CVE-2018-13379
    • IDOR Exploitation

Integrations

  • Detect now gives users the option to send a blocking IOC to EDR partners for failed tests from the Host Detail View. Detect no longer automatically sends IOC block requests for failed checks.
  • Detect now supports simultaneous integration with multiple EDR partners.
  • Detect now allows administrators to specify the base URL for EDR integrations.
  • Detect now provides test name, exit code, hostname, test unit, and other information when sending reports to Splunk.
  • Users who navigate away from the Integration Detail view and then click back will land correctly in the Integration Detail view.

API

  • Prelude's API is now rate limited to 250 requests per 5 minutes.