1.5
over 1 year ago by James Evans
Detect 1.5 was released on Sep 21, 2023
Prelude is excited to bring you the next version of Detect. This release includes the following improvements:
Insights Dashboard
- The Insights Dashboard chart now shows 1 bar per day.
- To improve Detect's performance, we've limited the Insights Dashboard to show only 30 days of history, down from 60 days.
- Detect now supports password reset. Users who've lost their Token can provide their email address and Account ID to receive a reset email.
- Detect will now correctly prompt users to save credentials when resetting their password.
- We resolved an issue in which new users were not prompted to save their credentials in some circumstances.
- We resolved an issue in which unverified users who's accounts were deleted could in some cases still verify their accounts.
- We resolved an issue in which in rare cases a host's last event could be more recent than the host's reported last check in date.
Host Management
- Probes now log correctly on Amazon Linux 2 and Ubuntu 1804.
- Probes' check in frequency has been increased from once every 4 hours to every hour. Probes should now respond more quickly to newly scheduled tests.
Test Scheduling
- Detect's scheduling interface has been updated. Users can now easily see currently scheduled tests, bulk edit test schedules, and can edit, clone, and delete tests via inline shortcuts. Weekly and Monthly frequencies have been reintroduced and will randomly distribute testing over the week or month respectively.
- Users who enable Autopilot in Detect's Schedule can now manually configure schedules for individual tests. When Autopilot is enabled Detect will determine the most important tests to run among your unscheduled tests. With this change users can now schedule individual tests while leaving Autopilot enabled for the remainder of the tests.
- We've removed Every 4 hours as an available frequency.
- In addition to Test Names, Detect now displays Test IDs in the Scheduling UI.
- Users are now taken to the Schedule page when completing a bulk edit.
Advisories and Tests
- Detect now supports uploading files without extensions when creating tests.
- We've removed health tests from Detect.
- The following new security tests were added to Detect:
- Snatch Ransomware
- APT29: 2021 Republican National Committee
- APT29: 2016 Democratic National Committee
- CVE-2022-42475
- CVE-2022-47966
- Ryuk Ransomware
- Restricted Admin
- Perun's Fart
- Seatbelt
- Conti Discovery
- Pass-the-Ticket
- Docker Socket Escape
- Docker Daemon Privilege Escalation
- CVE-2021-41773
- Certify
- CVE-2022-35914
- SharpWMI
- CVE-2014-6271
- CGroup Docker Escape
- Process Injection: CreateRemoteThread
Integrations
- Detect now supports integration with Sentinel One. As with all EDR integrations Detect will capture endpoint IDs for Sentinel One protected endpoints and support remediation rule submission for unprotected test results.
- Detect now supports automated alert suppression for EDR partners. Contact your Prelude support representative for more information on setting up your EDR to suppress security alerts prompted by Prelude tests.
- For users who integrate with CrowdStrike and/or Sentinel One, Detect now collects endpoint Policy information that can aid in gauging the effectiveness of security policies in protecting endpoints. This information can be viewed via the CLI.
- Integrations with Microsoft Defender can now be configured in the Integration UI.
- We resolved an issue in which deep links into CrowdStrike could be malformed.
- We resolved an issue in which users with multiple EDR partner integrations would see EDR Endpoint IDs from only one integration.