1.6
11 months ago by James Evans
Detect 1.6 was released on Dec 14, 2023
Prelude is excited to bring you the next version of Detect. This release includes the following improvements:
Insights Dashboard
- When logging into Detect, users are now taken to the new Dashboard page. Detect's new Dashboard shows a historical view of your hosts' protection, with details about top advisories, and endpoints.
- Prelude has added a new Activity Dashboard to Detect. The Activity Dashboard provides a detailed list of endpoints filterable by Test, Platform, Operating System, EDR, and EDR Prevention Policy.
- Prelude's new Activity Dashboard compares protection levels across Platforms, Operating Systems, EDR, and EDR Prevention Policies and recommends single changes that bring the highest possible protection level increase.
- Prelude now bases its overall protection % on protected vs unprotected events rather than on host counts.
- Detect now includes probes that have not yet run any tests in its endpoint reports. Previous to this change endpoints were not counted or reported on until they'd run at least one test.
Detect Management
- Prelude detect now supports Single Sign On via OpenID Connect. Customers can configure OIDC authentication through Microsoft, Google, or Okta.
- OIDC users can still export an authentication keychain which will include references to OIDC configured accounts for easy access through the user handle dropdown.
- User management and Integrations have been consolidated into a single Account Settings page.
- Detect now supports sending
- Detect now redirects users to a login page when their session expires.
- Detect now correctly provides a 401 instead of a 403 on authentication failures.
Advisories and Tests
- The following new security tests were added to Detect:
- APT40: Find and Exfiltrate
- BlackTech
- Snatch Ransomware
- Living off the Land: Zip and Encrypt Ransomware
- Keylogging
- S(C)wipe
- SharpHound
- WellMess Trojan
- Agent Tesla
- CVE-2022-36804
- GhostLoader
- PT29: Stegnanography
- AvosLocker Ransomware
- Conti Ransomware
- CVE-2022-22965
- Common Linux Enumeration
- CVE-2023-22515
- Unrestricted Code Execution
- ZeroLogon
- Remote Management Tools
- CVE-2023-4966
- GootLoader
- DCSync
- Star Blizzard
- Brute Force
- SharpUp
Integrations
- Prelude now supports advanced alert suppression in CrowdStrike and Microsoft Defender. Contact your Technical Account Manager for details about configuration alert suppression in your environment.
- Detect now includes deep links to CrowdStrike filter expressions that users can use to see details in CrowdStrike's console about Detect test outcomes.
- Prelude corrected an error in which probe deployment via CrowdStrike would occasionally time out.
- Prelude now includes the test name when submitting IOCs to CrowdStrike and Defender.