Current Release - Release Notes Ransomware Defender for ECS
| Release Date | Version |
|---|---|
| 11/28/2023 | 2.6.4-23365 |
- What’s New in Superna Eyeglass Ransomware Defender for ECS - Release 2.6.4 (11/28/2023)
- New in Superna Eyeglass Ransomware Defender for ECS - Release 2.6.3 (09/28/2023)
- Supported ECS releases
- End of Life Notifications
- Technical Advisories
- New in Superna Eyeglass Ransomware Defender for ECS - Release 2.6.2 (09/01/2023)
- New in Superna Eyeglass Ransomware Defender Edition Release 2.6.1 (08/03/2023
- New in Superna Eyeglass Ransomware Defender Edition Release 2.6.0 (06/29/2023)
- Fixed in 2.6.0
- RWD-279 Lockout API returns response code 500 for ECS IAM User
- RWD-365 ECS version 3.8 is now supported in Ransomware Defender for ECS and AirGap for ECS
- New in Superna Eyeglass Ransomware Defender Edition Release 2.5.12 (05/09/2023)
- Fixed in 2.5.12
- RWD-380 TD11 is not triggered as described in the documentation when using ECS
- New in Superna Eyeglass Ransomware Defender Edition Release 2.5.11 (04/03/2023)
- New in 2.5.11- 23110
- New in 2.5.8.1-22116
- New/Fixed in 2.5.8.1-22100
- New in 2.5.8.1-22080
- T21791 Ransomware Defender API retrieval of ECS active events
- Fixed in 2.5.8.1-22080
- T20753 Error in Manage Services for vaultagent
- T17777 ECS bucket versioning option not working
- Build Version: 2.5.8-21189 - First release
- Known Issues
- T20613 Continuous Operation Dashboard does not show ECS
- T20616 CLI restore command not available for ECS user
- T20649 Security Guard Job Identifier null in Security Guard log
- T20775 Edit ECS Username or Password results in issue with displaying Inventory
- T20672 Monitor List IP address does not work for ECS
- T22778 IAM user event does not produce a csv file of events and files
- T23359 Failed to enable ECS versioning
- T23435 Flag as false positive does not work for IAM user event
- RWD-362 Support ECS on RWD when turboaudit REST api is configured
- RWD-217 Event fails to upgrade with multiple user (ECS events only)
- Managing Multiple ECS
- NFS operations on ECS are not monitored by Ransomware Defender (T20683)
What’s New in Superna Eyeglass Ransomware Defender for ECS - Release 2.6.4 (11/28/2023)
New in Superna Eyeglass Ransomware Defender for ECS - Release 2.6.3 (09/28/2023)
First release of Ransomware Defender for ECS offering following functionality:
| Ransomware Defender Feature | Supported for ECS |
|---|---|
| Real - time detection | Yes |
| Behavior based detection | Yes |
| object tracking per security event | Yes |
| RBAC | Yes |
| IAM user lockout support | Yes with 3.7 and 3.8 |
| Ignore list, Monitor list | Yes |
| Security Guard Test Feature | Yes |
| Learning Mode | Yes |
| Bucket level reporting | Yes |
| Native REST API integration with managed device | Yes |
| Audit data input over S3 | Yes |
| Source IP of compromised PC | Yes |
| Per user lockout | Yes |
| Snapshots | No - not a supported ECS feature |
| Airgap | No |
Supported ECS releases
3.6
3.7
3.8
End of Life Notifications
End of Life Notifications for all products are available here.Technical Advisories
Technical Advisories for all products are available here.
New in Superna Eyeglass Ransomware Defender for ECS - Release 2.6.2 (09/01/2023)
New in Superna Eyeglass Ransomware Defender Edition Release 2.6.1 (08/03/2023
New in Superna Eyeglass Ransomware Defender Edition Release 2.6.0 (06/29/2023)
Fixed in 2.6.0
RWD-279 Lockout API returns response code 500 for ECS IAM User
Lockout API returns response code 500 for ECS IAM User
RWD-365 ECS version 3.8 is now supported in Ransomware Defender for ECS and AirGap for ECS
New in Superna Eyeglass Ransomware Defender Edition Release 2.5.12 (05/09/2023)
Fixed in 2.5.12
RWD-380 TD11 is not triggered as described in the documentation when using ECS
TD11 is not triggered as described in the documentation when using ECS
New in Superna Eyeglass Ransomware Defender Edition Release 2.5.11 (04/03/2023)
New in 2.5.11-23110
Zero Trust API now supports locking out ECS users.
New in 2.5.8.1-22116
Refer to previous build versions.
New/Fixed in 2.5.8.1-22100
Refer to previous build versions.
New in 2.5.8.1-22080
T21791 Ransomware Defender API retrieval of ECS active events
The SERA API call /sera/v1/ransomware/rswevents now returns Object Buckets as well as RSW event type.
Fixed in 2.5.8.1-22080
T20753 Error in Manage Services for vaultagent
In 2.5.8 Manage Services shows an error for the vaultagent component. Impact: None to Ransomware Defender. This component is not required for Ransomware Defender.
Resolution: Now vaultagent is removed from component list.
T17777 ECS bucket versioning option not working
The Ransomware Defender Threshold Detection Settings option "ECS bucket versioning" will cause an error if versioning policy not already configured on the ECS. Impact: This issue has no impact on ability to perform the lockout. This option is planned to be removed in a future release.
Resolution: This option has now been removed.
Build Version: 2.5.8-21189 - First release
Known Issues
T20613 Continuous Operation Dashboard does not show ECS
The Eyeglass desktop Continuous Operation Dashboard used to verify reachability and version of devices managed by Superna Eyeglass does not list this information for the ECS.
Workaround: Reachability alerts are sent if ECS is found to be unreachable from Superna Eyeglass.
T20616 CLI restore command not available for ECS user
The igls rsw restoreaccess command which is available to manually restore access to locked out user from the Eyeglass appliance command line does not work for ECS users.
Workaround: Enable the account using ECS native tools.
T20649 Security Guard Job Identifier null in Security Guard log
The Security Guard Job identified appears as "null" at the bottom of the Security Guard log. Impact: No impact to completion of Security Guard Job.
Workaround: None required
T20775 Edit ECS Username or Password results in issue with displaying Inventory
If the Username and/or Password used by Eyeglass to manage the ECS are edited, the change is saved successfully but the Inventory view remains in "... updating...." mode. Impact: No impact to Ransomware Defender security event detection. Unable to view the ECS components discovered by Eyeglass from the GUI.
Workaround: ssh to the Eyeglass appliance and sudo to root and then restart the Eyeglass sca service: systemctl restart sca
T20672 Monitor List IP address does not work for ECS
Even if an IP address is configured in the Monitor list, an ECS detection from that IP address will not be in monitor mode. It will be subject to lockout as per the event severity.
Workaround: Use User or path as an alternative in the Monitor Configuration.
T22778 IAM user event does not produce a csv file of events and files
A detection for IAM user will show a sample of affected objects in the GUI but the related csv file is not created. Impact is for IAM user only. The csv file is available for object user.
Workaround: Use the GUI to see a sample of affected objects.
T23359 Failed to enable ECS versioning
A Failed to enable ECS versioning alarm may be raised after upgrade to 2.5.8.1. This alarm has no impact.
Workaround: None required
T23435 Flag as false positive does not work for IAM user event
Learned threshold cannot be updated for an IAM user event either manually using Archive as False Positive or in automatic learning mode.
Workaround: None available. Leave IAM account in monitor mode if you do not want a lockout based on a false positive.
RWD-362 Support ECS on RWD when turboaudit REST api is configured
Support ECS on RWD when turboaudit REST api is configured
RWD-217 Event fails to upgrade with multiple user (ECS events only)
Known Limitations
Managing Multiple ECS
Managing multiple ECS has the following limitations:
- vdc names must be unique across the ECS being managed as the vdc is used by Superna Eyeglass Ransomware Defender as the unique identifier for the ECS.
NFS operations on ECS are not monitored by Ransomware Defender (T20683)
ECS Web Access Logs that are used to monitor S3 operations against objects on the ECS do not contain NFS operations and therefore NFS operations against objects on the ECS are not monitored by Ransomware Defender.