Current Release - Release Notes Ransomware Defender AWS
Release Date | Version |
---|---|
09/09/2023 | 3.2.0 |
- What’s New in Superna Eyeglass Ransomware Defender AWS Edition Release 3.2.0
- New in 3.2.0
- FSx lockout
- Fixed in 3.2.0
- RWDAWS-744 [Multi Account Support] : FSx - permissions to add in cloudformation template for fsx cross account lockout/restore functionality
- New in Superna Eyeglass Ransomware Defender AWS Edition Release 3.1.1 (06/29/2023)
- Fixed in 3.1.1
- RWDAWS-386 [Webhooks] : RSW event - do not send Security guard events
- RWDAWS-377 [Webhooks] : RSW event - remove MINOR option from event severity filter
- RWDAWS-419 [Cyber Recovery Manager] : Ransomware event gets triggered when recovery job moves file to quarantine directory
- RWDAWS-416 [Cyber Recovery Manager] : Bucket versioning status is not shown correctly on UI
- RWDAWS-482 [Cyber Recovery Manager] Bucket versioning enabled - file objects are not restored to the most recent version
- RWDAWS-491 [Active Auditor] : Can not trigger CRTA policy events
- RWDAWS-231 Security Guard Log Viewer - Copy to Clipboard doesn't work
- RWDAWS-434 Add Managed Device UI - when select 'show protected buckets only' option, no data is shown
- RWDAWS-236 UI hang issues plus unrelated error messages are shown randomly
- RWDAWS-355 Able to trigger TD15 when bytes match percent tolerance is greater than default value
- RWDAWS-417 [Cyber Recovery Manager] : Missing S3 permissions for CloudFormation template
- What’s New in Superna Eyeglass Ransomware Defender AWS Edition Release 3.1.0 (05/03/2023)
- Fixed in 3.1.0
- RWDAWS-235 [Ignored List] : able to generate TD events from paths added to the ignored list
- RWDAWS-233 Remove 'Create/Delete Snapshot' option from Actions menu for an active or archived event
- RWDAWS-182 False alarm about eca node version doesn't match eyeglass version
- RWDAWS-98 Uploading files to s3 buckets triggers TD15
- RWDAWS-240 [Monitor Only Settings] : events from path added to the monitor only settings should be in monitor mode
- RWDAWS-241 Cluster up may get stuck sometimes at Initializing hbase schema step
- RWDAWS-179 [Active Auditor]: Monitor only mode - generic TD's can be raised as a warning, major and critical
- RWDAWS-239 Data Start and end times on easy audit reports are sometimes inaccurate
- Known Issues
- RWDAWS-728 FSx - Audit events can not be read in Eyeglass if the share has space in the name
- RWDAWS-723 [FSx Agent]: lockout job is stuck when SupernaFSxService is not running
- RWDAWS-749 [Active Auditor] : S3 - unable to trigger DLP events in eyeglass
- RWDAWS-672 [Stack Deployment] : unable to delete FSx event capture stack
- RWDAWS-787 [Stack Deployment] : unable to delete rwdaws stack as the EC2Role fails to delete
- RWDAWS-722 [Fsx Agent]: Unable to install FSx agent installer using the wizard
What’s New in Superna Eyeglass Ransomware Defender AWS Edition Release 3.2.0
New in 3.2.0
FSx lockout
The FSx agent is a Windows service that runs on a Windows EC2 instance. The customer provides this instance and must be joined to the same Active Directory Domain as the FSx server.
Fixed in 3.2.0
RWDAWS-744 [Multi Account Support] : FSx - permissions to add in cloudformation template for fsx cross account lockout/restore functionality
FSx - permissions to add in cloudformation template for fsx cross account lockout/restore functionality.
Workaround:
- Delete the FSx-event-capture stack if already added
- Add missing permissions manually to EC2Role of the stack
- And then add the FSx filesystem to eyeglass
- FSx event detection/lockout/restore works as expected
New in Superna Eyeglass Ransomware Defender AWS Edition Release 3.1.1 (06/29/2023)
Fixed in 3.1.1
RWDAWS-386 [Webhooks] : RSW event - do not send Security guard events
SG events are sent to webhook endpoint if matches filter criteria.
RWDAWS-377 [Webhooks] : RSW event - remove MINOR option from event severity filter
For RSW events, severity can only be WARNING, MAJOR and CRITICAL.
There is no MINOR severity
RWDAWS-419 [Cyber Recovery Manager] : Ransomware event gets triggered when recovery job moves file to quarantine directory
Ransomware event gets triggered when recovery job moves file to quarantine directory
RWDAWS-416 [Cyber Recovery Manager] : Bucket versioning status is not shown correctly on UI
In AWS, when bucket version = disabled , on GUI its shows ERROR_GETTING_STATUS
RWDAWS-482 [Cyber Recovery Manager] Bucket versioning enabled - file objects are not restored to the most recent version
Bucket versioning enabled - file objects are not restored to the most recent version
RWDAWS-491 [Active Auditor] : Can not trigger CRTA policy events
CRTA policy events can not be triggered in eyeglass
RWDAWS-231 Security Guard Log Viewer - Copy to Clipboard doesn't work
Security Guard Log Viewer - Copy to Clipboard doesn't work
RWDAWS-434 Add Managed Device UI - when select 'show protected buckets only' option, no data is shown
When select “show protected buckets only“ on ‘Add Managed Device’ UI, it shows no data (even though protected buckets are added)
RWDAWS-236 UI hang issues plus unrelated error messages are shown randomly
Noticing that sometimes eyeglass UI hangs or takes time to load UI elements OR randomly triggers user logoff from GUI. In between also see some random error messages pop up window
RWDAWS-355 Able to trigger TD15 when bytes match percent tolerance is greater than default value
Able to trigger TD15 when bytes match percent tolerance is greater than default value
RWDAWS-417 [Cyber Recovery Manager] : Missing S3 permissions for CloudFormation template
Missing S3 permissions for CloudFormation template
What’s New in Superna Eyeglass Ransomware Defender AWS Edition Release 3.1.0 (05/03/2023)
Fixed in 3.1.0
RWDAWS-235 [Ignored List] : able to generate TD events from paths added to the ignored list
- UI element not shown properly
- path hint shows as “<Bucket>/Path/To/Object“. Close UI, re-open again, path shows as “/ifs/“.
- rsw event should not be generated for paths added to ignored paths list.
RWDAWS-233 Remove 'Create/Delete Snapshot' option from Actions menu for an active or archived event
For any active or archived TD events, still seeing option to create/delete snapshot.
RWDAWS-182 False alarm about eca node version doesn't match eyeglass version
Seeing informational alarm raised about “ECA node version does not match the Eyeglass version“
RWDAWS-98 Uploading files to s3 buckets triggers TD15
Observing that TD15 if just triggered by uploading files to AWS s3 bucket. For upload the event type is OBJECT_WRITE.
RWDAWS-240 [Monitor Only Settings] : events from path added to the monitor only settings should be in monitor mode
For a path added to Monitor Only Settings, TD events should be generated in monitor mode and warning severity. But currently able to get events as WARNING/MAJOR/CRITICAL.
RWDAWS-241 Cluster up may get stuck sometimes at Initializing hbase schema step
Eca cluster up may get stuck at Initializing hbase schema step.
RWDAWS-179 [Active Auditor]: Monitor only mode - generic TD's can be raised as a warning, major and critical
Monitor only mode - generic TD's can be raised as a warning, major and critical.
RWDAWS-239 Data Start and end times on easy audit reports are sometimes inaccurate
When running an audit report, the timestamps of the resulting dataset's first and last audit records are displayed on the UI.
Known Issues
RWDAWS-728 FSx - Audit events can not be read in Eyeglass if the share has space in the name
FSx - Audit events can not be read in Eyeglass if the share has space in the name.
Workaround: None.
RWDAWS-723 [FSx Agent]: lockout job is stuck when SupernaFSxService is not running
The lockout job is stuck in this case and keeps running. Unable to cancel this job.
The event will expire at a set time, but the lockout job will keep running.
Workaround:
Restart SCA service on eyeglass → systemctl restart sca
RWDAWS-749 [Active Auditor] : S3 - unable to trigger DLP events in eyeglass
S3 - unable to trigger DLP events in Eyeglass.
Workaround: None.
RWDAWS-672 [Stack Deployment] : unable to delete FSx event capture stack
Unable to delete FSx event capture stack.
Workaround:
Login to AWS console where fsx-event-capture stack is deployed
Open Amazon Kineses → Data streams and then delete the created data stream manually
Next, delete the superna-fsx-event-capture stack manually
RWDAWS-787 [Stack Deployment] : unable to delete rwdaws stack as the EC2Role fails to delete
When trying to delete the RWDAWS stack manually from the AWS console, the stack fails to delete because the EC2Role logical ID fails to delete.
RWDAWS-722 [Fsx Agent]: Unable to install FSx agent installer using the wizard
Unable to install FSx agent installer using the wizard