Software Releases Publication

Current Release - Release Notes Ransomware Defender AWS

Home

Release Date	Version
09/09/2023	3.2.0

What’s New in Superna Eyeglass Ransomware Defender AWS Edition Release 3.2.0

New in 3.2.0

FSx lockout

The FSx agent is a Windows service that runs on a Windows EC2 instance. The customer provides this instance and must be joined to the same Active Directory Domain as the FSx server.

Fixed in 3.2.0

RWDAWS-744 [Multi Account Support] : FSx - permissions to add in cloudformation template for fsx cross account lockout/restore functionality

FSx - permissions to add in cloudformation template for fsx cross account lockout/restore functionality.

Workaround:

Delete the FSx-event-capture stack if already added
Add missing permissions manually to EC2Role of the stack
And then add the FSx filesystem to eyeglass
FSx event detection/lockout/restore works as expected

New in Superna Eyeglass Ransomware Defender AWS Edition Release 3.1.1 (06/29/2023)

Fixed in 3.1.1

RWDAWS-386 [Webhooks] : RSW event - do not send Security guard events

SG events are sent to webhook endpoint if matches filter criteria.

RWDAWS-377 [Webhooks] : RSW event - remove MINOR option from event severity filter

For RSW events, severity can only be WARNING, MAJOR and CRITICAL.
There is no MINOR severity

RWDAWS-419 [Cyber Recovery Manager] : Ransomware event gets triggered when recovery job moves file to quarantine directory

Ransomware event gets triggered when recovery job moves file to quarantine directory

RWDAWS-416 [Cyber Recovery Manager] : Bucket versioning status is not shown correctly on UI

In AWS, when bucket version = disabled , on GUI its shows ERROR_GETTING_STATUS

RWDAWS-482 [Cyber Recovery Manager] Bucket versioning enabled - file objects are not restored to the most recent version

Bucket versioning enabled - file objects are not restored to the most recent version

RWDAWS-491 [Active Auditor] : Can not trigger CRTA policy events

CRTA policy events can not be triggered in eyeglass

RWDAWS-231 Security Guard Log Viewer - Copy to Clipboard doesn't work

Security Guard Log Viewer - Copy to Clipboard doesn't work

RWDAWS-434 Add Managed Device UI - when select 'show protected buckets only' option, no data is shown

When select “show protected buckets only“ on ‘Add Managed Device’ UI, it shows no data (even though protected buckets are added)

RWDAWS-236 UI hang issues plus unrelated error messages are shown randomly

Noticing that sometimes eyeglass UI hangs or takes time to load UI elements OR randomly triggers user logoff from GUI. In between also see some random error messages pop up window

RWDAWS-355 Able to trigger TD15 when bytes match percent tolerance is greater than default value

Able to trigger TD15 when bytes match percent tolerance is greater than default value

RWDAWS-417 [Cyber Recovery Manager] : Missing S3 permissions for CloudFormation template

Missing S3 permissions for CloudFormation template

What’s New in Superna Eyeglass Ransomware Defender AWS Edition Release 3.1.0 (05/03/2023)

Fixed in 3.1.0

RWDAWS-235 [Ignored List] : able to generate TD events from paths added to the ignored list

UI element not shown properly
path hint shows as “<Bucket>/Path/To/Object“. Close UI, re-open again, path shows as “/ifs/“.
rsw event should not be generated for paths added to ignored paths list.

RWDAWS-233 Remove 'Create/Delete Snapshot' option from Actions menu for an active or archived event

For any active or archived TD events, still seeing option to create/delete snapshot.

RWDAWS-182 False alarm about eca node version doesn't match eyeglass version

Seeing informational alarm raised about “ECA node version does not match the Eyeglass version“

RWDAWS-98 Uploading files to s3 buckets triggers TD15

Observing that TD15 if just triggered by uploading files to AWS s3 bucket. For upload the event type is OBJECT_WRITE.

RWDAWS-240 [Monitor Only Settings] : events from path added to the monitor only settings should be in monitor mode

For a path added to Monitor Only Settings, TD events should be generated in monitor mode and warning severity. But currently able to get events as WARNING/MAJOR/CRITICAL.

RWDAWS-241 Cluster up may get stuck sometimes at Initializing hbase schema step

Eca cluster up may get stuck at Initializing hbase schema step.

RWDAWS-179 [Active Auditor]: Monitor only mode - generic TD's can be raised as a warning, major and critical

Monitor only mode - generic TD's can be raised as a warning, major and critical.

RWDAWS-239 Data Start and end times on easy audit reports are sometimes inaccurate

When running an audit report, the timestamps of the resulting dataset's first and last audit records are displayed on the UI.

Known Issues

RWDAWS-728 FSx - Audit events can not be read in Eyeglass if the share has space in the name

FSx - Audit events can not be read in Eyeglass if the share has space in the name.

Workaround: None.

RWDAWS-723 [FSx Agent]: lockout job is stuck when SupernaFSxService is not running

The lockout job is stuck in this case and keeps running. Unable to cancel this job.
The event will expire at a set time, but the lockout job will keep running.

Workaround:

Restart SCA service on eyeglass → systemctl restart sca

RWDAWS-749 [Active Auditor] : S3 - unable to trigger DLP events in eyeglass

S3 - unable to trigger DLP events in Eyeglass.

Workaround: None.

RWDAWS-672 [Stack Deployment] : unable to delete FSx event capture stack

Unable to delete FSx event capture stack.

Workaround:

Login to AWS console where fsx-event-capture stack is deployed
Open Amazon Kineses → Data streams and then delete the created data stream manually
Next, delete the superna-fsx-event-capture stack manually

RWDAWS-787 [Stack Deployment] : unable to delete rwdaws stack as the EC2Role fails to delete

When trying to delete the RWDAWS stack manually from the AWS console, the stack fails to delete because the EC2Role logical ID fails to delete.

RWDAWS-722 [Fsx Agent]: Unable to install FSx agent installer using the wizard

Unable to install FSx agent installer using the wizard