ZeroLock® Management Console v3.x Build Notes

SERVER-720

New Agent Package Upload through ZMC.

New ZeroLock Agent versions may now be uploaded through the ZMC, removing the requirement to manually add the package to the server/zerolock-server/database/asset directory for import access.

SERVER-735

Tenant Agent Uploads

The current installations and agentFiles tables are not tenanted. While installations have a tenantId column, it’s always zero.  To support the SaaS solution, this process must now use a tenantId.

• The agentFiles table has been modified to use a tenantId column.
• An agentFiles model is created.
• The installations table will use the tenantId column.
• The new agent upload functionality uploads for the user’s tenant.
• The current file watch process in agents.loadAssets() must load for all tenants when a filesystem change is processed.

Deep Ordered Ruleset Duplication

This feature adds the ability to duplicate all rules in an ordered ruleset and duplicate the rules and rulesets it contains.

Agent Alert Only Mode

On the ACTIONS dropdown for the endpoints page, the options for ENABLE ALERT ONLY mode and DISABLE ALERT ONLY  mode are now available. These buttons only work with Agent version 3.5.10 and newer.

When activating Alert Only mode, the user must select a timeout. The default is 24 hours from the current time. Upon reaching the timeout, the agent will automatically revert to its normal mode of operation.

The Deploy table now uses the tenantId column.

• A tenantID column has been added to the Deploy table.
• The install-zerolock process uses the tenantId of the 'deploy token' to find the correct agent.

SERVER-693

Enhanced Activity logging details: When deleting a group from ZMC, both the group ID and name will appear in the activity log. 

SERVER-697

UX Server logging enhancements have been added.

SERVER-708

SERVER-722

Local SSH-MFA SSH-MFA resolution will be performed at the agent level, allowing SSH-MFA to no longer require the connection to the ZMC to provide authentication. This will reduce the risk of ZMC communication issues and the user being unable to SSH to a protected endpoint. 

SERVER-680

Removed the Agent Container installer from the ZMC agent deployment options. 

SERVER-680

Removed the Agent Container installer from the ZMC agent deployment options. 

SERVER-685

Monitoring of SLPD (Service Level Protocol Daemon) added to prevent exploitation of service vulnerabilities.  

SERVER-687

Support Basic HTTP Auth

The Syslog settings were changed to HTTP TRANSPORT as this is a more accurate description of the capability.

Also supported is basic HTTP authorization with a username/password combo.

SERVER-676

Allow and Block buttons on an alert process block now provide a confirmation dialog.

Clicking Allow or Block to create a hash rule provides a confirmation dialog, allowing the user to confirm the action and which Policies it should be applied to. 

SERVER-677

Creating an Allow and a Block rule for the same hash is not allowed. 

SERVER-679

Importing a new ruleset no longer resets all "ValiCyber" rules back to the defaults.

Users using the “modify Policy rule” dialog to modify properties on the ValiCyber lockdown rules no longer lose these modifications when a newer version of the lockdown rules is imported. 

SERVER-670

Enable Fully Automated Install with Lifecycle Manager.

SERVER-675

Use of the latest ZeroLock Agent v3.1.15 is enabled.

SERVER-630

Resolved issue: when creating a Hash rule from the process tree and the process name was too long. 

SERVER-661

Scrollbars added to Server Dashboard screen when the resolution doesn't fit the full page.

SERVER-664

"ZeroLock for Linux" is now called "ZeroLock".

SERVER-665

Activity Log Enhancement

• MFA Token Check message now includes the Source IP Address.
• SSH Session requested message now includes the Source IP Address.
• Alert ID has been added to the message. This will allow the user to tie the Activity log to the Alerts page.
• Alert Response information to the activity log.
• All messages now include the activity time stamp of when it happened.

SERVER-647

Additional Endpoint Activity Log information

In response to customer request, the following information is to be added to the endpoint Activity messages that are being sent to the SIEM.

• All events now contain the Hostname.
• The Alert Type is now displayed.
• On Lockdown rule alerts the Rule Name is now included.  

SERVER-648 

SSH-MFA - Added the ZeroLock MFA user logging into the system. 

SERVER-627

Update ESXi Default Config command LineRegex Field

This enhancement enables monitoring of the local ESXi shell. 

SERVER-641

Add updated rules v1.4.13 and agent v3.1.13. 

SERVER-634

Syslog - Add field for port number and change name from Activity to Syslog. 

SERVER-609

Remove "REBOOT" and "TERMINATE" Endpoint Actions

The REBOOT ENDPOINT and TERMINATE ENDPOINT options should be removed from the actions dropdown list.

SERVER-525

Syslog Capability for Activity Logs

On the System Settings screen, an Activity Log box has been added enabling a user to set up the required information to connect with a syslog server.