Skip to main content

Release 24.8

User Segmentation Updates

We are excited to introduce the following updates to User Segmentation, designed to streamline your journey on Xshield and improve operational efficiency:

User Groups Visualization

  • What to Expect:

    • View user groups in their own bubble on the Xshield Visualizer, distinct from other assets.
    • Displays all associated user groups linked to an endpoint, enhancing clarity.

  • Benefit:

    • Provides a distinct visual representation, enabling organizations to easily view and validate user group flows and policies prior to enforcement.

Addition of User & Groups Filter on Ports Page

  • What to Expect:

    • New User & Groups Filter on the Ports Page.
    • Enables administrators to filter and view ports associated with specific users or user groups.
    • Displays all endpoints connected to the selected entity, along with associated ports.

  • Benefit:

    • Streamlines identification of relevant connections and improves administrative efficiency.

Endpoint Count in User Groups Page

  • What to Expect:

    • Addition of an Endpoint Count column in the User Group page.
    • Users can click on the endpoint count to be redirected to the Assets Page, filtered by the selected group.
    • Endpoint Count column can be sorted; inactive user groups will display as 0.

  • Benefit:

    • Provides a quick overview of endpoint associations.
    • Ensures clear status indications for inactive groups.

CSV Download for Users & User Groups

  • What to Expect:

    • Download CSV feature available on Users & Groups pages.
    • Enables users to initiate a data download with a single click.
    • Downloads complete information for all groups, including user counts and endpoint details.

  • Benefit:

    • Facilitates better data sharing and management.

Rule Preview for Endpoint Assets

  • What to Expect:

    • Rule Preview functionality introduced for Endpoint Assets.
    • Users can visualize the impact of templates being added to endpoint assets.
    • Options: Choose between Endpoint Policies and User Policies.
    • Dropdown displays policies relevant to the specific user.

  • Benefit:

    • Greater transparency in endpoint management.
    • Allows users to preview rules before applying changes.

Platform Updates

Opt-in Feature for Path Limitation per Asset

  • What to Expect:

    • A configurable limit on the number of paths stored per asset (default 10,000).
    • When the threshold is exceeded, older non-firewall and unmanaged paths that haven’t been manually reviewed will be discarded.

  • Benefit:

    • Improves processing speed and system responsiveness.

Agent Updates

Firewall Rules Tampering Detection for Windows

  • What to Expect:

    • Detects unauthorized firewall rule modifications.
    • Identifies processes responsible for detected tampering.

  • Benefits:

    • Increased Security: Detects unauthorized changes.
    • Faster Recovery: Identifies the tampering process for quick resolution.

Support for Retrieving Cloud Tags from Google Cloud Platform (GCP)

  • What to Expect:

    • Retrieves cloud tags from Google Cloud Platform (GCP).
    • Tags are read at agent startup and periodically updated.
    • Collected Tags: Asset Name, Availability Zone, Host, Instance ID.

  • Benefits:

    • Enhanced Resource Management: Facilitates better organization of cloud resources.
    • Improved Data Accuracy: Ensures up-to-date tag information.

Enhanced Support for Tagging During Agent Installation

  • What to Expect:

    • Enables instant tagging during agent installation via command line.
    • Features:
      • Instant Tagging: Apply core & custom tags instantly.
      • Automatic Registration: Workloads are auto-registered in Xshield.
      • Visualization of Workloads: Easily monitor workloads & traffic.

  • Benefits:

    • Enhanced Security Integration: Applies policies immediately upon provisioning.
    • Operational Efficiency: Streamlines tagging process.
    • Reduced Business Disruption: Prevents delays in policy assignment.

Resolved Issues

Issue with Excluding Asset Names in Advanced Filter

  • Problem Statement: Users couldn’t exclude specific asset names in Advanced Filter.
  • Resolution: Functionality updated to allow negation of asset names.

SIEM Connector File Processing Limitation with AWS S3

  • Problem Statement: SIEM connector stopped processing files after the first 1,000.
  • Resolution: Increased pagination limit for unrestricted file processing.

Windows Event Log Collection Issue

  • Problem Statement: Agent incorrectly captured Windows event logs for dropped outbound traffic.
  • Resolution: Fixed firewall rule ID handling to prevent irrelevant logs.

Inconsistent Port Visibility on Assets

  • Problem Statement: Some active ports were not appearing in assets.
  • Resolution: Increased port collection frequency for improved detection.

Known Issues

Agent on Linux Server Showing Offline

  • Problem Statement: Agent file was updated with zero content due to simultaneous thread writes.
  • Current Workaround:
    1. Stop ct-agent.
    2. Delete agent-details.yml.
    3. Re-register and restart the agent.

Missing IPs in an Attached Name Network

  • Problem Statement: Discrepancy between filtered and non-filtered Named Network search results.
  • Current Workaround: Remove all filters before selecting an asset.

Removed Tag-Based Templates Not Updating in Assets

  • Problem Statement: Templates persisted at asset level after TBP removal.
  • Current Workaround: Delete templates first before removing a TBP.