03/10/22 Release

Zercurity
3 min readOct 4, 2022

Following on from our last release of Zercurity. Which added support for Steampipe — providing query support to cloud environments and SaaS applications. We’ve improved the overall performance and upgraded the embedded Steampipe plugins in this release. We’ve also added the following new features.

New data exporter

For larger datasets Zercurity now provides a data exporter wizard that’ll download all your records as either: CSV, JSON and XML. You can also choose to have the data formatted or unformatted.

Downloading a large data set of 2MM rows with the new Exporter

IAM Manager

We’ve improved the IAM Policy creation tool to better manage multiple statements and inline policies. A permissions breakdown per user has also been added to help better visualise the permissions bound to a user when multiple policies and statements are attached. The limit for cascading policy statements has also now been increased to 10.

Investigations (Preview)

We’ve made lots of improvements to the way Investigations now work. Including many new external enrichment services seen within the platform already including persona data. Investigations can also now be kicked off through quick actions throughout the UI. Which will now automatically pre-seed investigations.

Zercurity investigations workbench

Osquery carves (File retrieval)

We’ve introduced a helpful UI modal to automatically build the SQL statements required to fetch (carve) files back from remote systems.

The results view also now lets you see system carves. Files that have been requested by the Zercurity platform for analysis or to better improve user attribution.

Fetching files with Osquery carves

Branding

You can now customise Zercurity with your own logo and company identity. Custom CSS and styling can also be applied to make changes to the frontend interface.

Thanks for reading and lastly here is our summarised change log for our latest release (v20220919):

  • Added Windows defender smart screen warning to the enrolled screen.
  • Added A new wizard to create Osquery carves, rather than having to run a query.
  • Added A changes view to issues. To see changes mapped across multiple tracked issues.
  • Added Investigations now has better support for DNS and SSL results.
  • Added A permissions view for a given user.
  • Added A new export data wizard for CSV, JSON and XML.
  • Added support for custom branding.
  • Added Extended Security Maintenance (ESM) for Ubuntu repositories to package scanner.
  • Updated vulnerability support for RHEL distributions.
  • Updated Improved the policy editor for IAM rules.
  • Updated The IAM builder now supports multiple statements.
  • Updated Search now only queries the local system. A switch has been added to search external data.
  • Updated Issue changes are now sent be email by default.
  • Updated Weekly reports are now no longer sent if there are no active assets.
  • Updated dashboards to show critical events, rather than them being grouped together as high priority.
  • Fixed an issue where tickets would be re-opened for archived assets
  • Fixed an issue with the RHEL installer on older init.d based systems not removing a symlink post rm.

--

--