New Features in v6.x.x
New User Interface: We redesigned the interface for a better user experience.
This look is modern, with a new dashboard and a design that reduces customer interactions, allowing a faster incident response.
New Host Insight: Host Insight is a new feature that gives you a quick overview of the security posture of managed clients by assessing them using compliance and security checks.
BitDefender Integration: Bitdefender prevents and detects malware infections. This new feature allows ACSIA to deploy Bitdefender on hosts automatically and orchestrate detection.
Customers using BitDefender can integrate it into ACSIA XDR Plus. It requires the product to be uninstalled, then reinstalled before activating the antivirus again.
- Systemd: We introduced this service to enable ACSIA to restart after a reboot automatically.
- Activation Code: We introduced during the first login a banner where you can insert the License Code and finalize the access.
Role-based access control: We introduced an improved role-based access control in the UI. Users that are not enabled as administrators will have limited access to many functions and mostly access in read-only mode.
- Live Notification information: In the Live Notification page we added two extra information on an incident, when an event is expanded you will be able to see the tool and the web resource key.
- Enabled table sorting for all tables in the UI: user can sort data by clicking on column header.
All table filters have been refactored:
- added button “Clear Filters” to quickly reset all filters;
- improved filter behavior when clearing an input field;
- in Live Notifications enabled multi-selection for severity and type of event; user can filter data by multiple values (i.e. “High” and “Critical” severities at the same time).
- All Policies tabs search field reworked and improved to a full text search
- For each table, page size (number of elements shown for each page) is now automatically stored in user preferences.
- In Color Preference, in addition to “light” and “dark” themes, users can choose for ACSIA to follow and respond to system theme changes.
- In User Profile added toggle “Experimental mode”: user can enable a preview for experimental UI features.
- When “Experimental Mode” is active, the user can pick their favorite accent color for the UI.
Bitdefender can now be installed even on already deployed hosts.
in "audit logs", under "Action type", we can see if an agent is “stopped/started”, “activated/deactivated”.
- in "Settings/User Settings" now the switch "Experimental mode" enables single switches for each feature "in preview" that is available. So we have developed a global toggle to access new features but you can also turn on and off different ones. It's also saved in User preferences.
- we've Integrate Zimbra mail bruteforce detection
Sysmon: Updated to the new version that blocks portable executables files (PE) from being written on the disk. This feature's disabled by default and must be enabled by the users under the settings page:
Host Isolation IPv6 support
Enhanced DNS SEC functionalities to encrypt DNS queries on hosts
- Enhanced the password reset process stability
- Introduced a banner that manages confirmation for user actions (i.e before Logout)
- Profile page shows machine name on top
- The email template for MFA has been revamped
- Improved MFA. Now an alphanumeric code alternative to the QR CODE is provided in the UI when the 2FA is enabled
- Gravity Zone items are now visible in the live notification drop menù
- Enabled a tooltip with the password rules
- Passwords can be hidden or shown in the UI
- In Dashboards Insights data fetching has been hugely enhanced: on average, loading time changed from 13 seconds to 3.
- In Dashboards, enhanced time range selector.
- the overview page loading time has been reduced.
- we have reduced the loading time when the user opens the app for the first time.
- we have introduced a new time range selector, which is the first of many UI updates that are coming
In experimental mode, we can now create groups and add hosts to them. This opens to new functionalities coming very soon
The general font size of all tables is now 2 points bigger. Also the colors of text and background have more contrast
A new alert message component has been developed. The new component brings a more consistent way to manage error messages and more flexibility about style and persistent duration
- the "settings page" now has two different tabs: "System settings" and "User Settings". In "user settings" we can manage the "Experimental mode" with its related features and the "interface preferences". On "System settings" we can manage the settings related to the system
- We have improved the icons on the sidebar
Fixes on v6.3.10:
- Fixed ACR 402: fixed a Typo when receiving the test email after configuring the SMTP
- Fixed ACR 407: improved new installation of Bitdefender on machines where it was already installed
- Fixed ACR 408: improved Zimbra's log parsing
- Fixed ACR 411: improved Bitdefender endpoints management
Fixes on v6.3.9:
- Fixed ACR 389: improved Bitdefender logs positioning to improve the Support Team work in retrieving them
- Fixed ACR 390: resolved an issue connected to the old UI, which now updates the logos correctly
Fixes on v6.3.8:
- Fixed ACR 385: improved ACSIA installation for macOS machines
Fixes on v6.3.7:
- Fixed ACR 380: improved connection between the agent and Bitdefender
- Fixed ACR 379: improved network logs retention
- Fixed ACR 382: if an IP related to a botnet attack is unbanned, it cannot be banned again if there's a new brute force attack
- Fixed ACR 383: resolved an issue between ACSIA and MARIADB
Fixes on v6.3.6:
- Fixed ACR 374: when two hosts with the same IP are already deployed with different names, now they both appear in the UI
- Fixed ACR 373: more fine-grained controls over Bitdefender's integration profiles, giving users the possibility to manage antivirus checks in a lean way
Fixes on v6.3.5:
- Fixed ACR 371:improved communication strategy between ACSIA and Bitdefender
Fixes on v6.3.4:
- Fixed ACR 365: on Windows machines, when there are different IPs in ACSIA and Gravity Zone, now when retrieving the status of the agent we don't get an error anymore
- Fixed ACR 367: the email signature is now customizable on full white-label ACSIA licenses
Fixes on v6.3.3
- Fixed ACR 350: we're no more checking if you are o Ubuntu Desktop or Server, when installing ACSIA
- Fixed ACR 355: on Mac, now the "devices" page is no more empty
- Fixed ACR 359: when adding IP in Policies, now the page doesn't refresh
- Fixed ACR 360: when we remove a user in Access Location, the modal is now related to the Delete action
- Fixed ACR 361: When we Lock a user on the modal, now the modal closes itself. If we reopen it, it's empty as we'd expect
Fixes on v6.3.2
- Fixed ACR 342: fixed the bad behavior we had on 2FA after fixing ACR 337
- Fixed ACR 343: "Make This User/Location Unauthorized" button from Slack or email notification now works correctly
Fixes on v6.3.1
- Fixed ACR 337: 2FA now works correctly while logging in
Fixes on v6.3.0
- Fixed ACR 172: In HostExpandableRow, now logs are returned as a list instead of values in the same row
- Fixed ACR 205: SLACK & EMAIL notification's actions links now work correctly
- Fixed ACR 197: in the emails, now the logo mentions "ACSIA Xdr Plus"
- Fixed ACR 206: Live Notification sorting now works properly
- Fixed ACR 241: show/hide password now works properly
- Fixed ACR 256: grouping option is visible in the device list when selecting multiple hosts only in Experimental Mode
- Fixex ACR 224: Toolitip of bulk actions does not hide after modal opens
- Fixed ACR 258: when a portable executable is blocked by sysmon, now the correct label is shown in the Top 10 Attacks by Category
- Fixed ACR 305: saving an existing log path without changes now works properly
- Fixed ACR 318: Loader in Trend cards in Overview
- Fixed ACR 325: Falco now starts correctly on Ubuntu 22.04
- Fixed ACR 271: in Live Notification, when filtering by Category, we have removed the "Access Human too many attempts" label
- Fixed ACR 314: now when an external link is clicked, the buttons remain clickable
- Fixed ACR 330: when an event is opened while another one was occurring, now Live Notification displays the occurring one, as expected
- Fixed ACR 334: now, when refreshing the "Device" page, the software returns the correct behavior
Fixes on v6.2.4
- Fixed ACR 171: in "Add or Edit an IP" the comments are no more laggy
- Fixed ACR 181: “HostInsight” and Bitdefender log rolling are now whitelisted and don't emit 2 entries in “live notification” with high severity anymore
- Fixed ACR 180: when 2FA is disabled and a wrong code is typed, now an error message arises
- Fixed ACR 236: when a new “host alias” is created now no error is raised
- Fixed ACR 182: in "Insights", "time " and "IP adress based" are now selectable
- Fixed ACR 184: when groups are created, now the agents added are immediately visible
- Fixed ACR 185: when we try to add an agent to a group where it actually is, now an error message arises
- Fixed ACR 187: the "edit page" on "groups" now works properly when we try to add or remove agents in it
- Fixed ACR 177: when we release a host that is not quarantined, now an error message arises
- Fixed ACR 178: IP can now be filtered using the "/" symbol
- Fixed ACR 231: the tooltip has been restored as it was in the previous version of the device table view
- Fixed ACR 303: in "modules", now the state is correctly displayed when switched
- Fixed ACR 304: when deleting a log, now the popup shows the label on the button
- Fixed ACR 306: now a muted notification can be muted only once
- Fixed ACR 312: "Windows group manipulation" is now written correctly
Fixes on v6.2.3
- Fixed: on modal close, now the IP blacklist can reset itself
- Fixed: Query/Profile results are not stuck anymore in waiting for windows hosts
- Fixed: on the "remove host" button, now we just find one label
- Fixed: "Filter by attacker IP" now works even on Safari
- Fixed: an issue with logging has been fixed thanks to the new agent release
Fixes on v6.2.2
- Fixed: when banning an IP we're not returned "Unauthorized" anymore. Now, all private IPs can be properly banned if "private IP" is set on
- Fixed: labels for Private IP now:
- show Private IP Events
- Visualize all the events generated by private IPs in the live notification
- Fixed: in Live Notification, when we filter by "category" now the filter matches the category column in the table
- Fixed: the “Kill connection” is changed in “Temporary Ban”. We also managed 3 more labels for further developments: "Temporary banned", "Temporary unbanned", and "Unban"
Fixes on v6.2.1
- Fixed: host results now returns reports
- Fixed: when redirected from Overview to Live Notifications, we now have an automatic filter on the severity tabs
- Fixed: Graphs are now centered and labels are not cut
- Fixed: removed scrolling bar where not needed to scroll
- Fixed: Fixed color theme preserved and persistent on the login page
- Fixed: third-party integration management in Settings has been fixed
- Fixed: OS references from NO queries title and description have been removed
Fixes on v6.2.0
- Fixed: agent file on download is no more an empty file
Fixes on v6.1.5
- Fixed: run queries on demand. Queries now are run on demand, instead of every 6 hours
- Fixed: at the first installation of ACSIA, the default user is an administrator
- Fixed: in the section "Live Notification" the double filters with the same name have been modified
Fixes on v6.1.4
- Fixed: Falco repository GPG key rotation, for improving the security of the Falco package
Fixes on v6.1.3
- Fixed: Two-factor authentication QR code not showing
Fixes on v6.1.1
- Fixed: Reset Password process
Fixes on v6.1.0
- Fixed: Host isolation status change
- Fixed: Host Visibility checks overrode on default data applied
- Fixed: Profile Queries did not change the status
- Fixed: A test Email is sent when configuring the email address in Settings
- Fixed: Email configuration no Authentication
- Fixed: Hides Disabled Host Visibility Profile Queries
- Fixed: Hosts agent download menu was not clickable
- Fixed: Hosts table was empty after releasing every quarantined host
Fixes on v6.0.2
- Fixed: Adjusted the wrong URLs on immediate actions and IoCs Blocked List.
- Fixed: Blocked the live notification refresh when an event is expanded.
- Fixed: Clicking on Track, this command wasn't showing the popup with the result.
- Fixed: When adding a new host, this was not automatically showing in the host list.
- Fixed: Host Insight queries were not showing any results.
- Fixed: When unmuting a notification, the green banner was permanently visible.
- Fixed: Removed the wrong host column on the profile page.
- Fixed: Removed the red banner showing after logging in with MFA.
- Fixed: Under Settings in the license tab, the license was not shown.
- Fixed: Modified the columns in the IP Banned list to make them more readable.
Fixes on v6.0.1
- Fixed: Removed infinite loading on empty tables.
- Fixed: Removed 2FA popup showing after a successful login.
- Fixed: Live notification page was not loading immediately after login.
Fixes on v6.0.0
- Fixed: Skip agent requests analysis.
- Fixed: Whitelabel page for non-existing web paths (now redirected to index).
- Fixed: Missing analysis of ACSIA server weblog.
- Fixed: Swagger-UI mismatch with real responses.
- Removed: Agentless capabilities.
How to prepare for a new installation?
The guidelines for a fresh installation are explained in our ACSIA XDR Plus Installation and User Administration Guide - v6.0.0 here.
How to upgrade from version 5.x.x to V6.x.x?
To upgrade from version 5. x.x, customers MUST execute the script pre_update.sh before executing the acsia_update command.
First, log in as an acsia user:
sudo su - acsia
Then, create the inside the acsia server the file pre_update.
As follows, make sure the script is executable and launch it using the commands:
chmod +x pre_update.sh
To complete the upgrade from version 5.x.x, the user acsia must now execute the command:
How to upgrade from version 6.x.x to V6.x.x?
To upgrade from version 6. x.x to version 6.x.x, follow the procedure below:
First, log in as an acsia user:
sudo su - acsia
Then, execute the command: