ACSIA Help Center

Release Note ACSIA SOS V.7.1.0

Rossella Petrucci
Rossella Petrucci
  • Updated

 

Dectar announces the new version 7.1.0 of ACSIA SOS. 

New Features in v7.1.0

  • Uninstall Devices: Users can now initiate the uninstallation process directly from the ACSIA UI or from the device itself.
    The uninstallation process will ensure:

    • Comprehensive Agent Removal: The agent is fully uninstalled, with all associated processes stopped, and detailed logs of the uninstallation activity are provided on the device.

    • System State Restoration: Ensures the machine reverts to its previous state by removing all changes made by plugins. This includes uninstalling third-party software and reverting configurations applied by them, such as services, log channels, and firewall rules.

    • Flexible Uninstall Options: If the UI-triggered uninstall fails, Security Analysts can directly uninstall from the device, with access to detailed logs for troubleshooting.

  • Device Counters: Users can now easily track the total number of devices installed from the ACSIA UI, offering precise tracking and management.
    The counters are available in the following sections:

    • Devices Page: The counters differentiate between various operating systems (Windows, Linux, MacOS) and include a total device counter for comprehensive tracking. The operating system counters give the user the chance to filter the list by clicking on to them.

    • Preferences Tab: A new device counter in the Preferences tab allows users to monitor the number of installed devices against the maximum limit allowed, providing a clear overview of usage.

  • Automatic Incident Remediation Tracking and Closure
    • Automatic Incident Closure: Incidents triggered by Sigma rules, where a remediation action is applied, are now automatically closed upon action application and tagged as autoremediated.

    • Auto-remediation Tracked: Incidents remediated automatically are now tagged as "autoremediated" and a colored star () will appear in the list for the automatic remediated incident, facilitating transparent monitoring of automated remediation processes.

  • Efficient Incident Management: Users can now select and perform actions on multiple incidents simultaneously, enhancing operational efficiency. This includes actions like BAN or ISOLATE.

  • Enriched Device Informations: Users now have the possibility to view relevant device information seamlessly integrated into the device info page; including OS, hardware model, RAM, Network ports and Interfaces, installed Packages and active Processes. This feature enables users to effectively manage and oversee their assets without the need for navigating to additional tabs.

  • Enhanced List Interface Design: Enhanced user experience with a modern, consistent, and intuitive layout for lists including Devices, Incidents, Audit Logs, Rules, and Network Policies, improving readability, usability, and overall efficiency. Now to access the detail page of the item is possible to click on the “pencil” icon button ; this gives the user the chance to select and copy any value on the list. Other quick actions are available in the context menu behind the “three-dot” icon button .

  • Incident list bulk actions: Enabled the bulk actions in the Incident list. With this feature the user can select and operate the same action onto a selection of incidents at once. The available actions are in the menu behind the “Actions” dropdown button

Fixes in v7.1.0

  • Event Log Saturation Fix: Resolved issue causing event log saturation.

  • Antivirus Plugin Error Fix in Agent Log: Addressed error in the antivirus plugin that was causing issues in the agent log.

  • Fix for Missing "informational" Label in Sigma Rule: Fixed issue where the "informational" label for sigma rules was not appearing in the UI.