Proofpoint | ObserveIT On-Premises Insider Threat Management

Proofpoint | ObserveIT On-Premises Release Notes version 7.13.2

Version 7.13.2

This document provides information about new features, issues that were discovered and fixed since the previous release, and any limitations of the release. It is important that you read this document before you install and configure this version.

For information about how to install and upgrade, see:

This version includes security fixes.

New Features and Enhancements

Enhanced Email Notification for Saved Session

From this release, the email sent when a recorded session is saved and ready for download, has been enhanced to provide additional information that will improve your ability to understand what was saved, by whom and when.

Previously when a session was saved, an email was sent with only the link to the downloaded session and no other information.

The new email format includes:

  • Subject with the text: Saved session is ready for download.

  • Body with the text and relevant information:

    The following session that was saved from within Proofpoint On-Premise Insider Threat Management web console is ready for download:

    • Session Name: <name>

    • Saved Date: <date>

    • Session Date: <date>

    • User Name: <login by>

    • Endpoint Name: <endpoint name>

  • Link to download the session in a .ZIP format

Allow specifying different path for Saved Sessions on the server side

You can configure the destination you want when Windows saved sessions are generated and ready for download. Previously the generated .ZIP files were saved to a fixed folder within the Web Management Console. Now you can select to store the files where you want, such as a separate and dedicated external storage location.

To configure the location, navigate to ConfigurationStorage ManagementSaved Sessions. From the Settings tab, enter the location you want in the Storage Folder area.

If your folder location was previously customized by your Proofpoint representative, you will now need to configure the location again. This new version will overwrite any previously customized locations.

See: Saving Sessions to a Storage Folder

Export up to 100 Alerts to PDF

You can now export a maximum of 100 alerts from the Alerts list to a PDF file. Previously the limit was set at 20 alerts.

See Exporting Alerts to a PDF File

Support for Dynamic Proxy (Windows)

This version supports Dynamic Proxy for Windows Agents allowing agent-server communication to go through different proxies dynamically based on PAC file rules.

Prerequisites:

  • Dynamic Proxy requires that Proxy Auto-Configuration (PAC) resides on an accessible Web server.

  • This feature is based on proxy settings defined at the Operating System level. The Operating System must be configured to use dynamic proxy for applications running under the System account (not user account). In order to set it (together with PAC file location) or to find out if it’s already set you can run the following commands as Administrator in CMD or Powershell:

    To set it:

    • bitsadmin /util /setieproxy localsystem AUTOSCRIPT http://test.com/proxy.pac

    To find out if it’s already set:

    • bitsadmin /util /getieproxy localsystem

    From Winagent64bit, configure the settings with ProxyType set to 2

    ProxyType=2 Dynamic proxy

    Use the following command line argumets for Proxy Server Installation during installation;

    • ProxyType=0 No proxy (default)
    • ProxyType=1 Static proxy
    • ProxyType=2 Dynamic proxy

The following apply only to static proxy

  • ProxyServerHostname="<URL/IP>" 
  • ProxyServerPort="<Proxy Port>"
  • ProxyDomain="<Domain Login>"

The Updater does not support communicating with the server side via Dynamic Proxy.

 

Resolved Issues

[Issue 685, 641]: Paste from right-click menu on Japanese Windows is now correctly detected.

[Issue 684]: In-memory features removed to resolve related stability issues.

[Issue 671]: MIP Label extraction has been improved to support cases where Agent failed to detect.

[Issue 669}: Performance issue for Mac Agents in offline mode have been resolved.

[Issue 645]: Endpoint Diary hyperlink in the ConfigurationEndpoints list has been fixed to direct user to the correct page.

[Issue 621]: The length of Alert comments is now limited to 256 characters. If this limit is exceeded, a error message is displayed. This displayed text is no longer corrupt.

[Issue 697, 508]: High CPU issue on Linux endpoints was resolved by removing "httpd" from the potential list of processes to be monitored.

[Issue 689]: Failure during Database upgrade to 7.13.1 in specific cases was resolved.

[Issue 665]: User with the role of Alert Analyst can now view and edit lists.

[Issue 664]: Endpoint Upgrade Status screen has been changed:

  • enabling all rows (lines) to be selected
  • allowing printing and exporting to Excel for all selected rows
  • prompting user when clicking Select All to either select all rows on all pages or all rows on the current page

User with role Settings Admin/Config Admin now have access to this page.

[Issue 202]: Agent registration issue based on Json token was resolved.

Supported Versions

SQL Server 2012 is no longer supported.

32 bit is not supported from version 7.13.0 for Agent and Updater.

In-App Elements are no longer supported. In-App element options still appear in some places in the UI, they will be removed in 2022.

For server side components such as the Application Server and Web Console, the following software development frameworks are supported for this version:

  • Node.js 14.18.1

  • .Net 6.0.6 (previously Net Core)

From version 7.13.1, the following are no longer supported

Centos5

Centos6-Power

Ubuntu 12

Debian 6 32 bit

Debian 7 32 bit

Suse 11

Oracle Linux 4

Oracle Linux 5

Version 7.13.0 and up can be deployed only on SQL Servers that support partitions

You can upgrade to 7.13 (or later) only if your original deployment was installed as partitioned. If your system was installed not as partitioned, a migration will need to be performed. Contact Support to get help with it.

To see whether your current SQL Server deployment supports partitions. use the following commands:
use observeit
go
/*

You want to see the following partition schema:
PS_Day
PS_Day_DayTime
*/ select * from sys.partition_schemes
go

version 7.13.2