20.2 Version Highlights
Cybereason version 20.2 introduces new features, including improvements to sensor management, sensor policy setting improvements, and many more.
In this topic:
Version highlights
Cybereason version 20.2 introduces new features, including improvements to sensor management, sensor policy setting improvements, and many more.
Sensor Dashboard
We have added a new Sensor Dashboard as part of the System screen.
In this dashboard, you can get a graphical representation of your sensor status, including sensor status, sensors by OS type, sensor versions, and trends on sensor status.
SHA-256 file hash support
The Cybereason platform now supports the collection of SHA-256 file hash values by the sensor, and the detection of malicious activity based on SHA-256 file hash values.
You can see details on the SHA-256 file hash values as part of the Element Details for a file:
You can also search for files based on the SHA-256 file hash value:
Sensor grouping
To better manage your security policies, Cybereason allows you to assign sensor security policies to specific sensor groups. The policy you select will be applied to all sensors in that sensor group.
Duplicate and edit Behavioral Allowlisting rules
You can now duplicate and edit Behavioral Allowlisting rules from the Security profile > Behavioral Allowlisting screen.
Response enhancements
Unquarantine files
You can now use the Unquarantine response option for Endpoint Protection Malops. Learn more
Malop is benign - Exclude’ option enhancements
When excluding a Malop during the response phase, the ‘Malop is benign - Exclude’ option now includes more details and allows you to choose whether to add the root cause to the allowlist, create a behavioral allowlisting rule, or both.
Better integration between Remote Shell and SSO sign-on
We have updated the Remote Shell configuration to better work with the Responder role and to enable users to have SSO enabled but also use the Remote Shell:
Now, if you only use the Remote Shell utility in Secure mode, you do not need to enable two-factor authentication for your Cybereason role.
In addition, if you have SSO enabled for your Cybereason user, you do not need to use two-factor authentication with the Remote Shell, both in Secure and Unrestricted mode.
Behavioral document protection enhancements
You can now set the Behavioral document protection sensitivity level to Cautious, Moderate, or Aggressive, to suit your organization’s protection needs. This allows you to balance your organization’s security posture with the need to reduce false positive results. The sensitivity levels determine whether the Behavioral document protection feature is triggered and whether to detect, prevent, and generate Malops for suspicious documents.
You can also view the Behavioral document protection modes and sensitivity levels in the System > Sensors screen.
New OS support
We now support deployment of sensors on machines running the following operating systems:
Windows 10 20H2
Oracle Linux 8
macOS Big Sur
Ubuntu 20.04 and Ubuntu 20.10
Certificate updates
As of version 20.1.222, the Cybereason sensor obtains the GeoTrust RSA CA 2018 Intermediate CA directly from the server.
If you upgrade from versions earlier than 18.1 to this version and receive a “Certificate chain trust error” messages, do one of the following:
Upgrade to the latest 20.2 version.
Manually resolve the issue. For more information, see "Certificate Chain Trust Error" Message after Sensor is Installed on a Windows Machine.
For more information on working with certificates, see TLS Communication.