Proofpoint | ObserveIT On-Premises Insider Threat Management
What's New
Release Notes for the current release can be found here.
New Features and Enhancements
Compact Display for Massive File Copy in Time Line View
In the Timeline view (in the User and Endpoint Diaries and the Search results), when displaying an activity of a batch file copy/move of more than 10 files, only 10 file copy/move activities are displayed, each on a separate line. An additional line follows, displaying information for all files in the batch.
In previous versions, each file copy/move activity was displayed on a separate line which was sometimes very long and difficult to view on the browser.
The example below shows 10 activities, each listed on a separate line, followed by the additional line with summary details of the entire batch.
The 10 file copy/move activities that are displayed on separate lines are prioritized by alerts status, with higher severities given priority over lower severities.
The additional line displays details about the entire batch of files, including the number of files copies/moved, alerts, date and time, indication of any MIP labels and details about the source and target destinations.
To access the full list, a link click to download the full list displays on the additional line. When you click the link, an Excel file is generated and automatically downloaded. The Excel file includes full details on all files in the batch.
This feature is supported for Windows Agents only.
Simplified User Risk Score
The User Risk Score is an intelligent risk score calculated for each user based on that user's alerts, during a specified period of time. The User Risk Score is displayed for each user listed in the Risky Users section of the User Risk Dashboard.
From this version, an optional simplified user risk score calculation is supported. This simplified user risk sore score is not limited to a maximum of 100. (Previously all user risk score calculations were limited to a range of 0 to 100.)
The table below shows the weight used for user risk scoring:
| Severity | New User Risk Score Weight | Risk Score Weight when limited to 100 |
|---|---|---|
| Critical | 10 | 30 |
| High | 5 | 15 |
| Medium | 3 | 5 |
| Low | 1 | 1 |
To enable the simplified user risk score option, from the Configuration tab, select Alerts > Alerts & Prevent Rules > Settings. Select Use Simplified User Risk Score formula calculation.
If you turn on this option, all user risk scores are reset. It will take 30 days to recalculation the score for one month.
Screenshot Encryption Key Rotation
For increased security, you can configure security key rotation for screenshot encryption. This option enables regeneration of the key used to encrypt screenshots. You configure how often (in days) to regenerate the key.
To enable security key rotation, from the Configuration tab, select Configuration> Security & Privacy > Security & Privacy.
From the Security tab, in Image Security Key Rotation section, select Enable key rotation for screenshots encryption check box and set the number of days in the Regenerate new key every x Days field.
Enabling Security Key Rotation
Force Using New API for Agent-Server Communication
From 7.13, new secured API for Agent-Server communication is supported for all agent-server communication. Previously from version 7.12, the new secured API was supported only for Agent registration/unregistration.
The new secured API cannot be used with Agents prior to 7.12 for registration and cannot be used prior to 7.13 for other Agent-server authentication.
The new secured API for Agent-Server communication is supported for Windows and Mac Agents only.
In clean installations of version 7.12.0 (or later) for registration and versions 7.13 (or later) for all Agent-Server communication, this option is selected by default. When upgrading from earlier versions, this option is not selected by default and requires manual activation. If you want to upgrade your agents as well, first make sure this option is not selected, then upgrade the old agents, and only then activate this option.
For customers with Linux Agents, you must disable this option or the Agentsa will not be able to communicate.