4.1.2 Release Notes (March 2019)
Incidents
Detect Mobile Devices Based on User Agent in Activity Monitoring
In Incidents > User Activity > Activity Monitoring, you can search and filter for mobile devices in activities using the Network Type filter Mobile User Agent. It identifies mobile devices based on the browser’s name and version, rendering engine, device’s model number, operating system, etc. For details, see Activity Tab.
Policy
In a Scheduled Scan Filter
The In A Scheduled Scan filter allows you to see the buckets have not been part of a DLP scan in the last 30 days. If a bucket was not scanned, for whatever reason, it is flagged No. If all buckets are scanned, they are flagged Yes. For details, see In a Scheduled Scan.
Skip CloudTrail Buckets in On-Demand Scans
By default, CloudTrail buckets are excluded from On-Demand Scans, which speeds up the scanning process by skipping the activity logs. For details, see Create an On-Demand Scan for AWS.
Update to Quarantine Management
Quarantine Management has been updated. As part of this change, Quarantined Files are now available for analysis and manual remediation action via the Policy > Policy Incidents page. For details, see Items in Quarantine.
IaaS
Existing “Unrestricted Access” policies have been changed to generate incidents from AWS-linked resources on Security Groups as well that are linked to EC2 instances. Previously, the incidents were created on EC2 only, and after this change, the incidents are created on both EC2 and Security Groups.