Release 4.4.1

February 10, 2025

What's New?

Audit Trail for FIM Incidents

We have introduced audit trail for FIM incidents. An audit trail is a record of events, including changes and user activities, that helps track actions. This audit trail can be viewed on the new Activity Logs tab.

Benefits

Tracks file changes and user actions to ensure transparency.
Reduces manual efforts by automating event tracking and logging.

Key Points

You can find the following activities in the audit trail for incidents:

Create a new incident
Update in an incident
Delete an incident
Add and delete reviewers in an incident

New Activity Logs Tab in FIM

In this release, we have introduced a new Activity Logs tab in FIM. This tab displays details of actions taken on FIM Incidents and Profiles. The system records the activity whenever a user creates or modifies a FIM incident or profile.

You can view activity logs for an incident using the token: targetType: Incident

New Tokens for Activity Logs Tab

Token	Description	Example
action	Use this token to find the activity logs based on the action performed. The actions available are: Baseline Create Update Delete Failure	`action`: Create
targetName	Use this token to find activity logs based on the incident or profile name.	`targetName`: FIM Profile 1
targetType	Use this token to find activity logs based on the target type (Incident or Profile).	`targetType`: Profile

Improvement in Search Token Containing Colon

You can now search queries that include colons, such as IPv6 addresses (for example: 2001:0db8:85a3:0000:0000:8a2e:0370:7334). To ensure accurate results, make sure the value is enclosed within single quotes ('), back ticks (`), or double quotes (").
This enhancement improves the accuracy and effectiveness of searching for network addresses and similar data containing colons.

Enhancement in Copying Users and Processes

You can now copy the user and process details directly to the clipboard from the FIM Events listing page. This allows you to copy the data without opening the event details.
Hover over a user or process on the Actor column and click to copy the data.

Issues Addressed

Category/Component	Issue
FIM Profile Rule	When creating an exclusion filter, the system does not exclude users or processes copied and pasted from Notepad. Now, the system supports copying and pasting users and processes from Notepad seamlessly.
FIM Incident Events	The system does not display any events older than 15 months when searching for events within an incident. Now, an error message is displayed when no events are found within the last 15 months. The system only keeps event data for the last 15 months. Events older than 15 months are deleted and cannot be displayed.

Category/Component

Issue

FIM Profile Rule

When creating an exclusion filter, the system does not exclude users or processes copied and pasted from Notepad.

Now, the system supports copying and pasting users and processes from Notepad seamlessly.

FIM Incident Events

The system does not display any events older than 15 months when searching for events within an incident.

Now, an error message is displayed when no events are found within the last 15 months.

The system only keeps event data for the last 15 months. Events older than 15 months are deleted and cannot be displayed.