New features in 8.16.0

The following are the new features available with the Xprotect version 8.16.0 released on the 16th of April 2021:

Integration with LDAP

From the Users > Directory Setup page, integrate a Lightweight Directory Access Protocol (LDAP) server with the Xprotect instance to fetch an interested list of users from an Active Directory (AD). This can help you set up Xprotect User policies for these users. 

  • Integration requirements - Integration with AD requires the following details: Bind DN, password, and public key of the LDAP server. 

  • Filters used to fetch users - users in the AD can be filtered for fetching at two levels - Base DN and User filter.

  • Preview users - preview the list of users fetched from the AD in the Test Connection tab in the LDAP Configuration fly panel.

  • Synchronize users fetched from AD - after the initial integration with the instance, you can set up Xprotect to automatically refresh the user base at periodic time intervals. You can set up a minimum refresh interval of Four hours (Default) and up to 23 hours and 59 minutes.

After successful integration with an AD, the Users page lists 3 additional pages - Users, AD-Groups, and AD-Departments.

See Integrate LDAP with Xprotect for more details.

User groups

Users fetched from the integrated AD can be grouped into User groups. This is in addition to the existing Host groups feature to group hosts (endpoints). Creating User groups is the first step to apply and enforce User policies to the hosts on which the users' login with their AD credentials.

  • Linked to AD groups or AD departments - a User group is a group of hosts belonging to either One or more AD groups or One or more AD departments.

  • Linked to Host groups - a User group can be associated with One or more Xprotect Host groups.

  • Many-to-one association with Host group - multiple User groups can be associated with a common Host group.

  • One-to-one association with an OS-based User policy - only One OS-based User policy (per OS) can be assigned to a Host group.

User groups introduce the following changes on the Hosts page:

  • User groups tab/page lists the User groups in the instance.

  • Create New User Group link on the User groups page to create User groups by associating AD groups or AD departments, Xprotect groups, and Xprotect User policies.

See Create User groups for more details.

User policies

User policies are Xprotect policies that can provide user identity-based access to the applications and files on the Xprotect-managed hosts. The identities here refer to the identities of the users fetched from the AD that is integrated with the Xprotect instance. Hosts can be set for identity-differentiated access by associating multiple User groups associated with a Host group and assigning different User policies for the User groups.

User policies introduce the following change on the Policies page:

  • Xprotect policies are categorized as Host policies and User policies. The framework to create, edit, push, clone, and delete User policies is identical to Host policies.

  • Host policy and User policy operands to filter the pages.

User policies introduce the following change on the Hosts page:

  • Policy column displays a Black 'User icon' with a number to indicate the number of User policies on a host.

  • Host policy-related and User policy-related operands to filter the pages.

User policies introduce the following change on the Alerts page:

  • User policy-related alerts listed on the Summary Alerts and Detailed Alerts pages, when expanded, display a Black 'User icon' to indicate the alert is from a User policy.

  • Host policy and User policy operands to filter the pages.

See Filter data in Xprotect, Xprotect policies, and User policies for more details.

Xprotect RBAC roles

Xprotect instances now come with 4 RBAC roles:

  • Instance Admin - full access to all Xprotect features seen in the instance.

  • Policy Manager - full access to Policy creation and lifecycle management, and Alert management.

  • Asset Manager - scoped access to the hosts managed from the instance. Scope is a set of Xprotect tags that are assigned to the hosts. Assigning the scope tags when creating an Asset Manager account restricts access to only the hosts assigned the scope tags.

  • Instance Observer - read-only access to all Xprotect pages in the instance. 

See RBAC roles in Xprotect for more details about the privileges assigned to these roles.

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.