Documentation

What's new in this release

Suggest Edits

February 6, 2025

New features

Add support for Splunk as a SIEM

Splunk Cloud and Splunk Enterprise are security information and event management (SIEM) tools that can be configured in EPM Cloud for Linux to receive event log and I/O logs data from EPM-L.

Export your events information to Splunk to have a single source of event information for large-scale analysis, piping to an EDR/XDR system or to your SOC.

Two Splunk indexes are provided: beyondtrust-epml-ecs-eventlog for event logs and beyondtrust-epml-ecs-iolog for IO logs.

Backup & Restore
  • Download a copy of the policy database on the selected policy server. The database backup file is saved in JSON format and can be uploaded later if the database needs to be restored.
  • Upload a saved version of the database backup (JSON format) file.
Site management

Site management helps administrators manage multiple instances of EPM Cloud for Linux, and replaces the use of tenants to manage users and switch instances.

Now, each site includes a single instance of EPM Cloud for Linux, and you can manage your user access and configure site settings via the new Administration page, available to those users with administrator permissions.

Enhancements

Client package installer version and new version availability notification

On the Packages page of Linux installers:

  • The version number for the currently installed package is displayed. Architecture and create date are also displayed.
  • When a new version of a package is available, a notification displays.
Filtering, pagination, and sorting for client endpoints

Enhanced the display experience on the Endpoints page by adding pagination and filtering options. These improvements provide better navigation when there is a large number of endpoints in the list.

JSON export for Event Log page

Can export events to a JSON file.

License improvements

  • license_put_sync performance improvements

    Multiple entries for a given host in license write queue files are grouped and sent as a single update to license server.

  • Separate license check and license write queue file writes in pbmasterd

    This improves the performance of pbrun and other PMUL clients.

  • Avoid writing multiple license write queue files for same host

    When there were many ‘first time in a day’ requests at the same time, pbmasterd would write multiple write queue files for a single host. With this change, only one license write queue file is sufficient to update the lastupdated time in the license database.

Changed default value for loadsslibs (and loadcurllibs) to yes

OpenSSL and libcurl libraries built by BeyondTrust are now loaded at the initialization of the PMUL processes to avoid possible conflicts when loading third-party libraries.

Issues resolved

DescriptionResolution
Client license totals are incorrect when filtering and pagination are applied.Updated EPM-L to include license total value available from EPM-UL.
Roles details side card is empty when there are no command groups.The side card displays details even when Command Groups might be blank.
Using the Monaco editor in dark mode causes readability issues when highlighting a syntax error.Removed highlighting on rows with syntax errors. An indicator displays in the margin of the editor.
Unified Search Iolog shadowrecord lookup fails to find host
It is possible to add more than one SIEM connection with the same name.Only one valid SIEM connection can exist.
On the Unified Search page, the Settings link does not work.Updated the link to go to SIEM Settings page.
Accessibility issues with UI elements.Updated UI elements to comply with standards.
EPML client Debian package installation, pbsudo-wrapper.pl is installed with the setuid permission.The Debian package no longer installs with the setuid permission set.
EPML Debian packages do not deposit ACA library in /usr/lib/x86_64-linux-gnu for preload with setuid programs.
In some cases, pb.settings keyword changes reverted to the default values after a package upgrade.Changes to setting keywords are retained after an upgrade.
Installing EPML client RPM on RHEL 9 results in installation config warning.The RPM can be installed on RHEL without installation config warnings.
ACA does not work in RHEL 8.10 for the yum commandACA now works correctly for the yum command in RHEL 8.10.
RBP change management events do not add the "reason" message or the put/transaction data to the event.The RBP is now updated to include a reason and put/transaction data when change management events is set to yes.
The new Client License Endpoint pagination implementation incorrectly calculates the total records.Updated the parameters used to calculate pagination
Cached forwarding process was never exiting.When the cached forwarding process fails to obtain policy pull / cache forward lock, the process exits successfully.
If the very first pbrun that runs in cached mode is run as a non-root user, the pbcached directory and its subdirectories are created with the group-id of the non-root user used.The pbcached directory and its subdirectories are created with the group-id of the root user.
If the user ran pbrun -l in cached mode as a non-superuser, the cached IO log would be generated but the corresponding record was not recorded in the pbcached.db database.The record is now added to the database.

Updated 22 days ago

©2003-2025 BeyondTrust Corporation. All Rights Reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.