Endpoint Privilege Management for Linux 25.1.2
March 18, 2025
New features
EPM-L supports user-created Splunk indexes and HTTP event collectors
You can now manually create the indexes and HTTP event collector (HEC) in Splunk Cloud and
configure the information required for the SIEM connection in EPM-L.
Select the Index and HEC Objects created check box to enter your Splunk objects.
Microsoft Entra ID Directory Services Integration
By integrating with Microsoft Entra ID and synchronizing AD groups to EPML secure user groups and individual names to users in EPM-L, the customer can have a single source of truth that will apply policies across the Linux server base.
In EPM-L, there is a list of users that can be matched to a given policy. Today, managing the list is manual. The user either has to enter each name in 1-by-1 or copy a list of user names into a text field in the “add secure user groups” section of the UI. For a large company, with tens of thousands of users, this is not a manageable solution.
Enhancements
Added to RBP GET rest call wildcard filtering
Added to RBP GET rest call wildcard filtering of RBP entities based off relevant field values. This was needed for pagination and sorting added to EPM-L to support large RBP policy database definitions.
RBP enhancements
- Improved the efficiency of RBP PUT rest call when writing multiple RBP entities.
- Added performance improvements to manage large RBP policies. Displaying entitlement reports was timing out for large RPB policies.
Issues resolved
| Description | Resolution |
|---|---|
| IO logs in Splunk can contain erroneous data under load | Corrected data duplication and truncation in the IO log data. |
| When downloading a JSON of the data in the Events grid, it downloads everything unfiltered. | JSON downloads match the grid filtering. |
| RBP user groups users name's are appended with '\r' when using bulk edit feature. | User group names no longer include '\r' when using bulk edit feature. |