Changelog

Changelog

Architecture

  • Integration with ClickHouse – a high performance database of a new generation meant to significantly speed up data analysis and incident investigation
  • Optimization of work with PostgreSQL.

Active Directory Integration

  • Install by PC list imported from AD: connect from StaffCop agent installer to the domain controller for choosing workstations to install StaffCop agents on.
  • Assign monitoring configurations by AD groups.
  • Create administrator accounts via AD.
  • Improvements on extracting user attributes

Work time tracking

  • Production calendar and work schedule – ability to assign a work schedule with lunch breaks, vacations, days out and holidays for users and departments.
  • Support for user time zone – display events in the local time of a monitored workstation. Support for several time zones for companies with geographically dispersed offices.
  • New report on unproductivity: top by departments/users on a single page that can be exported to Excel.
  • New reports by department:
    • Productivity by department;
    • Activity by department;
    • Absence at workplace by department.

Analytics

  • Archived documents analysis.
  • Export report «Fact» → «Table» to CSV.
  • Export «Analysis» → «Table» to CSV.
  • Improvements on report exporting: «Print», «Export to PDF», «Export to Excel», «Export to CSV», «Facts feed»
  • Dynamic title of the report «Analysis» → «Table», multi-level sorting, the ability to switch columns.
  • Legend for a heat map is added.
  • Events tree
    • display amount of events in the edge nodes;
    • export to printing;
    • click to «drill-down» to the list of events
  • Files that can’t be downloaded are indicated.

Filters and policies

  • Add applications and web-sites to policies from the “Time tracking” report.
  • Edit hierarchical structure of filters.
  • Search in filters.
  • Updated fixtures.

Windows-agent

  • Intercept passwords on web-sites
  • Intercept Windows account passwords (when log in).
  • Low-level keylogger.
  • Monitor vk.com dialogs (outgoing).
  • Monitoring using Google Drive in browsers, shadow copying of uploaded documents.
  • Support for latest versions of Skype.
  • Read-only mode for CD drives.
  • Lock web-sites with domain names in Punycode (e.g. Extended Latin symbols, Cyrillic, Arabic).
  • “Special control” for web-sites: taking screenshots at specified interval when visiting specified web-sites.

Linux-agent

  • Keylogger implemented at the kernel level to control terminal servers and systems where keyboard interception in X-sessions is unavailable (Astra Linux).
  • Monitor external drives connections.
  • File operations: type of file operation, shadow copying of intercepted files.
  • Support for file monitoring rules (black and white lists).
  • Search queries in Chrome and FireFox.
  • Binding keyboard input (X11-keylogger) to activity events on web-sites.
  • Improved keyboard input interception.
  • Improved X-session recognition.
  • New event type «System log».

Monitoring configurations

  • Improved agent configuration panel: grouping by setting modules and monitoring rules, improved rules editor.
  • Work schedules for users or computers.
  • Command line tool for adding rules to configurations.
  • Simplified managing of monitoring rules – ability to add rules from the left-part of the Constructor.

Administration

  • User help is built in the web console.
  • Notifications on database disks being filled up.
  • Registry of actions in the administrative web-panel.
  • Remote installer has been significantly improved.
  • Improved access rights division.

Receive a new key before upgrade from earlier versions. Rollback to previous versions leads to data loss

Analysis

  • Option of data upload and filtration by clicking the «Apply» button;
  • Filter events and intercepted files in the communication by attributes "Sender domain"/"Recipient domain", "Recipient" (event types "E-mail", "Instant Messengers", "Intercepted file")
  • Display events of types "Keyboard" and "Screenshot" as bound to web-sites, which means that events of these types contain information on visited web-sites
  • Search and filter events by file extension
  • Improvements on displaying event types "User activity", "Search query", "File operation", "Devices", "Printing";
  • Corrected view of intercepted .txt files content, corrected view of parsed text from .xls;
  • Search by attributes "Device type", "Device", "HWID", "Drive type", "Operation", "Product", "Provider";
  • Improved search by word combinations, new abilities of full-text search in PostgreSQL 10 added;
  • Detection of encrypted ZIP/RAR archives;
  • Reverse sorting by time in the facts table
  • OCR prototype (text recognition in images);
  • Build queries for filters with conditions equals/not equals and contains/not contains, the ability to combine conditions with logical operators AND/OR;
  • The loading indicator that used to cover data and bother working process in case of a long data loading has been removed

Reports

  • Go to screenshots from user card
  • Go to the facts list from reports "Time tracking", "Analysis"→"Table" and «Analysis"→"Pie chart";
  • Productivity and applicationb policies have been improved;
  • New report type - dimension card of triggered filters
  • Histogram in the report «Analysis→Table»

User experience

  • The time of loading of the Constructor with statistics disable has been reduced;
  • Events in the "Snapshots" mode now loads faster
  • Migration is carried out faster in case the full-text index has already been made;
  • Optimized loading facts with large texts
  • Faster filtration in Analysis;
  • Improvements on file extentions at ZIP-exporting of the events "Screenshot", "MicRecording";
  • Events from system users have been hidden;
  • The problem occured while caching static content by browsers at the moment of upgrade;

Agent configuration

  • The admin list of agent has been improved:
    • New informative table with status, agent version and configuration title;
    • Choose agent configuration from a list;
    • Agent grouping by "label", this attribute can be used when building filters
    • Search by computer name or IP-address;
    • Group operations when changing agent statuses;
  • Option "setting sync_with_ad" - always upgate profile from AD;
  • Option "name_auto_change" - update user name and domain when name is changed
  • The list of exclusions for global configuration has been extended
  • New rule "File monitoring - Read - Allow/Deny" to ignore read operations for applications without disabling file monitoring.

E-mail notifications

  • E-mails contain unsubscribe links
  • The ability to send user cards
  • SMTP setting for sending medssages without autorizing

Windows-agent

  • The ability to reset agent data;
  • Удаление агента по команде с сервера; Remove agent by a command from the server
  • Interception of Mail.ru mail with new interface;
  • Interception of Mail.ru ICQ 10.0.12243;
  • Improved algorithms of e-mail interception;
  • Improved algorithms of file interception and shadow copying;
  • Improved algorithms of live administration;
  • Fixed bugs occuring at remote installation

Linux-agent

  • Track .log files;
  • Track activity time in Chrome and FireFox;
  • Clipboard interception;
  • Track printing events;
  • Record sound form built-in microphones;
  • Improved keyboard interception;
  • Adapted for work in ОS Astra Linux;

  • Dimension cards: summary reports on chosen dimensions
  • Remote desktop video record;
  • USB: «read-only» mode;
  • USB: interception of a content of a file created on a USB storage device;
  • SIP: SMS interception;
  • Anomalies detector: manual configuration of sensitivity;
  • Anomalies detector: one-click event detailing;
  • Anomalies detector: sorting by columns;
  • Remote desktop: automatic change of the viewing window;
  • Remote desktop: faster connections;
  • Remote desktop: remote desktop view on terminal servers;
  • Network monitoring: monitor search queries in the following engines: Google, Yandex, Bing, Youtube, Rambler, Mail.RU;
  • File monitoring: shadow copying size limitation;
  • Remote installer: load a list of PC without requesting them;
  • Remote installer: forced request of chosen PCs;
  • User interface: interface navigation with the help of “Back”/”Forward” buttons of the web-browser;
  • User interface: one-click server restart, settings reset and report rebuild from the admin panel;
  • User interface: the “Home” button to reset all the filtering conditions;
  • Log all the authorizations into the StaffCop admin panel, located in /var/log/staffcop/auth.log;
  • Agent name auto-change in case its PC name is changed;
  • User filters parameters are kept after running the “reinit” command;
  • Optimized work of the terminal servers;
  • Optimized speed of reports rebuild;
  • Change certificate name when intercepting https, smtps.

  • GNU/Linux endpoint agent released;
  • Remote desktop control;
  • “Hardware registry” module;
  • “Software registry” module;
  • Automatic detector of user behavior anomalies;
  • Correlation by file hashes;
  • Correlation and locking USB devices by device classes;
  • New event type “Search queries”;
  • E-mail interception by Exchange ActiveSync protocol;
  • SIP channel interception: UDP interception, calls detailing;
  • Text objects: handy content filtration method by keywords, phrases and regular expressions;
  • Morphological text search in intercepted files;
  • “Tree” mode of data visualization;
  • Audio-player for playing audio files in the web-panel;
  • New report on user activity for better visualization;
  • New detailed report on user activity: chronological list of events with grouping;
  • One-click switching from linear graph and histogram by clicking on a graphical element;
  • Improvements of the calculation algorithm of activity time on web-sites;
  • Manual setting of web-can snapshots intervals;
  • Now compatible with Kaspersky Endpoint Security 10;
  • New attributes for the “Agent” dimension: “OS version”, “Agent version”; for the “File” dimension: “File hash”; for the “Device” dimension: “Device class”;
  • Black and white lists of monitored accounts;
  • Fixed incorrect display of html-tags in the text of intercepted e-mails;
  • Administrative interface remade;

  • Relation graph updated;
  • Linear graph updated: Time-line, Constructor;
  • Anomalies report in the form of histogram;
  • Drill-down function for all the main reports;
  • Scheduled report sending by e-mail;
  • Optimized calculation of time spent on web-sites;
  • Custom event categorization;
  • Flexible settings of microphone recording;
  • Highlighted words in triggered alerts;

  • StaffCop kernel optimized – system speed significantly increased;
  • Content file analysis;
  • Remote desktop view;
  • Relation graph constructor;
  • Driver agent;
  • Linear graph for anomalies detector;
  • Floating license revocation from the admin panel;
  • Tile view of screenshots;
  • Python-based filters;
  • Access rights dividing;
  • New algorithm for calculation productive/unproductive time;
  • Calculation of web-site time activity;
  • Extended work time reports;
  • Improved mechanism of receiving files by the server;

  • TLS traffic interception for Firefox Portable;
  • Improved file transferring mechanism;
  • Optimized screenshots compression

  • "Constructor" is the default view of the administrative panel
  • Improvements of agents and system architecture
  • Manual activation/deactivation of filtering
  • New dimension attribute - "Domain" (AD domain)

  • StaffCop Server restart from the web-panel;
  • View screenshot in a slider;

  • New report "Statistics";
  • Improvements of the lateness report;
  • Backup option for disk cleanup;

  • Interception of webmail with attachments;
  • Linear graph for activity time;
  • Manual setup of the time of start and end of the working day, break intervals;
  • Active Directory — receive full user details;
  • Dimensions and event attributes united;
  • New attributes for events of network monitoring, application monitoring;
  • New dimensions «Hour of day» and «Weekday»;
  • Support for energy-saving modes of PC;
  • Interception of files transferred in Mail.ru agent;
  • Cut-off interception of redundant HTTP/HTTPs traffic;
  • Separate user sorting for applying configurations;

  • Record sound from microphones;
  • Full-fledged interception of FTPs;
  • File requests interception on a file server;
  • Special control of documents;
  • Optimized user interface;

  • Improved XMPP interception;
  • Option of disabling network monitoring;
  • Active Directory recieve user name and department;
  • Improved work time reports;

  • Dimensions that are not applicable to a filter are not displayed;
  • Agents auto-update option;
  • Displaying the number of events in the Constructor;
  • "Absence at workplace" module;
  • USB-devices locking;
  • Messaging direction (Incoming\Outgoing) for e-mail and instant-messengers;

  • Access rights dividing for administartor/user;
  • Shadow copying can be disabled for the "File monitoring" module;
  • Screenshots taking can be disabled without disabling "Application activity";
  • Improved preview of e-mail messages;

  • Block HTTP/HTTPs traffic;
  • User activity monitoring;

  • OS restart option in the agent installer;
  • User interface improved;
  • Table view mode for each event type;
  • HTTP/HTTPs traffic filtering by content-type;
  • Clickable hyperlinks in the "Facts - Table";
  • E-mail attachments interception. All mail clients and protocols are supported (excluding webmail);
  • Fixed file driver;

  • First attempt to maximize results from the chosen architecture. Basic concepts are updated to the level of beta-version;
  • Remote installer is in encased in msi-package. Agent is not bound to the local network;
  • First small bugs fixing. Web-interface implementation;