Skip to main content
UAP 8.x Releases

Search

Cequence UAP platform release 8.2

© 2024 Cequence Security. All Rights Reserved.

Cequence UAP platform release 8.2

  • Updated on
  • ~ minute read
Download PDF

The Cequence Unified Application Protection (UAP) platform release 8.2 delivers significant enhancements across 10 major feature areas, focusing on enterprise integrations, global data protection, and platform performance. This release includes important fixes that resolve multiple customer-escalated issues affecting production deployments.

What's new

The 8.2 release of the Cequence UAP platform introduces the following enhancements.

External ticketing integration (JIRA and ServiceNow)

The 8.2 release of the Cequence UAP platform provides a complete connector framework for JIRA and ServiceNow with create, update, list, and delete operations. You can create and track remediation tickets directly from the Cequence UAP platform's detection and mitigation interfaces. ServiceNow-specific enhancements include system-generated ticket IDs and ServiceRequest types with SysID tracking.

Sensitive Data Expression (SDE) expansion

The 8.2 release of the Cequence UAP platform provides new regional coverage for 25+ countries and regions including the Middle East, Europe, Asia-Pacific, and the Americas. Flexible, configurable masking algorithms include Format-Preserving Encryption and Redaction (asterisk-based masking). You can validate individual SDEs by testing against data elements or including keywords and API fields in JSON requests and responses. A new [M] indicator clearly identifies masked values in transaction evidence and exports.

AFD Hindsight GUI

The 8.2 release of the Cequence UAP platform transforms Attack Feature Detection Hindsight from an expert-only tool into a self-service feature for all security operations teams. The new GUI offers intelligent input validation, contextual guidance, and interactive visualizations that make complex statistical analysis immediately accessible.

Routing configuration consolidation

The 8.2 release of the Cequence UAP platform provides a unified UI that manages traffic routing for both Cloud Sensors and Hybrid Sensors. Customer-managed routing configurations provide greater traffic flow control. Comprehensive validation testing verifies configuration accuracy before deployment.

App Tags and Expert Rules enhancement

A "Last Received" timestamp shows real-time activity for tags and rules. You can filter active versus stale tags with configurable time ranges (24h, 7d, 30d, custom). Query APIs enable programmatic access based on last activity. Persistent user preferences maintain sorting, filtering, and column selections across sessions.

OpenSearch support

The 8.2 release of the Cequence UAP platform provides a new OpenSearch data export connector with built-in SSL support and UI-based certificate upload.

Data Export and Reporting

The 8.2 release of the Cequence UAP platform provides filterable Bot Mitigation Events in the export menu with additional key metrics in API Inventory exports. Enhanced reporting fields include policyId and parameterizedPath for better policy tracking. Custom reporting capabilities support enterprise-specific requirements.

UI and UX refinements

The 8.2 release of the Cequence UAP platform provides Previous and Next buttons in transaction details for faster investigation workflows. Enhanced select-all functionality works across pagination boundaries, and persistent time filters maintain context. Separate tabs organize WAF and Bot Mitigation policies. Detection and Mitigation pages remember sort preferences. A new username filter appears in audit logs.

Security and technical debt resolution

The 8.2 release of the Cequence UAP platform includes security vulnerability fixes across Sentinel, Spartan, and Airflow components. RBAC enhancements for WAF policies provide Admin and Viewer roles for least-privilege access. Infrastructure updates include kube-prometheus-stack 79.0.0 and component version updates.

Performance and infrastructure improvements

The 8.2 release of the Cequence UAP platform provides an optimized bot analyzer with configurable user agent cache and enhanced Policy Engine concurrent fetch caching. Improved Distribution Service boot-up times and more efficient Defender failover in HA deployments increase platform reliability. Increased Jackson JSON max string length to 50MB+ supports large ML model payloads. New Prometheus endpoints for traffic metrics and enhanced Grafana dashboards improve monitoring. Additional metrics for Integration Executor and EmailExportProcessor improve observability.

Noteworthy resolved issues

This release resolves 16 customer-escalated issues affecting production deployments.

Performance and stability

  • CEQASP-7637: Field Data Cache exhaustion no longer prevents configuration loads.
  • CEQASP-10211: ConcurrentModificationException no longer causes crashes in Resource Discovery.
  • CEQASP-8439: Policy Engine concurrent fetch performance is optimized.
  • CEQASP-7363: NullPointerException no longer occurs when loading IP addresses in Policy Engine Cache.

UI and reporting

  • CEQASP-9969: Fingerprint selection display and copy functionality work correctly.
  • CEQASP-7707: Detection Dashboard returns values when grouped by User.
  • CEQASP-7100: RedEye Rule R58 no longer triggers incorrectly during business hours.
  • CEQASP-8822: Transaction page configuration for rows and User-agent column functions correctly.
  • CEQASP-8462: Country field appears in transaction CSV exports.

Integration and export

  • CEQASP-9117: UI load times in air-gapped environments no longer experience 21+ second delays due to Google Fonts.
  • CEQASP-9420: SSO no longer redirects to internal Keycloak cluster URLs.
  • CEQASP-9678: EDS Delete endpoint no longer uses broad match to delete unintended files.

Data and filtering

  • CEQASP-9606: Baselining API payload structure regression from 8.0.3 is resolved.
  • CEQASP-9768: ISP, Organization, and Country filters return correct results.
  • CEQASP-7832: Logout consent screen is removed.

Issues adressed in updates

8.2.5

CEQASP-10712: Detection Dashboard now maintains consistent time windows between pivot views and pivot detail queries.

CEQASP-10770: Dashboard URI_TOP aggregation now correctly processes all transaction data and returns accurate top 100 results.

CEQASP-10866: Policy Engine now supports requests with headers exceeding 8KB through improved max-http-request-header-size handling.

CEQASP-10750: Resolved white screen issue when deleting selected policy filters on mitigation page.

CEQASP-10737: Rollback and backup import operations now fully restore Aggregate pivot configurations.

8.2.4

CEQASP-10716 Configuration export improved to handle large datasets without memory exhaustion

CEQASP-10703 Configuration import preserves WAF policy placement in the correct tab

CEQASP-10696 Create and update SDE buttons removed from field names modal

CEQASP-10665 App tags attach correctly to published endpoints

8.2.3

CEQASP-10547 Kafka Connect Azure Blob sink connector startup improved with required Netty HTTP/2 dependency

8.2.2

CEQASP-10375 Session cookies for the web UI contain the proper flags.

CEQASP-10349 Traffic filters with advanced filters no longer fail.

CEQASP-10356 Improved UI of mitigation filters.

CEQASP-10247 Navigating to the Transaction screen from the Risk/Transactions tab now correctly applies the Risk Category and Risk Contributor filters.

CEQASP-10493 API Generate Preview API call no longer fails with to empty request/response body keys.

CEQASP-10481 UI auto refresh interval set to 1 minute in the Detection and Mitigation Dashboard.

8.2.1

CEQASP-10514 Corrects failures in Kafka Connect S3 Sink due to an invalid AWS credentials provider class caused by a mismatch between the AWS SDK v1 and v2.

Breaking changes and deprecations

HTTP Traffic Filters are deprecated in favor of the consolidated Traffic Management interface. SDE Rules now require at least one keyword or field in the Include criteria for validation.

Upgrade considerations

Review the following considerations before and after upgrading to the 8.2 release of the Cequence UAP platform.

Pre-upgrade actions

Review custom SDE configurations for compatibility with new validation requirements. Because of the significant changes to sensitive data expressions (SDEs) in version 8.2, previously configured versions of regex and NLP-based SDEs will not work automatically post-upgrade to 8.2. Use the following API to export current SDEs before upgrade, and work with customer support to manually recreate these SDEs for version 8.2 and future releases.

Since SDE detection and masking in API Sentinel has been deprecated with this release and instead consolidated in the internal bridge (sometimes referred to as "sensor-bridge"), work with customer support to tune your UAP tenant for appropriate resource allocation. Less resources are needed for traffic analyzer compared to previous releases, but more resources are needed for internal bridge.

Post-upgrade verification

  1. Validate JIRA and ServiceNow connector configurations and test ticket creation workflows.
  2. Verify that SDE patterns detect and mask data correctly using the new testing UI.
  3. Verify that app tags display "Last Received" timestamps accurately.
  4. Test transaction navigation using new Previous and Next buttons.
  5. Validate that Prometheus metrics endpoints are accessible for monitoring integration.

Changed behaviors and known issues

Unlike previous releases, the sensitive data detection and masking control that is accessible using the traffic management GUI applies only to external edge components. When you disable detection and masking at the traffic filter level, no sensitive data will be detected or masked at the edge (defender, sensor or external bridge), but will always be detected and optionally masked at the internal bridge. You can enable or disable individual SDEs for detection and masking.

When detection and masking occur in the internal bridge, they do not apply to Bot Protection use cases, and only to API Security use cases. For detection and masking to apply to both Bot Protection and API Security, enable masking at the edge using the traffic management GUI controls.

To use new features of SDE detection and masking at the edge, verify that Defenders, Sensors and External Bridge are at version 5.8.0 or above. While older versions of data plane components will work with UAP 8.2, new SDE detection and masking capabilities will not work as desired.

The 8.2 release of the Cequence UAPplatform, has no separate NLP-based SDE. Instead, all SDEs are regex-based. The additional checks for special SDEs like Credit Card Numbers (Luhn checks), US Social Security Numbers, US DEA numbers continue to function as before. The GUI informs you when additional validation checks are being executed to verify maximum detection efficacy.

IBAN detection works for approximately 70 different countries around the world. However, there may be others for which IBAN detection will not utilize extra validation checks. In these instances, the keyword, field and regex matching will still work.

Unlike previous releases of the Cequence UAP platform, SDEs in version 8.2 and above require at least one keyword or one field to be specified before they will be considered for detection and masking. When you specify keywords and include fields, at least one of the specified keywords must be present in the path of the include field. Otherwise, SDE detection and masking will fail.

You can use "*" and "**" for wildcard matches of elements in the path to a specified field, whether include or exclude.

  • "*" matches exactly one element. For example, user.*.email will match user.credential.email and user.contact.email, but not user.contact.credential.email.
  • "**" matches any number of elements. For example, user.**.email will match user.credential.email, user.contact.email, and user.contact.credential.email.

When SDEs are found within an array of values, specifying the path with numerical index will not work. Instead use "*". Consider the following body:

{
    "users":[
        {"name": "abc"},
        {"name": "def"}
    ]
}

Adding include field as users.0.name will not work. Adding include field as users.*.name will work.

UAP 8.2 offers a GUI to test SDE detection and masking. This is beta functionality and may have issues. These issues will only apply to the test functionality in the GUI. No issues are anticipated with the detection and masking of SDEs in the data plane.

The Format-Preserving Encryption (FPE) mode of masking will not work on foreign-language characters (like Arabic, Greek, Japanese, Korean). Use redaction mode (which replaces sensitive data with ***) for masking in these cases.

Masking is currently not supported for response headers, or when response content type is set to text/plain.

Partial masking of sensitive data expressions (like with email addresses in previous releases) is not supported in 8.2.

Support resources

For questions regarding this release, contact your Customer Success Manager or open a support ticket through the support portal.

Was this article helpful?
Japanese (Japan)