Release Notes

This document provides the most recent summaries release notes for Zercurity.

19/10/2019 (ec620a5)

  • Added the ability to disable compliance frameworks
  • Added the ability to force schedule a check against a compliance rule
  • Added the ability to update custom compliance rules
  • Windows installer now modifies the Zercurity service to recover should there be a crash
  • Fixed menu sizes for ultra-wide monitors

30/09/2019 (3c9ed26)

  • Added Osquery 4.0.2 to the installers
  • Added Google Santa 0.9.33 to the installers
  • Added support for Mac OSX 10.15 Catalina, including OSX TCC policies
  • Added the ability to set what version of Osquery or Google Santa will be bundled with the installer
  • Added the ability to update an assets type
  • Added the ability to add notes to an asset
  • Fixed some issues with the Windows installer whilst updating
  • BETA - JIRA integration now available for public testing

22/09/2019 (e63a154)

  • Added, overhauled the compliance user interface. Zercurity now providers better visibility of failing compliance rules.
  • Added the ability for users to now create their own compliance frameworks and rules.
  • Added an additional cookie to track the last company you were working on in the event of full-page navigation.
  • Fixed an issue when checking for Windows disk encryption
  • Fixed an issue when trying to filter issues for backlogged items
  • Fixed an issue where some interfaces were missing if they had none or an invalid netmask
  • Fixed an issue where if a logged in user was deleted. They would start getting errors from the UI. They are now instead gracefully logged out.
  • Global events will now only show the last 7 days in the UI by default
  • ALPHA - Workflows new UI components added for better visualisation of state between actors.

API Changes

  • The compliance API has been completely reworked. The existing API resources still exist but now return additional information. There are now new APIs to create new compliance namespaces and create and edit rules.


  • Added the ability to now force an update of every asset component, disk info, device info, updates etc.
  • Added a new vulnerability view under each asset
  • Fixed font awesome icon packs not showing sometimes
  • Fixed issues regarding Windows updates being marked as missing when they were in fact installed
  • Fixed an issue where issue components kept removing themselves
  • Fixed a bug for UI CVE names
  • Fixed an issue when sorting issues
  • Update asset network history is now stored instead of a snapshot to help aid network discovery
  • Updated the colour or tags to be the same across the application when denoting Critical, High, Medium or low tasks
  • ALPHA - JIRA integration added
  • ALPHA - Workflows made available for testing

API Changes

  • Zercurity reports have now been bumped to version 2. Changes have been made to the issues object to better summerise issue activity


  • Added issues. Zercurity will now create issues for risks that need to be addressed. Issues can be marked as acknowledged to suppress them. Zercurity will use these issues to trigger future workflows to automate tasks.
  • Added the ability to create assets manually as a discovered asset. You can import asset inventories from external sources to marry up what assets Zercurity has discovered versus those enrolled. Assets can also now be tagged with barcodes.
  • Added windows patch management. Zercurity can now automatically work out what patches have not been applied to a system as well as the vulnerabilities the un-patched system are vulnerable too.
  • Added Osquery progress tracking. The UI will now show the number of assets a given query has been run against.
  • Updated assets view to show compliance, update and vulnerability issues.
  • Zercurity will now check the last time we received events for Osquery and Google Santa. Should we not receive telemetry for a month or more an issue will be raised.
  • Improvement all mac addresses are now presented as lowercase. Zercurity will now accept a range of mac address formats via the API e.g. (aa:bb:cc, aabbcc, aa-bb-cc).
  • Fixed an issue when running queries against teams, resulting in an error.
  • Fixed an issue for drop-downs with more than 50 items. Zercurity will now collapse menu items down into searchable lists.
  • Fixed some UI bugs that in certain cases the browser would go blank.


  • Added the ability to add assets to asset discovery
  • Added the ability to assign serial numbers in asset discovery
  • Added the ability to assign owners in asset discovery
  • Added the ability to change the type of an asset in asset discovery. Zercurity will try and guess the type based on the discovered MAC address
  • Added type filter for assets
  • Added “open in new tab” support to links
  • Updated the help menu to provide more support options if the chat window fails to load (usually due to browser plugins)
  • More performance improvements.
  • Fixed column sort for certificates
  • Migrated to new AWS lambda function version for package deployment and builds
  • Released zercurity-2.2.pkg. MacOSX Osquery now installs to the /usr/local/zercurity/. Deploying the new release to remove the existing Osquery daemon and move it to the new directory to avoid conflicts with other software using Osquery such as JumpCloud.
  • BETA - New issues view for assigned users


  • Added issues platform now in Alpha. Any problems that are detected are now managed as a ticket.
  • Added the ability to remove FIM rules.
  • Added the ability to view deployed FIM rules.
  • Lots of improvements to performance. We’ve spent a lot of time performance profiling the platform.
  • Improved Ubuntu CVE parser
  • Fixed encryption marking for disks in the UI. No longer just marking parent disks


  • Added G-suite integration is now publicly available
  • Added more Windows event parsing/handling to SIEM with improved event tagging
  • Updated Osquery to 3.4.0
  • Fixed Windows MSI now works for non-english installations
  • Fixed a bug where not all packages would be displayed on both the dashboard and packages page
  • Fixed an issue with the Hawk API not accepting API keys as they weren’t encoded.


  • Added API Key support using the Hawk authentication method. Please see our API docs for more information
  • Fixed a bug when creating new users that would cause the page to go blank


  • Added a new asset login section. This section details all the local and remote login sessions made against the asset. This view also includes the processes and commands run during the session.
  • Added better error handling around user signups
  • Added the ability to run distributed queries via teams
  • Added the ability to download invoices from the billing section
  • Added Geo-location to both assets, asset login history and asset location history even if no wifi survey is available.
  • Added the ability to now label discovered assets to help inform network connections
  • Improved page loading around assets and process exploration
  • Improved the billing page to express the minimum and maximum billing for assets
  • Fixed some issues around the processes explorer incorrectly identifying socket sessions
  • Fixed password complexity test when resetting a user’s password via password reset request


  • New user interface. Menus have been moved the left hand toolbar.
  • Added breadcrumbs to help navigate investigation workflows.
  • Added process explorer to see a processes execution tree, including the risk of each parent process. Useful for post-breach investigations.
  • Added socket tracking for processes. You can now see all the network connections made by a given processes. Network risk will be tracked in an upcoming release.
  • Process execution states are now tracked correctly based on whether binaries are known or unknown.
  • Assets, applications, packages etc. All now have individual risk categories; Overall risk, outdated, vulnerabilities and malicious risk.
  • Top level sections; assets, applications, packages etc. Are now sortable.
  • Fixed weekly report calculations for week-on-week percentile comparisons.
  • Fixed error handling on fields to correctly show the reported error message.
  • Fixed the MacOSX installer to work with MDM deployments such as JAMF.
  • Updated javascript libraries.


  • Added Debian (8/9), CentOS (6/7), Windows (7/10), MacOSX (10.14) CIS benchmarking including more than 5k new compliance tests.
  • Added a new compliance radar on the dashboard to quickly show you across your platforms where certain security configurations are falling down.
  • New compliance dashboard that shows your weekly progress and where you need to improve and how you compare against your peers.
  • Fixed some enrollment issues when re-installing over an existing installation to correctly clear and re-sync Santa rules.
  • Added a new application risk history tab to show how we’ve derived a risk score for a given application.
  • Optimised process fetching and hashing to reduce the load on the remote system.
  • Restrict the data being shown for assets to the last 90 days for non-subscription customers.
  • Added CVVSv3 scores to vulnerability data.
  • Weekly compliance report.
  • Daily summarisation of a companies cybersecurity posture. Including the ability to scrub backwards through time to review progress.
  • Added Issues tab to the Asset information page. To help better identify and address outstanding issues.
  • Added new vulnerabilities section.
  • Added network asset discovery and detection of device types based on their mac address.


  • Added new compliance dashboard for BETA availability.
  • File integrity monitoring (FIM) support is now available to everyone.
  • Fixed some spelling and grammar mistakes.
  • Updated javascript libraries.

Older release information has been pruned.