What’s New in Version 5.8¶

Release 5.8 adds support for Russian infrastructure solutions, expands Linux and macOS capabilities, improves SIEM integration, and introduces a number of significant performance improvements.

Key highlights:

Import substitution support – added compatibility with Postgres PRO 16 and integration with ALD Pro 3.0+
Linux agent improvements – added file scanner and MAX interception, stabilized messenger interception
macOS agent improvements – restored low-level keylogger, implemented control over the web version of Telegram
Improved file scanner performance — redesigned file scanner architecture for workload optimization
Increased performance and reliability — significantly faster Active Time by Department report, server monitoring stack updated
Enhanced SIEM data — all event policies are now sent via Syslog for greater investigation accuracy

A detailed overview is provided below.

Integration with ALD Pro Directory Service

Integration reduces the risks of migrating from Microsoft AD to the Russian directory system based on Astra Linux and provides all the benefits of working with directories in Staffcop Enterprise. Compatible with ALD Pro 3.0 and higher.

Features:

ALD Pro and Active Directory integration for smooth migration or hybrid use
One-time or regular directory synchronization
Data transfer to Staffcop user profiles
Agent installation and configuration assignment using AD groups
Security policy and report configurations for different users
Web interface login using corporate accounts

Postgres Pro 16 Support

Postgres Pro is a commercial version of PostgreSQL with official support and additional update control that is compliant with Russian regulations. It is implemented by organizations where open-source solutions cannot be used.

Suitable for organizations with large data volumes that value professional vendor support.

Installs a system on Postgres Pro 16 from scratch
Migrates existing databases
Stores events, settings, and analytics
Comprehensive technical support from the DBMS developer
Compliance with Russian regulations

MAX Messenger Control

MAX Messenger is used for work correspondence and authentication on various services.

The new version offers expanded control capabilities, depending on the platform.

Windows agent — interception of outgoing files in the web version
Linux — control of incoming and outgoing messages

Telegram Web Version Control for macOS

The macOS agent can now control incoming and outgoing messages of the web version of Telegram.

Other macOS Agent Features

File Scanner for Linux Agent

The file scanner is now available for Linux agents. It allows you to scan and analyze file storage on workstations to identify sensitive information and control data storage. The scanner is licensed separately.

File indexing without format restrictions
Automatic file scanning
File tagging for quick search and blocking access
Optimized server load for stable operation even during large-scale scans

File Scanner

Working with File Scanner (New Version)

Low-level Keylogger on macOS

The low-level keylogger for the macOS agent has been restored and optimized. It intercepts text input and actual keystrokes. An option to exclude interception has been added to the monitoring rules. Selective interception prevents the logger from capturing junk traffic or prohibited data, such as personal passwords and data.

Low-level keystroke monitoring
Password interception in system services to detect weak passwords and analyze attempts to hide data entry
Interception of function keys
Configure exceptions for individual applications and services
Redundant data volume reduction

Interception is enabled in the configuration. Data collected by the keylogger is saved in the Keyboard Input event along with regular keyboard input.

How to enable the keylogger

Data Expansion for SIEM Systems

A single event in Staffcop Enterprise can trigger multiple policies. Previously, only the event itself and one triggered policy were transmitted to the SIEM via Syslog. Now all policies triggered by an event are transmitted. This solution allows SIEM systems to more accurately assess the severity and danger of an event.

More data for correlation
Improved investigation quality
Reduced false positives
Improved SIEM integration

Integration with SIEM systems via the Syslog connector

Grafana Metrics System Update

The set of technical server monitoring metrics has been expanded, and the mechanism for transmitting them to Grafana has been updated. Data obtained from metrics allows you to identify and prevent problems at an early stage.

Preconfigured and visualized metrics reduce administrator workload and lower the risk of system downtime.

Migration from InfluxDB and Telegraf to Prometheus + Grafana + Node Exporter stack
Advanced server health monitoring
Simplified monitoring setup
Accelerated performance issue detection
Stability for organizations with large amounts of data

Migrating to a new server monitoring stack

Intercepting VPN Network Traffic

Added traffic monitoring when using browser-based VPN services with HTTP tunneling. Relevant for organizations that use VPNs for work.

Website visit monitoring
Cloud service monitoring
Messenger monitoring
Reduces the risk of network monitoring being bypassed

VPN interception is enabled in the Internet configuration module

File Scanner Architecture Changes

A number of technical solutions have been implemented that optimize the agent and network load and distribute this load over time. Scanning is now performed without sudden network overloads.

Redesigned agent-spooler interaction mechanism
Added scan speed control
Reduced network and server load
Further scaling preparation

The file scanner requires:

Linux agent version 0.19 or higher
Windows agent version 2611 or higher

Now, when selecting workstations for scanning, all agents are displayed, not just those with the appropriate version.

File Scanner Requirements

Preliminary calculations of file scanner system requirements have been performed based on load tests.

The recommended requirements are based on data acquisition speed. Actual scanning will require fewer resources. The calculation requires adjustment depending on the number of workstations, data volume, and configured scanning speed.

File Scanner Requirements

Active Time by Department Report Optimization

The download speed of the Active Time by Department report has been increased in large infrastructures.

The Active Time by Department report allows you to analyze workload and efficiency at the department level, identifying imbalances and management issues. This is most effective when compiled over long periods, but previously, this resulted in slow download times for large organizations. Recent optimizations have significantly reduced report preparation and delivery time, lowering the administrator’s workload.

Reduced PDF, HTML, and Excel download times
Reduced server load when generating reports

About Time Tracking Reports

Change in Request for Interaction with the Recognition Server

The secret GET parameter, which was used for interaction between the recognition server and SCE, has been removed from the integration API.

Improved component interaction security
Updated recognition transmission

Important

This change affects system component interaction. If you are using a separate recognition server, please update to the latest version. Otherwise, recognition transmission will be disrupted.

Improvement of Linux Agent Interception of Messengers and Cloud Storage

Interception of messengers and cloud storage in Linux is implemented using a universal library. However, optimization and reorganization of the library itself, as well as the dependence of some interceptions on agent tools, led to instability.

Version 5.8 stabilizes interception of:

WhatsApp
Bitrix
Local VK Teams and VK Mail
WebDAV

Last Updated: 09.06.26