New Features and Enhancements that are available in Germain UX 2023.1 release.

COMPLIANCE

SOC 2 / Type 1 Audit

Customers: American Airlines, eBay, Ease, Online Stock Platform

Last month, we 1) successfully completed Soc2/Type1 Audit, attestation and details enclosed 2) started a 12-month Soc2/Type2.

MONITORING AND ANALYTICS FEATURES

[End within], [Overlap] or [Start Within] in Date/Time range

Customers: Ease

Description

Ability to display metrics for KPIs with a duration [end within] [overlap] or [start within] a datetime range


KPIs for Business, IT, Marketing, UX and Web Ops

Customers: All

Description

Preconfigured KPIs that are available in Germain UX:


Measures for [User Session Replay] KPI

Customers: General Electric, SPB Insurance

Description

A number of Measures have been added to the [User Session Replay] and [User Click] KPIs

New Measures at [User Session Replay] and [User Click] KPIs

  • Count of New Users vs Returning users

  • Top visited pages (volume per page)

  • Mobile vs Desktop users (volume, performance)

  • Top landing pages

  • Top exit pages

  • Top references

  • Top campaigns


Operational Dashboard’s Tab Visibility

Customers: A Large Online Trading Platform (we cannot disclose its name)

Description

Operational Dashboard’s TABs visibility is driven by the Team Type: Business or Technical.

  • Business Team sees [Business Process] and [Users] Tabs

  • Technical Team sees all the tabs: [Application], [App Components], [Databases], [Environments], [Hosts], [Services], [Business Process] and [Users] Tabs

Render Blocking Status of a HTTP Request

Customers: A Large Online Trading Platform (we cannot disclose its name)

Description

Render-blocking resources are static files, such as fonts, CSS, and JavaScript that block or delay the browser from rendering page content to the screen. Render-blocking Status is now available via a number of Germain KPIs like Outbound CSS Request.

More details about renderBlockingStatus: https://developer.mozilla.org/en-US/docs/Web/API/PerformanceResourceTiming/renderBlockingStatus

Example


SALESFORCE.COM - More KPIs

Customers: United Healthcare

Description

Added more KPIs, Portlets and Dashboards specific to monitoring and providing insights about Salesforce performance.

GERMAIN UX KPIs FOR SALESFORCE.COM MONITORING AND INSIGHTS

Salesforce Apex Class

Salesforce Apex Code Coverage

Salesforce Apex Custom Action

Salesforce Apex Trigger

Salesforce Api Event

Salesforce Browser Performance Count

Salesforce Bulk Api Result Event

Salesforce Classic Record Event

salesforce Code Debug Event

Salesforce Code Exception

salesforce Code Execution

Salesforce Concurrent Long-running Apex Error Event

Salesforce Credential Stuffing Event

Salesforce Cron Job

Salesforce External Service Custom Action

Salesforce Flow Coverage

Salesforce Flow Custom Action

Salesforce Flow Interview

Salesforce Health Check

Salesforce Instance Status

Salesforce Lightning List View Event

Salesforce Lightning Record Event

Salesforce Lightning User

Salesforce List View

Salesforce Log Generic Event

Salesforce Login As Event

Salesforce Login Event

Salesforce Logout Event

Salesforce Outbound HTTP Request

Salesforce Page Performance Count

Salesforce Platform Event Usage Metric

Salesforce Process Approval

Salesforce Process Rule

Salesforce Record Change Event

Salesforce Records Count

Salesforce Report Anomaly Event

Salesforce Report Execution Event

Salesforce Resource Usage

Salesforce Session Hijacking Event

Salesforce Setup Audit

Salesforce UI Switch

Salesforce User Click

Other Germain UX’s alert, insights and automation for Salesforce (Classic, Lightning, etc) and for Salesforce Experience Cloud.


MAINTENANCE FEATURES

Data Security Enforced at Team level

Customers: A Large Online Trading Platform (we cannot disclose its name)

Data is secured at the Team level and is customizable.

How it works:

  1. Each Team is assigned an accessId when it gets created.

  2. These should be visible on the Teams view (for example 'Business Team' might have accessId 't1', 'Development Team' may have accessId 't2').

  3. Any data can be annotated with an expression that determines which teams have access to it by setting the 'access' field.

    • For example, a UxSession with access 't1 || t2' would be visible to anyone who is a member of Business Team (t1) or Development Team (t2) and can view data.

    • If access is not set then anyone who can view data will see the fact.

  4. If a user tries to access an RCA for a fact they don't have access to, they should not see the data. Similarly, the Drill-through and any RAW exports should only show data that the user has access to.

Note: This only affects RAW data, filtered data are still shown in AGGREGATE data, for example the count on the Drill-through summary portlet shows the count including data the user doesn't have access to (we show a message on the Drill-through if any data is filtered due to access controls, as shown below.


OAuth - Custom Role Mapping

Customers: A Large Online Trading Platform (we cannot disclose its name)

Description

Germain now allows a custom function to be executed to extract Roles from an authenticated OAuth user, similar to how Germain supports LDAP.

A few differences with respect to Role Mapping in LDAP and OAuth. In LDAP only Groups and Roles are mapped. In OAuth, many possible entities that can be mapped to Roles and these are based on the OAuth provider and the scopes that are requested.

Before this enhancement, when a user logged in via OAuth, they had to have the AuthenticationConfig.mapRolesFromDBUser config setting set to true, and have a corresponding user in Germain DB (or have AuthenticationConfig.createMissingDBUser true to auto create a DB user) to get any roles since the default mapping from OAuth to GrantedAuthorities just takes the OAuth scopes.

Configuration

https://docs.germainux.com/main/okta-oauth-integration-with-germain


Security and Vulnerabilities Fixes

Customers: All customers are required to update Germain with the below patches

Description

As part of our SOC2 compliance program, here are the security breaches that have been found in 2023.1, and patches to address those in 2023.1 or older versions. We remain available to help you with these issues. If you have not already, you can create a ticket here: https://germainux.atlassian.net/servicedesk/customer/portal/1 or email us at support@germainux.com.

Vulnerability

Severity

Scope

Detected

Reviewed

Resolved

Affected versions

Fix implemented in

Link

[CVE-2022-3064]

HIGH

yauaa [7.9.0] -> [7.16.0]

3/18/2023

3/20/2023

3/20/2023

<= 2023.1

2023.1-14

https://nvd.nist.gov/vuln/detail/CVE-2022-3064

[CVE-2023-1370]

HIGH

json-smart [2.4.7] -> [2.4.10]

3/18/2023

3/20/2023

3/20/2023

<= 2023.1

2023.1-14

https://ossindex.sonatype.org/vulnerability/CVE-2023-1370?component-type=maven&component-name=net.minidev%2Fjson-smart&utm_source=dependency-check&utm_medium=integration&utm_content=7.4.4

 

HIGH

alpine [3.17.0] => [3.17.2]

3/18/2023

3/20/2023

3/20/2023

<= 2023.1

2022.3-61, 2022.4-51, 2022.5-48, 2023.1-14

 

Download