Release notes: 2019-02-26

Version: G4.3-1.0


Copyright

© 2021 Outpost24® All rights reserved. This document may only be redistributed unedited and unaltered. This document may be cited and referenced only if clearly crediting Outpost24® and this document as the source. Any other reproduction and redistribution in print or electronically is strictly prohibited without explicit permission.

Trademark

Outpost24® and OUTSCAN™ are trademarks of Outpost24® in Sweden and other countries.



Important Notice

As our business grows, and with more customers joining us, it has been necessary to grow our infrastructure accordingly to ensure we can continue to offer an ever-improving level of service to our customers.

To meet these needs, it has been necessary to extend the IP range from which scanning may originate.

The additional IPv4 range from which scans may originate is:

80.254.228.0/22

This is in # addition to our existing network range of:

# IPv4: 91.216.32.0/24

# IPv6: 2001:67c:1084::/48

These IP ranges are exclusive to Outpost24, and any IPS whitelisting for PCI ASV scans should include these new ranges.

This information will also be available in the 'Support > Guides > Outpost24 network scanning range' area of Outscan.


Netsec Performance Improvements

After February release, as part of the ongoing performance improvements to Netsec (Outscan/Hiab) we will be removing information about which scanner was used from the findings in the report tool by default. Customers who wish to continue to see this information should re-enable the column in the targets panel.

End of Life Announcements

Elastic Detector (ED)

Elastic Detector assessment features will be merged into Outscan and HIAB products. We are now formally announcing both the end of life and end of support dates for Elastic Detector.

- Official End of Life date: 31th December 2018
- Official End of Support date: 30th June 2019

We recommend all remaining Elastic Detector customers to contact their account managers to discuss upgrading to Outscan and HIAB as soon as possible and no longer than the formal end of life date.

Legacy Syslog Implementation

The current syslog implementation is undergoing a number of changes to correctly follow the necessary RFC's (RFC5424 & RFC3164). We are formally announcing the end of life of the current syslog implementation. The current implementation will still be active until this time.

- Official End of Life date: 25th September 2018
- Official End of Support date: 26th February 2019

Appsec Scale UI & Swat UI

The Scale Classic UI has now been removed from the Outscan Portal. The SWAT Classic UI will continue to be available for an additional three months before it will be deprecated. Currently we expect this to happen in April 2019.

New Features

Appsec

- In preparation for allowing customers to request Snapshot and SWAT engagements directly from the Appsec UI, a new user permission has been added called Submit scoping requests. Only user accounts with this permission allocated to them will be able to submit requests for Snapshot and SWAT engagements.

Netsec

- The Netsec reporting tools have undergone a few performance improvements of the database layer.
- With this release we have improved the SAML integration to allow customers to use Microsoft's ADFS to provide additional support for users logging into Outscan only. No additional functionality is supported at this time.

RESTful API

- In preparation for upcoming enhancements to Appsec, a number of new end points have been added to the RESTFul API. These will be discussed in more detail as we roll out the scoping and secure credential enhancements in Q2 2019.
- A number of additional changes, enhancements and end points have been added to the API. Detailed information on the new functionality can be found in the API Documentation located here: https://outscan.outpost24.com/opi/rest/openapi.json

EWP

- Public API improvement: Return more information on Servers/Instances such as "platform" field which describe the Amazon Web Services 'platform' field for an Instance or the VMware "Guest Operating system" for a VM.
- Roles improvement: Review "roles" to better fit with EWP configuration interface. For instance, a user with "Manager" is not more able to access the "Vulnerability scanning planification" without being granted "Audit" role.
- Improve AWS "Connector", allowing to "transparently" (no history loss, ...) switch from API Keys to AWS Role and usage of AWS ARN, thus getting rid of the pain of API Keys rotation.

Compliance

- Added compliance policy for Windows Server 2016
- Added compliance policy for Cisco IOS 15
- Added CIS-approved Windows 8.1 v2.3.0 policy

Vulnerability Detection

- Improvements have been made to the Oracle Linux detection.
- Fixed and issue where Apache Tomcat: Slowloris Denial of Service Vulnerability was displaying twice with slightly different information. This should now only appear once if discovered.
- Improved the release version check for SUSE
- Fixed several bugs and issues in the script and detection engines.
- Added detection for FTP Bounce Attack
- Added detection for Exchange NTLM Relaying Attack
- Added detection for Windows Subsystem for Linux instances
- Added detection for McAfee Agent
- Improved detection for Microsoft DNS Server
- Improved detection for HPE Integrated Lights-Out 5
- Improved detection for Microsoft Publisher and Excel patches
- Resolved bug where DNS detection would fail
- Resolved bug where disabled Guest account would still report as enabled
- Resolved bug where an incorrect Cisco NX-OS version would be fingerprinted
- Resolved bug where failed Windows Updates could show as installed
- Resolved bug where SMB Signing could report incorrectly

Web Application Scanning

- Added detection for unconfigured web servers
- Added detection for Oracle Enterprise Manager Express
- Improved detection for WebDAV
- Improved detection for jQuery

Bug Fixes and Minor Improvements

Outscan and HIAB

- Uploading a certificate now provides better feedback on the success or failure of action
- Proxy settings can be removed by adding a blank username / password and saving the configuration
- Performance improvements have been made to the Outscan and HIAB database
- Remove the disk usage check on the HIAB's Boot partition as this does not impact the day to day running of the HIAB
- Changed the OUTSCAN menu options to limit confusion and logically group items under their respective solution family (Netsec, Appsec and Cloudsec).
- Fixed an issue where AWS ignore targets were not being ignored despite them being present in the ignore list.
- When managing users, additional validation for email addresses has been added. All user accounts now require one email address to be added.
- Fixed an issue with HIAB enrolment that prevented HTTP & HTTPS proxy type options from being shown.
- Fixed an issue where in the reporting tool, setting Group by name & Sort by name to descending would cause a broken report.
- Fixed an issue that, in some instances, would cause the Appsec report to use the wrong report template.
- Fixed an issue on the HIAB that would prevent the ping tool working with IPv6 addresses.
- Improvements to SAML integration to allow ADFS support.
- Improved highlight visuals in the Scout UI
- Fixed an issue with column displays in the Scout UI when resizing the UI
- Fixed an issue where, in rare circumstances, when attempting to run a scan, Outscan would appear to be unavailable
- Fixed an issue where default products were not reported if multiple products were detected on the same port
- Fixed and issue that resulted in reports that were being downloaded to remain available to the API, which could under certain circumstances result in multiple reports being requested by API calls
- Continue to work on improvements to the Outscan architecture to allow for faster scanning and response times for customers.

Compliance

- Resolved bug in Amazon Linux 2 policy
- Resolved bugs in Windows Server 2012 R2 policy
- Resolved bugs in Kubernetes policy
- Resolved minor bugs in BIND policy

EWP

- Improve internal handling of Asset
- Fix issue where CloudProvider name was not properly updated when updating credentials name
- Fix issue where toggling Auto-Discovery On/Off was broken for AWS connector
- Fix issue raising internal exception while customizing some Workload Analytics