Copyright

© 2021 Outpost24® All rights reserved. This document may only be redistributed unedited and unaltered. This document may be cited and referenced only if clearly crediting Outpost24® and this document as the source. Any other reproduction and redistribution in print or electronically is strictly prohibited without explicit permission.

Trademark

Outpost24® and OUTSCAN™ are trademarks of Outpost24® in Sweden and other countries.



Important Notice

The September release is split into two distinct parts and is released over a 7 day period starting on the 1st October 2019.  Please read this section carefully for information regarding Part 1 of the release.

Part 1: Interim HIAB Update

Release Date: 2019-10-01


Part 1 is an interim update that affects only those customers who are using HIABs in order to bring all field deployed HIABs upto the same build level.   As such this release updates HIABs to ensure they are running the same code version AND have the same file structure.   This is designed to make future updates affecting HIABs as easy as possible and to minimize the impact to your install.

For customers running Offline / Air-gaped HIAB deployments we recommend you update the Scheduler first, then disable automatic updates on the scheduler to ensure that the connected HIABs are all updated before any further updates are received by the Scheduler.  

Enrollment of New HIABs

As part of this interim update release we are taking the unusual step of disabling the enrollment of new HIABs.  This will remain in place until the content release is made available on the 8th October 2019.

If you have any questions concerning this HIAB update, please contact customer support.

Part 2: Content Update 

Release Date: 2019-10-08

New Features

Appsec

  • The Scan default configuration name is now appending the path based on the entered seed URL
  • The custom tag filter field is now correctly placed in the filter list
  • Added support for more custom tags. Custom tags are now supported across assets, configurations and findings. Users may add a single key or a key and value.
  • BETA: Added a new Appsec Dashboard view.  This provides users with a single view of all issues, applications and associations currently being managed under their application security program. NOTE this will not be enabled by default as we consider this a BETA function. If you wish to have this enabled please contact support.
  • When viewing findings you will now be presented with a Top 3 fix list.
  • Submit for scoping (For SWAT, Snapshot and Assure requests) has now been moved to the Assets tab rather than the configuration tab.
  • Improved the default configuration name to include any subdomain information to better identify multiple configurations for the same APP.
  • Added the ability to mark findings as fixed or unfixed in the Appsec UI for SWAT.
  • Added a clear visual indicator (In red) if a finding has been set to fixed but the last seen date is greater than the fixed date.
  • It is now possible to create a configuration from an asset in the Assets tab by selecting the Asset and using the create configuration ICON at the bottom of the UI. 

NetSec

  • Added link in the Release Notes section of OUTSCAN and HIAB, referring to the knowledge base article specific to that release.

Vulnerability Detection

Netsec

  • Added detection for Powershell Core.
  • Added detection for Atlassian Crowd.
  • Improved Visual Studio detection.
  • Improved BlueKeep detection script.
  • Improved detection for MS Exchange versions.
  • Removed a duplicate script for CVE-2019-1113.
  • Improved CVSSv3 score calculations.
  • Fixed an issue causing the Fallback kernel finding to be incorrectly reported at low instead of informational.
  • Resolved issues with Office detection.
  • Resolved issues where an incorrect flash version was being detected in rare cases.
  • Resolved an issue where a command could be left running after an authenticated SSH scan.
  • Added detection for the Zoom client on Linux, Windows and MacOS.
  • Added detection for IOS XE.
  • Added detection for Docker desktop.
  • Added detection for GoToMeeting Client.
  • Added detection for Symantec Management Agent.

Appsec

  • Improved Apache Tomcat detection.
  • Improved detection for directory listings.
  • Improved detection for directory traversal.
  • Improved detection for Local File Inclusions.
  • Added detection for dockerfile exposure.
  • Added detection for Express.js stack traces.
  • Added detection for numerous web shells.

Compliance - Policies

  • Added hardening benchmark for Debian 8 v2.0.0
  • Added hardening benchmark for Apache 2.4 v1.5.0
  • Added CIS Benchmark for Amazon Linux 2 v1.0.0
  • Added CIS Benchmark for ISC BIND DNS Server 9.9 v3.0.1
  • Added CIS Benchmark for Microsoft Windows Server 2008 v3.1.0
  • Added CIS Benchmark for Microsoft Windonws Server 2012 v2.3.0
  • Added CIS Benchmark for Ubuntu Linux 14.04 LTS v2.1.0
  • Resolved bugs in Hardening Benchmark for Oracle Linux 7 v2.1.0
  • Resolved bugs in Hardening Benchmark for Microsoft Windows 1709 v1.4.0
  • Resolved bugs in Hardening Benchmark for CentOS 6 v2.1.0
  • Resolved bugs in Hardening Benchmark for Microsoft Windows Server 2012 v2.1.0


BETA:Scout

With this release, we are pleased to launch Scout, designed to provide organizations with a way to discover both known and unknown applications visible on the internet.
We are focusing on a limited invitation only beta test. Contact Support for further information.

To prepare for the launch of Scout, all users see an Appsec menu option, unless a customer has either had Scout enabled on their account OR has valid Appsec licenses. User accounts that cannot access any of the Appsec functionality, please contact the respective account managers for licenses, or Outpost24 Support to request access to the Scout beta.

Bug Fixes and Minor Improvements

Netsec

  • Increased the timeout for backups.
  • Fixed an issue with terms and conditions appearing every time a HIAB appliance is rebooted.
  • Fixed an issue where dynamic groups could not be created on a data range.
  • Fixed an issue where audit log entries for exporting reports were incorrectly formatted.
  • Fixed an issue which could impact the download of XML reports from HIAB appliances.
  • Fixed an issue where white-lists defaulted to IPv6 causing IPv4 white-lists to fail.
  • Fixed an issue preventing some exception emails being sent.
  • Fixed an issue where due to a licensing combination a you have too many targets defined' error message would appear.
  • Fixed an issue causing emails sent by the HIAB to use an incorrect From address.
  • Fixed an issue that caused reports to be reported in bytes, not MB, GB etc.
  • Fixed a bug preventing reference lists being fully populated when exporting to Excel.
  • Fixed a bug causing email signatures to be incorrectly formatted.
  • Fixed a bug in Search compliance policy that was causing the description, not the question to appear in the text input field.
  • Improved the way blacklisted targets are displayed during a discovery when 'one or more targets were found in the blacklist' occurs.
  • Fixed a bug preventing XLS or CSV reports being attached to scan schedule done email event.
  • Fixed an issue preventing reports being sent under very specific conditions through report schedules.
  • Fixed an issue causing findings to be incorrectly sorted when exporting a report based on a CVSS sort.
  • Fixed an issue where old report schedules, filtering on Scanner name, were causing report exceptions.
  • Fixed a number of instances where target filters were not considered when exporting reports.
  • Fixed an issue where filtering on CVSSv3 was not reflected correctly throughout an exported report.
  • Fixed an issue where XLS reports where incorrectly being exported with a .XLS.XLS extension.
  • Fixed an issue where running a normal + webapp scan with a specific port setup causes the scanner to ignore the port filtering and scan on all available ports.
  • Fixed an issue causing new user creation to fail when using some top level domain entries.
  • Made a number of quality of Life improvements for HIAB and offline HIAB deployments.

Appsec

  • BETA: Fixed an issue with Selenium scripts that caused Scale to incorrectly crawl an application.
  • Fixed an issue where an incorrect extension was used when downloaded a report as a 'Compressed as ZIP'.
  • Fixed an issue where finding ID was not being included in exported SWAT reports.
  • Fixed an issue preventing filtering on the OWASP findings column in some instances.
  • Fixed an issue where hostname was not presented for End of Life findings in the Appsec report.
  • Fixed an issue preventing filtering to correctly work on tags.
  • Fixed a bug causing stopping scans to take longer than expected.
  • Fixed an issue causing CVSSv2 findings with a score of 4.0 being omitted from filtered views.
  • Fixed an issue where sorting on scans does not work as expected.
  • Improved presentation of scan detail messages to a uniform appearance.
  • Removed filters in the UI for fields if filtering is not applicable.
  • Fixed an issue in SWAT recreation flows where additional blank lines were being inserted into the UI.
  • Fixed an issue where in some instances it was possible to add the same tag multiple times to a finding.
  • Fixed an issue preventing the removal of sorting to be properly applied in the UI.
  • Fixed an issue that caused errors when changing the report type in Appsec.
  • Changed APPSEC to SCALE in the source column in the Assets tab.
  • Changed TEMPLATE to SOURCE in scans tab.
  • Made minor improvements to the Scoping requests in Appsec for Snapshot, SWAT and Assure.
  • Made minor improvements to the Associations view of the Assets tab.
  • Improved the way fixed findings are presented in the findings tab. If a finding has been marked as FIXED it will now show as grayed out in the UI.
  • Made improvements to the way columns are sorted based on local language preferences.
  • Added "Fixed" column and filter to SWAT findings in the Appsec UI.

REST API

  • General improvements made to the REST API and its presentation of information to the user.
  • fixed an issue where some ENUMS where not using uppercase.
  • Expose "fixed" in /webfindings in the REST API.
  • Add /mark-fixed and /unmark-fixed to findings

End of Life Announcement

Appsec SWAT UI EOL

We have delayed the deprecation of the SWAT Classic UI for a further three (3) months.  We now anticipate this to be removed during the January 2020 release.