Copyright

© 2021 Outpost24® All rights reserved. This document may only be redistributed unedited and unaltered. This document may be cited and referenced only if clearly crediting Outpost24® and this document as the source. Any other reproduction and redistribution in print or electronically is strictly prohibited without explicit permission.

Trademark

Outpost24® and OUTSCAN™ are trademarks of Outpost24® in Sweden and other countries.




Release Date: 2020-02-25

Version: G4.13.0.1


This is a major release corresponding to our Winter release. In a glance we have five major announcements:

  • Risk Based Vulnerability Management (Farsight)
  • Netsec Agents on Limited Beta for Windows 10 with OUTSCAN
  • Netsec Thycotic Integration
  • Role Based Access Control (RBAC) in Scale
  • Cloudsec Inspect with Azure support and CIS Azure v1.1.0

New Features

Netsec

  • Risk Based Vulnerability Management with Outpost24 Farsight
  • Netsec Agents on Limited beta for Windows 10 with OUTSCAN
  • Added integration with Thycotic Secret Server for Authenticated Scanning
  • Added detection for Intel Graphics Driver on Windows (CVE-2019-14615)
  • Added detection for various D-Link routers vulnerable to CVE-2019-16920
  • Added detection for MikroTik RouterOS over FTP and SNMP Banner
  • Added support for Popup Maker plugin for WordPress (CVE-2019-17574)
  • Add detection for TeamViewer CVE-2019-18988


Outpost24 Farsight

With this release we are pleased to announce the launch of Outpost24 Farsight, a next generation vulnerability risk management solution. Powered by Cyr3con and using advanced machine learning models that predict the likelihood of a vulnerability being weaponized and exploited in the next 12 months through an intuitive and easy to understand risk rating.

Farsight provides customers with the ability to focus on vulnerabilities that are likely to be exploited in the wild, rather than rely on CVSS or exploit available metrics.

This release marks our entry into the field of VPT and will evolve over the coming months. For more information and to see Farsight in action please contact your Outpost24 Sales representative.

Compliance

  • Improved PCI Report and changed how to report Special Notes
  • Improved PCI Report to ensure Full scope is included when reporting the scan scope, added virtual hosts to scope
  • Improved PCI Report changed column headers

Appsec

  • Role Based Access Control (RBAC) support for Scale
  • Selenium support moved from Beta to GA

Role Based Access Control (RBAC) Support for Scale

With this release we are pleased to announce that Scale now fully supports Role Based Access Control (RBAC). Using a mix of predefined or custom roles, and resource groups created by using the ability to tag assets, configurations and test credentials, customers are now able to restrict user accounts to only those resources and functions those individuals are permitted to access.  For more information, refer to How to guides in Knowledge Base.

Selenium Support Moved From Beta to GA

With this release we are pleased to announce that we are moving our Selenium support from Beta to GA and as such all customers will have Selenium enabled on their accounts. Selenium is now presented as a new authentication option in the Configurations tab. For more information, refer to How to guides in Knowledge Base.

Cloudsec

  • Upgraded to CIS Azure V1.1.0 Benchmark
  • Added timeout/deadline to Cloudsec scans
  • Added access control to Cloudsec configurations per user
  • Cloudsec Inspect now with Azure support and CIS Azure v1.1.0

MSSP

  • Added Consumption model and stats for each customer
  • Added Customer Success role and MSSP Manager role

Fixes and Minor Improvements

Netsec

  • Agents (Beta) ready
  • Added Java Debug output in HIAB console
  • Improved HIAB enrollments 
  • Improved Joomla detection
  • Removed false positive - 1345934
  • Resolved bug related to SMTP Relay Detection
  • Improved jQuery detection and resolved false positives
  • Optimized Cacti/Cacti pattern
  • Added bugfixes for Apache Tomcat
  • Fixed scans failing due to portscan range being empty
  • Improved SSL certificate handling
  • Fixed Microsoft Windows false positive detection
  • Improved CVE-1999-0512 detection
  • Resolved bug related to verification scan showing CVE as not present
  • Fixed change MAC address in admin interface
  • Fixed HIAB tickets issue not being raised in Jira
  • Fixed Japanese translations in finding details

Appsec

  • Automatic synchronization of scan details

Cloudsec

  • Fixed CIS Azure 1.3 check and 5.1.1 check

REST API

GET/POST/PATCH/DELETE /comments endpoints have been officially deprecated as of today (2020-02-25). Use GET/POST/PATCH/DELETE /findings/{id}/comments to manage comments associated with findings. 

End of Life Announcement

Currently, there are no EOL announcements.