Copyright

© 2021 Outpost24® All rights reserved. This document may only be redistributed unedited and unaltered. This document may be cited and referenced only if clearly crediting Outpost24® and this document as the source. Any other reproduction and redistribution in print or electronically is strictly prohibited without explicit permission.

Trademark

Outpost24® and OUTSCAN™ are trademarks of Outpost24® in Sweden and other countries.


Release Date: 2020-07-21

Version: G4.18-8.0


Announcements

Future Changes to How We Report Some Netsec Findings

As we continually improve our scan engine and the ways we report findings, we also collaborate with customers who provide valuable feedback on how we report certain findings to ensure that we can provide the best possible information, tied to the highest accuracy we can achieve. We also want to ensure we remove all possible confusion from findings and how we find them.

Based on feedback from a large number of customers, we are working towards refactoring the way we report the port number for what we term Implied Vulnerabilities where we may not be able to authenticated with the Operating System, but we can use other information gathered to make accurate assumptions.

For example, we enumerated the version of Windows based on another service (HTTP, SNMP etc.) we would, by default, report the finding as TCP 445, because that is how you would find it on Windows, or TCP 22 for Linux. The problem has been that this port may not be available, and so we had the potential to cause some confusion if we reported findings on TCP 445, but that port was not seen in the port scan phase.

To overcome this confusion, we are changing this from reporting the assumed port number to instead read Generic.

We are working towards ensuring that this change has as little impact on your current workflows as possible, and how we can ensure the continuation of Accepted Risks and False Positives across this change. Further updates will be provided during the completion of this change. 

Update to the Database Integration Library

We have upgraded the libraries used for integrating with MySQL when used within the Event Notifications. We now support MySQL versions 5.6, 5.7, and 8.0.

If you are using the integration into MySQL, please ensure that you are using one of the supported versions.

New Features

Portal

  • Added support for tags on images in Docker scans.
  • Improved CWE classifications and relationships to OWASP, WASC, CAPEC and Sans-25.
  • (BETA)Added the ability to create new dashboards.  To gain access to the dashboard please speak to your sales representative or raise a support ticket in the first instance to gain access.
  • (BETA)Added the ability to add new dashboard cards such as fixed findings, findings by CVSS, findings by source etc.  More 'cards' will be added in the future
  • (BETA)Added the ability to filter on static findings in the dashboard


Netsec

  • Added a new warning message for verify scans with regard to accuracy.

Agents

  • Added support for Debian.
  • Added support for Fedora.

Bug Fixes and Minor Improvements

Portal

  • Fixed an issue with docker scans not completing and not reporting as failed.
  • Fixed an issue with Exported SWAT reports that caused the 'Script-ID' to be incorrectly displayed in the report.
  • Fixed an issue with Cloudsec that prevented the ability to delete a Cloudsec configuration if the associated credentials were removed before hand.

Netsec

  • Added detection for Guacamole client.

  • Docker scans will not have potential False Positives filtered out.

  • Fixed an issue where Consumption stats were not updating for MSSP's.

  • Fixed an issue with Splunk integration sending XML not JSON.

  • Fixed an issue preventing the vulnerability database rules date from being displayed in reports.
  • Fixed a bug with reporting where filtering on targets by scanner column could cause an error.
  • Fixed a bug that prevented report templates being saved when using certain custom attributes.
  • Fixed an issue that caused the managed targets view and reporting tool to show different results when filtering with "Quotation marks".
  • Fixed an issue with target management that caused incorrect, or no, results being shown when filtering on an IP address where a previous report existed.
  • Fixed a  bug that prevented the CVSS V3 Severity Column from being included in the excel detailed report.
  • Fixed a bug that caused all findings to be set to "information" risk level when exporting findings with CVSS score 0.0 and risk level Low/Medium/High and then importing the report.
  • Fixed an issue that prevented discovery findings from being displayed if a filter existed in the target grid.
  • Fixed a rare issue that could case a HIAB to be unable to scan due to state.
  • Improved detection for the Citrix NetScaler: Arbitrary Code Execution Vulnerability.

Agents

  • Added --version flag to agents to get the version.

  • Improved findings to more closely match those from an authenticated scan.

  • Agents now have the ability to renew their certificates if necessary.

  • Set the minimum call home frequency to 60 minutes.

  • Implemented signing of .msi install.

  • Updated the Test Tracking finding to indicate an Agent or Docker scan.

  • Fixed an issue where Agents would only call home when first enrolled.

  • Fixed an issue where Agents may cause regular Windows Event Log messages.

  • Fixed an issue where four empty SMB related findings were shown on every scan.

API

  • Fixed a bug that would cause a logout from Outscan when API calls have a session timeout defined.

MSSP OUTSCAN Platform

  • Fixed a bug preventing consumption statistics from being updated correctly.

End of Life Announcement

Elastic Workload Protector (EWP)

  • Official End of Life date: 31st September 2020.
  • Official End of Support date: 31st December 2020.