Copyright

© 2021 Outpost24® All rights reserved. This document may only be redistributed unedited and unaltered. This document may be cited and referenced only if clearly crediting Outpost24® and this document as the source. Any other reproduction and redistribution in print or electronically is strictly prohibited without explicit permission.

Trademark

Outpost24® and OUTSCAN™ are trademarks of Outpost24® in Sweden and other countries.


Release Date: 2020-12-08

Version: G.4.22-11.0


Advanced Notice on SWAT

In the coming months, we are migrating the currently separate SWAT functionality of the Portal fully into the portal. Once this change is complete customers will be able to benefit from the capabilities and functionality of the portal - such as role based access control and being able to clearly identify which applications are using what type of license (SWAT, Snapshot, Assure). When we are ready to announce the release, we will provide a comprehensive overview of the functionality. If you want to be kept informed and provided with more details ahead of the release, contact Support or your Account Manager. 

Advanced Notice on Reporting findings (expected January 2021)

As we continually improve our scan engine and the ways we report findings, we also collaborate with customers who provide valuable feedback on how we report certain findings to ensure that we can provide the best possible information, tied to the highest accuracy we can achieve. We also want to ensure we remove all possible confusion from findings and how we find them.

Based on feedback from a large number of customers, we are breaking out the Gathered Information for some findings when scanning with multiple Virtual Hosts.

In scans running with the Normal or Normal with Webapp policy (or derived from these):

Netsec Findings

Previously
Report one finding per port with all vhosts listed in the vhosts column.

Now
One findings for each vhost and port combination.

Webapp Findings

Previously
One finding per vhost and all ports (Port listed as Generic).

Now
One findings for each vhost and port combination.

This may therefore result in an increase in findings during a scan as we are reporting separately for each individual vhost. If an affected finding has previously been marked as an 'Accepted Risk', there will instead be separate findings for each of the included vhost and port combinations, allowing much greater granularity in risk evaluation and remediation.

New Features

Netsec

  • Added graph for likelihood ranges in the Portal Dashboard
  • Added filter on business criticality of targets

Cloudsec

Cloudsec Inspect container inspection (beta) now support Azure Container Registries and Google Container Registries.

Bug Fixes and Minor Improvements

Appsec

  • Improved the ability to detect 3rd party components and associated vulnerabilities in the SWAT automated scan engine. This will potentially cause a SWAT customer to see an increase in findings based on this improved detection methodology. As always with the SWAT service, findings will only be released to the Portal once they have been assessed for false positives.

  • Fixed host maps in portal  when moving between configurations.
  • Improved side authentication and improved timeout management.
  • Fixed timeout and exception in Scale scans.
  • Improved scale performance when starting scan.

Netsec

  • Increased backup timeout and it is now configurable.
  • Improved security of communications between HIABs and OUTSCAN.
  • Fixed scans getting stuck in 2 conditions.
  • Fixed bug when revoking HIAB.
  • Fixed AD discovery which did not check for case insensitive duplicates.
  • Fixed scanner updates when proxy is configured.
  • Fixed conflict on username creation.
  • Fixed schedules showing as never ending with no remaining occurrences.
  • Fixed preview of credentials for Object Storage.
  • Fixed Content attribute missing from API specification.
  • Fixed scan schedule conflict when already running and scheduled to start.
  • Fixed agent silently hangs when trying to log if no recipients are present.
  • Fixed renewals of certificates.
  • Fixed multiple requests when configuring integrations.
  • Fixed exceptions in send compliance and 2 internal ones.
  • Fixed internal errors on scans.
  • Improved performance of scan scheduler, SLS, removing stopped scans and several queries.
  • Added OR filter on arrays columns.
  • Added support for BPF in Discovery Scans.

Cloudsec

  • Fixed attribute in consumption stats.
  • Improved error message when failing to access docker registries.

End of Life Announcement

Elastic Workload Protector (EWP)

  • Official End of Life date: 30th September 2020.
  • Official End of Support date: 31st December 2020.

HIAB Network Monitor

  • Official End of Life date: 31st October 2020.
  • Official End of Support date: 31st January 2021.