Release Date: 2022-11-22

Version: 8.9.1.1.el7


Service Outages

To ensure the continuous improvement of the services we are providing, there will be an number of service outages taking place over the next few weeks. This will only impact very specific areas of OUTSCAN, and disruption will be kept to a minimum.

29th November 2022 07:00-11:00 CET
Both HIAB registration and Agent registration will be impacted while we migrate the necessary PKI infrastructure. The majority of the outage will be caused by DNS propagation delays.

1st December 2022 07:00-12:00 CET
Agent servers will be undergoing a database migration. During the outage it will not be possible for any Agent services to be used, such as Agent Discovery, Agent scans, nor the registration of newly installed Agents. Agents will resume normal communication once the service has been restored.


New Features

HIAB

  •  Significantly improved the way HIAB's can send error reports. Where previously an email would be sent from the HIAB to Outpost24 if there was a significant error, this caused a lot of problems with mails being sent from a non-mail gateway. To improve this, and also significantly update the way these events are now handled, we have switched to a more standardized method of error reporting where error reports are sent to the following location:

    HostnamePort
    hiabingest.outpost24.com443

    To Enable/Disable the error reporting;

    1. Log in to your HIAB and navigate to Main Menu > Settings > Server.

    2. Select the Servers tab and find the section for Error Reporting.

    3. Enabling or Disabling this will have the relevant effect on error reporting back to Outpost24.

      Only information regarding any significant device error is sent, no customer data is transmitted off of the appliance.

Portal

  •  Ability to save and manage view templates for schedule reporting and on the fly reporting

Detection

  • Improved detection of bad CSPs
  • Added unauthenticated detection of CVE-2018-13379
  • Added unauthenticated detection of Oracle Unified Directory
  • Added detection of Buffalo LinkStation and TeraStation devices
  • Added detection of Apple AirPort devices over SNMP
  • Added detection of Splunk Enterprise and Splunk Light

Bug Fixes and Minor Improvements

Netsec

  • Improved reliability on agents - new version 1.24.3
  • Resolved rare issue related to detection of one specific Windows patch
  • Resolved false positive related to Mambo CMS
  • Resolved false positive related to jQuery
  • XMLAPI - Deprecated assetIdentifierIds & assetIdentifierTypes on asset
  • Improved monitoring on HIABs
  • Fixed batch on accepting large amount of risks
  • Outscan RC - Fixed Last Scan status in scan scheduling not showing correct status
  • Improved checks for when agents should download new instructions
  • HIAB - Fixed offline updates
  • Fixed scan triggered from Manage Targets not including global ignore list
  • Fixed performance on Report Generation for NetSec compliance scanning
  • Fixed date+time attributes described as int64 instead of date-time in openapi.json
  • Fixed solutions with double quotes not showing in reporting tools
  • Added PATCHINFORMATION when extracting finding through REST API
  • Fixed emails not including reports
  • Disabled default APM for java services
  • Improved Agent upload of results
  • Fixed Splunk integration causing database overload
  • Fixed issue with HIAB not updating
  • Fixed Scheduling Report (tools): Exporting to external DB missing fields
  • Corrected overflow and z-depth of findings assets section
  • Fixed PCI schedule not cleared when all schedules are removed
  • HIAB - Fixed XML report not showing Solution Patches when exported
  • Fixed SMB scan misconfiguration
  • HIAB - Fixed issue on disk space
  • Fixed over logging issue with scan logging messages

Appsec

  • Resolved issue related to the strict-dynamic CSP source list keyword
  • Fixed request verification enabled if user select SWAT and SCALE findings
  • Corrected logic for displaying deleted comments
  • REST API remediated potential SyncFinding timestamp "blind spot"
  • Fixed SWAT api spec with Summary endpoints [swagger.json]
  • Improved SWAT UI performance (internal)
  • SWAT - Fixed comments automatically "pulled" from Portal UI to SWAT UI (internal)

Unified View

  • Improved ETL jobs resilience

End of Life Announcement

SWAT Classic UI

We are announcing the End of Life of the SWAT Classic UI. Due to feedback from customers we have extended the end of Support date for the SWAT Classic UI to 31st December 2022. We do not envision extending support further.

  • Official End of Life date: 31st March 2022
  • Official End of Support date: 31st December 2022

End of Life Announcement

Likelihood Score and Likelihood Delta

We are announcing the End of Life of the Likelihood Scoring. This will be replaced with the new Farsight score. More details can be found here: Farsight Update Information.

  • Official End of Life date: October 2022
  • Official End of Support date: January 2023




Copyright

© 2022 Outpost24® All rights reserved. This document may only be redistributed unedited and unaltered. This document may be cited and referenced only if clearly crediting Outpost24® and this document as the source. Any other reproduction and redistribution in print or electronically is strictly prohibited without explicit permission.

Trademark

Outpost24® and OUTSCAN™ are trademarks of Outpost24® and its affiliated companies. All other brand names, product names or trademarks belong to their respective owners.