Release Notes April 2023
Release Date: 2023-04-25
Version: 8.15.1.1.el7
Upcoming update for Netsec Users
It has likely not escaped anyone's notice that things have been a little quiet on the Netsec side. But we have been working exceptionally hard behind the scenes to introduce the Netsec capabilities into the Portal, the UI currently used for our Appsec products.
Over the coming months more capabilities will be added and we are beginning the onboarding process for customers to move over to the Portal UI. The transition will be gradual, and customers will be moved individually when all of the capabilities they require have been implemented to the Portal UI.
We are also making the whole Vulnerability Management process more streamlined with less 'clicks' required. There will be some changes in terminology and workflow, but its far simpler to manage and a greatly improved user experience. New features are introduced along the way, such as Tags, along with the necessary Tag Manager, support for Webhooks, and much more.
For those of you already using Portal, you may have seen some of the great steps forward in terms of user experience, and there are a lot more exciting new updates and capabilities coming.
Important Notice
As our business grows, and with more customers joining us, it has been necessary to grow our infrastructure accordingly to ensure we can continue to offer an ever-improving level of service to our customers.
To meet these needs, it has been necessary to extend the IP range from which scanning may originate.
The additional IPv6 range from which scans may originate is:
2a13:5240::/29
This is in addition to our existing network range of:
IPv4: 91.216.32.0/24
Ipv4: 80.254.228.0/22
IPv6: 2001:67c:1084::/48
These IP ranges are exclusive to Outpost24, and any IPS whitelisting for PCI ASV scans should include these new ranges.
New Features
Portal
- Support for OWASP 2021 Classifications for both old and new findings in the Portal. To show the most relevant and useful information for the vulnerabilities, the WASC classifications have been removed.
- Improved date filtering by adding a date picker in the user interface, enabling users to select both dates and times:
- New Tag Manager that allows users to list, create, edit, and delete the tags that are used on objects of different types on their accounts:
- Users can now add the Asset name column to Vulnerability findings.
- Source column and filter in Vulnerability findings is now multiselect.
- The filter by asset in the Vulnerability findings now supports multiselect.
- New action in Assets: "View related findings". When applying the action, users is redirected to a pre-filtered vulnerability findings list for the selected assets.
Netsec
- Added detection for Microsoft Dynamics 365 Business Central.
- Added detection for CVE-2022-23854.
- Added detection for curl.exe on Windows.
Compliance
- Add CIS Microsoft Windows 11 Benchmark v1.0.0.
- Add Hardening Red Hat Enterprise Linux 7 STIG v2.0.0.
Bug Fixes and Minor Improvements
Portal
- Fixed an issue where
verifiedById
field was not returned in the response when an user edited an integration. - Fixed encoding issues in e-mail subjects.
- CVSS scores are now greyed out for Fixed findings.
- Status column is shown by default in the Findings view.
- Added three new built-in view templates: Open and older than 90 days, Fixed, and Not fixed.
Netsec
- Fixed an issue where uploading a PDF report to Managed Reports would result in a corrupted PDF.
viewTemplateId
is now optional when creating new integrations via API.- Changed the format when listing Timezones to make it more readable and user-friendly.
- Fixed a bug where when exporting a
csv
file from the scan schedules in OUTSCAN the date would be incorrect by one hour. - Improved unauthenticated detection of FortiManager.
- Improved unauthenticated detection of Citrix ADC.
- Improved encapsulation detection in the fingerprinting scan segment.
- Fixed an issue with pushing updates in a distributed HIAB environment.
Unified view
- Fixed an issue where an error code was returned whenever an Asset Groups filter was applied to Appstacks.
- In the Asset dashboard, added the Risk category chart whenever a Appstak grade filter was applied.
- Fixed an issue with consistency where in some API endpoints
appstack
would be spelled incorrectly. - Fixed an issue where AppStaks would sometimes be created twice.
Appsec
- Web Applications dashboard: added Assets and Findings as new cards and made them all clickable so it is easier to pivot to the Findings view with the content already pre-filtered. Severity chart is also clickable and redirects to Findings with the items already filtered with the chosen severity:
Cloudsec
- Resolved a bug where Compliance Status in reports no longer provided that information and instead showed an empty chart.
End of Life Announcement
SWAT Classic
We are announcing the End of Life of the SWAT Classic UI. Due to feedback from customers we have extended the end of Support date for the SWAT Classic UI to the end March 2023.
- Official End of Life date: March 2022.
- Official End of Support date: July 2023.
Copyright
© 2024 Outpost24® All rights reserved. This document may only be redistributed unedited and unaltered. This document may be cited and referenced only if clearly crediting Outpost24® and this document as the source. Any other reproduction and redistribution in print or electronically is strictly prohibited without explicit permission.
Trademark
Outpost24® and OUTSCAN™ are trademarks of Outpost24® and its affiliated companies. All other brand names, product names or trademarks belong to their respective owners.