Release Notes February 2024
Release Date: 2024-02-27
Version: 8.24.1.1.el7
Upcoming update for Netsec users
It has likely not escaped anyone's notice that things have been a little quiet on the Netsec side. But we have been working exceptionally hard behind the scenes to introduce the Netsec capabilities into the Portal, the UI currently used for our Appsec products.
Over the coming months more capabilities will be added and we are beginning the onboarding process for customers to move over to the Portal UI. The transition will be gradual, and customers will be moved individually when all of the capabilities they require have been implemented to the Portal UI.
We are also making the whole Vulnerability Management process more streamlined with less 'clicks' required. There will be some changes in terminology and workflow, but its far simpler to manage and a greatly improved user experience. New features are introduced along the way, such as Tags, along with the necessary Tag Manager, support for Webhooks, and much more.
For those of you already using Portal, you may have seen some of the great steps forward in terms of user experience, and there are a lot more exciting new updates and capabilities coming.
Important notice
As our business grows, and with more customers joining us, it has been necessary to grow our infrastructure accordingly to ensure we can continue to offer an ever-improving level of service to our customers.
To meet these needs, it has been necessary to extend the IP range from which scanning may originate.
The additional IPv6 range from which scans may originate is:
2a13:5240::/29
This is in addition to our existing network range of:
IPv4: 91.216.32.0/24
Ipv4: 80.254.228.0/22
IPv6: 2001:67c:1084::/48
These IP ranges are exclusive to Outpost24, and any IP whitelisting for PCI ASV scans should include these new ranges.
Deprecation of SWAT Assets and SWAT Findings in Portal
As part of our ongoing efforts to migrate all Appsec functionality to Portal, please note that both SWAT Findings and SWAT Assets will be removed in upcoming releases from Portal. Those sections had been marked as deprecated for a long time now. As disclosed in the EOL Announcements, SWAT Classic will be deprecated as of October 1st, 2024. Customers who are still using Classic should begin the onboarding process.
New Features
Portal
We are thrilled to introduce Event Notifications to Portal! Now, users can easily configure notifications right within the Portal, leveraging the versatile Jinja2 support to personalize their content fully. With Event Notifications, you can tailor alerts for specific actions on our platform, receiving updates via email, in-app, or creating custom integrations with webhooks. Check out our full documentation on the Knowledge Base for comprehensive information and make the most of these features!
- Watching Findings, a way to help you keep track of your findings. When you start watching a finding, you'll receive automatic notifications for status changes, new comments, and impending acceptance risk expiration. Some actions will automatically start watching a finding for you, but you can also do it manually.
Appsec
- Asset Groups dashboard design has been revamped! These updates provide users with a better overview of their asset groups as well as new visualizations for a more intuitive experience.
Bug Fixes and Minor Improvements
Portal
- Coalesced CVSS Scoring for Improved Consistency: we've aligned the scoring methodology for graphs in Portal with exported reports to ensure consistency across the board. Now, both platforms utilize the coalesced cvssSeverity field, incorporating the respective CVSS v3 and v2 ranges for severities.
- Fixed an issue where the password in the Authentication tab of a Webhook would not be populated and thus could not be checked.
- Changed default sorting in scans: now scans are sorted by Ended time instead of by ID.
- Fixed an issue where the UI would flicker when the Edit Environmental CVSS vector window was open.
- We've implemented a maximum selection limit of 500 items in tables for an improved performance and user efficiency.
- Fixed an issue where users with Manage and View permission for Scan policies could not delete them if they didn't have Manage and View for Credentials as well.
- Added RBAC for Integrations in IAM.
Outscan
- Fixed an issue where where the Report information section of a report was displaying truncated information, particularly with target details, not showing the full list.
Public Preview Features
Follow the link to read more about our Product Stages.
- Workflows, a new feature that will allow you to seamlessly chain features across various products within our platform as well as generate a report at the end with the results. Workflows help ensure full coverage of your infrastructure and applications in a single, efficient process. You can find it in Portal, under Configuration and you can access documentation here Workflows.
Vulnerability Detection Update
The latest updates are published here: Vulnerability Detection Update
End of Life Announcement
Scanning over SSHv1
We will no longer be supporting scanning over SSHv1 from March 2024, and will therefore drop support for this and all of the associated ciphers.
- Official End of Life date: September 2023
- Official End of Support date: March 2024
SWAT Classic
We are announcing the End of Life of the SWAT Classic UI. Due to feedback from customers we have extended the end of Support date for the SWAT Classic UI to the October 1st, 2024.
- Official End of Life date: October 1st, 2024
- Official End of Support date: July 2023
Copyright
© 2024 Outpost24® All rights reserved. This document may only be redistributed unedited and unaltered. This document may be cited and referenced only if clearly crediting Outpost24® and this document as the source. Any other reproduction and redistribution in print or electronically is strictly prohibited without explicit permission.
Trademark
Outpost24® and OUTSCAN™ are trademarks of Outpost24® and its affiliated companies. All other brand names, product names or trademarks belong to their respective owners.