Release Date: 2020-05-28
Future Changes to How We Report Some Netsec Findings
As we continually improve our scan engine and the ways we report findings, we also collaborate with customers who provide valuable feedback on how we report certain findings to ensure that we can provide the best possible information, tied to the highest accuracy we can achieve. We also want to ensure we remove all possible confusion from findings and how we find them.
Based on feedback from a large number of customers, we are working towards refactoring the way we report the port number for what we term Implied Vulnerabilities where we may not be able to authenticated with the Operating System, but we can use other information gathered to make accurate assumptions.
For example, we enumerated the version of Windows based on another service (HTTP, SNMP etc.) we would, by default, report the finding as TCP 445, because that is how you would find it on Windows, or TCP 22 for Linux. The problem has been that this port may not be available, and so we had the potential to cause some confusion if we reported findings on TCP 445, but that port was not seen in the port scan phase.
To overcome this confusion, we are changing this from reporting the assumed port number to instead read Generic.
We are working towards ensuring that this change has as little impact on your current workflows as possible, and how we can ensure the continuation of Accepted Risks and False Positives across this change. Further updates will be provided during the completion of this change.
To further improve our Threat intelligence capabilities, we have added 2 further asset fields for Farsight customers, focusing on Business Risk and Asset Exposure.
- Added Business Risk – (Default's to Medium). Once the business risk has been given for an asset, it ensures focus on those assets which present the greatest risk to the business.
- Added an exposed flag - An Internet exposed asset presents a greater risk to a business than an internal one. This will be triggered for all assets with an Internet addressable IP Address.
Combining the business risk with the exposure and likelihood fields, allows a customer to truly focus on remediating the issues they face on the assets that present the greatest risk.
- Introduced Report Library - The Portal now supports the ability for customers to add reports directly to a Report Library. Reports can be scheduled to be sent to the Report Library, rather than sent via email, for download later. Reports can also be tagged to ensure full use of IAM controls for sharing reports.
- RBAC/IAM, which had a limited release in February, is now available to all customers within the Portal.
- The Outpost24 Agent is now available for Windows 10. If you are interested in being among the first customers to use the Outpost24 Agent, please contact your Account Manager to have them enabled for your account.
- Task Progress offloading now includes adding large volumes of new targets.
- It is now possible to see logs for an Agent from within Manage Targets via a right click.
- When deploying a HIAB virtual machine, it is now only possible to enroll the LATEST version of a HIAB virtual machine. Trying to enroll an earlier version will result in an error. Future versions of HIAB virtual machine will be able to give a relevant error message; however, this is not possible with older versions. If you encounter an error when trying to register a new HIAB, please ensure you have the latest version before contacting support.
- It is now possible to download HIAB Cloud Images for Azure and AWS from the UI in the same way as Virtual Machine's for VMware and Hyper-V.
- It is now possible to automatically sort findings based on the lastseen date.
Fixes and Minor Improvements
- Fixed an issue which may cause some scans to be stuck at the Reporting process and fail to progress.
- Refined the schedule view to include Hours and Minutes.
- Both user initials are now shown in the user badge.
- Fixed an issue where password reset mails were incorrectly formed for HIAB's deployed in AWS.
- Fixed an issue where folders structure was not displayed correctly for subusers being granted access to asset groups.
- Fixed an issue where discovered agents in the Ungrouped target group may not get scanned.
- Updated identification for WindowsKernel 10.0 based operating systems where they may be incorrectly identified as Windows 10.
- Fixed an issue where some HIAB architectures would not get a full update during the offline update process.
- Fixed an issue which can cause a HIAB to be stuck in a state where it cannot be updated if an incomplete offline update package is used.
- Auditing has been improved to now include relevant sub account information when adding new targets.
- Improved Apache Struts detection.
- Fixed an issue where a sub account user could not run a Discovery Scan against a network range, they had permission to scan.
- Improved Ubuntu detection.
- Fixed an issue where Agent logging will fail if the log directory does not already exist.
- Added authenticated detection for OpenWRT.
- Added detection for Sophos XG Firewall.
- Improved Nginx backporting detection when installed on RHEL.
- Improved Fedora detection.
- Added a field to show Likelihood last update date to show when the likelihood was last updated.
- Added a field to show Likelihood delta to show how much the Likelihood has changed since the last Likelihood update.
- Fixed an issue where creating a Scale configuration on a HIAB will allow it to be assigned to a non-existent scanner, resulting in an error.
- Fixed an issue that did not display any indicator that authentication was enabled for Scale if Selenuim was being used.
- Improved logic in AWS policy.
- Improved checks withing AWS policy for CloudTrail auditing.
- Fixed an issue where clearing out all selected assets in Compliance doesn't uncheck all of the selected checkboxes.
- The columns 'First failed' and 'Last failed' have been added to the Compliance view.
- Added notes, rationale, references, and CIS Controls to Compliance information.
- Updated version of the RestAPI Spec file.
End of Life Announcement
WAS Removal - In line with the previous End of Life communication, we have removed the WAS options from Outscan. Should you feel you still need WAS please contact your Outpost24 sales representative to discuss migration to Appsec Scale.
EWP EoL - In our vision towards Full Stack Assessments in a Unified UI, we have integrated Cloudsec Inspect into the Outpost24 Portal. Thus, we are deprecating EWP and start migrating our customers. EoL of EWP will happen during 3Q2020 and EoS in 4Q2020.
© 2024 Outpost24® All rights reserved. This document may only be redistributed unedited and unaltered. This document may be cited and referenced only if clearly crediting Outpost24® and this document as the source. Any other reproduction and redistribution in print or electronically is strictly prohibited without explicit permission.
Outpost24® and OUTSCAN™ are trademarks of Outpost24® and its affiliated companies. All other brand names, product names or trademarks belong to their respective owners.