detected, integrations, fixes

Website v2.61.0

Enhancements

  • SEC-4317 : OS Family should be changeable on the node edit page
    • After a brief hiatus, the operating system family can once again be changed from the node edit page
  • SEC-4298 : Azure Key Vault scan
    • Azure key vaults are now available as a node type
  • SEC-4264 : Remove “variables” feature flag
    • The variables page will now utilize the new layout and skin that has been optional for the last few releases. Please contact your FDE if you have any questions about this feature
  • SEC-4263 : Remove “edit_node_skin” feature flag
    • The node edit page will now utilize the new layout and skin that has been optional for the last few releases. Please contact your FDE if you have any questions about this feature
  • SEC-4262 : Remove “aws_integration” feature flag
    • The synchronization facilities available via the AWS integration is now enabled for all users. Please contact your FDE if you have any questions about this feature
  • SEC-4157 : Implement AWS IAM Discovery
    • AWS IAM nodes may now be imported en masse via the standard bulk add nodes workflow

Fixed Issues

  • SEC-4337 : Monitored>Scan button skewed at certain zoom levels
    • The dropdown next the the “Scan” button on the monitored page should now always line up with the button itself correctly, regardless of zoom level
  • SEC-4336 : job of type “Policy - Node Group” doesn’t show on “Job History” page
    • Fixed an issue where the “Policy - Node Group” scheduled job runs would not appear on the “Job History” page
  • SEC-4327 : Executing a single policy ad-hoc from the node group executes all policies attached to the node group
    • Executing a CIS policy against a node will now correctly execute just that policy, rather than every policy attached to that node
  • SEC-4326 : ip_address lookup error
    • Fixed an issue where connection manager registrations would fail due to a change in the internal storage format of their IP address
  • SEC-4325 : Do not fail entire import process if some nodes exist already
    • The ServiceNow import process is now much more tolerant of inidividual node failures, such that the whole job will no longer fail if there is a single errant node. Additionally, information regarding node failures is now available in the corresponding job history entry for these jobs
  • SEC-4324 : Can’t edit credentials for Azure nodes
    • Fixed an issue where certain circumstances would cause the credentials fields on Azure nodes to become inaccessible
  • SEC-4323 : Whitelist/blacklist policy checks don’t work with listified attributes
    • Whitelist/blacklist type policy checks will now work correctly when applied to attributes that are true arrays, rather than just strings
  • SEC-4319 : Allow website nodes to be scanned via an HTTP proxy
    • Users may now indicate that a specific HTTP proxy should be used when scanning website nodes, rather than having the appliance reach out directly
  • SEC-4318 : Non-wildcard policy check being evaluated as a wildcard
    • Fixed an issue where arbitrary policy checks would sometimes be evaluated as if they were wildcards
  • SEC-4312 : Valid URLs are corrupted when creating or editing a REST endpoint integration
    • Fixed an overzealous piece of sanitization code corrupting legitimate URLs when creating a REST endpoint integration
  • SEC-4310 : Deleting a node while it has a job in progress will cause that job to run forever
    • Deleting a node while it has a job in progress will now correctly decouple from that job, and no longer cause things like environment scans to never kick off
  • SEC-4309 : Add/edit K8s node broken
    • Fixed a couple of issues related to adding K8s nodes
  • SEC-4308 : Appliance settings button only available to UpGuard users
    • All administrators will now have access to the “Appliance Settings” dropdown from the top-right menu, rather than just super users
  • SEC-4295 : Detected>ServiceNow and Azure Scheduled jobs show as unknown on the Scheduled Jobs page
    • All of the synchronization job types should now display the correct job type information on the job history page
  • SEC-4280 : Users should not be able to lock their accounts when LDAP is enabled
    • Disabled account locking while LDAP authentication is enabled, as it was redundent
  • SEC-4272 : Report generation consuming large amounts of memory
    • Post-environment scan reporting should no longer cause the appliance to experience periods of reduced performance, and should run much faster
  • SEC-4259 : CSV imports that have connection manager group 1 fail import; error that group does not exist
    • Importing nodes via CSV that are assigned to the Default connection manager group should no longer fail during upload
  • SEC-4250 : Unable to export CSV file from Events View
    • Fixed an issue where attempting to export a CSV failed for certain event view queries
  • SEC-4227 : Benchmark Reports>Individual Node results are not displaying
    • Benchmark reports will now correctly display results for every node in a benchmark report
  • SEC-4089 : New skin CSV import fails with “Invalid CSV File” error w/ LibreOffice installed
    • Fixed yet another issue with CSV imports, based on invalid MIME types. Please Note: We keep running into ever more exciting issues regarding CSV-handling software, so please inform your FDE if you encounter the error above
  • SEC-4077 : Not able to scroll through Orgs on some pages
    • Fixed an issue where user accounts with access to a large enough number of organisations could not scroll through the full list
  • SEC-4076 : Audit functionality for “Node added to Node Group” not working
    • Fixed an issue where nodes being added to a node group would not generate a corresponding audit event
  • SEC-3768 : User Invite>LDAP invited user’s emails contain instructions to create user/pass
    • The verbiage of the invie emails has been changed to direct users to simply log in when LDAP is enabled, rather then to try and have them register an account
  • SEC-3965 : “Host name property” not respecting user’s choice during SN bulk import
    • Fixed an issue where the “Host name property” value would default to “dns_domain” when importing ServiceNow nodes, regardless of the user’s choice
  • SEC-2592 : Do not re-evaluate policies on node show
    • Users may now opt-in to a feature whereby policies will not be evaluated when viewing a node, with a message indicating that a new scan must be performed when the results are out of date. This results in a considerable increase in performance, especially for nodes with high policy coverage. Please speak to your FDE to have this feature enabled.

Windows Connection Manager/Agent 4.14.0

Enhancements

  • WIN-351 : Azure Cloud Services and App Services
    • The following items have been added as new nodes or extensions to existing nodes in UpGuard:
      • Cloud Services resource
        • Role Number/Size
        • Configuration section (equivalent to web.config on IIS)
        • Last deployment date
      • App Services resource
        • Role Number/Size
        • Configurations Section https://docs.microsoft.com/en-us/rest/api/appservice/webapps/getconfiguration
        • Last deployment date https://docs.microsoft.com/en-us/rest/api/appservice/webapps/listdeployments
        • Any additional information that is associated with App Services specifically

SSH Connection Manager/Agent 4.14.0

Enhancements

  • GOAT-129 : CIS benchmarks SUSE 11 and 12
    • CIS benchmarks may now be executed against SUSE 11 and 12 nodes. Please contact your FDE if you need assistance in setting this up
  • GOAT-485 : Add GKE node
    • GKE clusters are now available as a node type
  • GOAT-489 : CIS Benchmark for Ubuntu 16.04
    • CIS benchmarks may now be executed against Ubuntu 16.04 nodes. Please contact your FDE if you need assistance in setting this up
  • GOAT-496 : AWS EBS Volume node scan
    • AWS EBS Volumes are now available as a node type
  • GOAT-497 : AWS VPC Peering Connection node scan
    • AWS VPC Peering Connections are now available as a node type
  • GOAT-499 : AWS VPC Flow Log node scan
    • AWS VPC Flow Logs are now available as a node type
  • GOAT-500 : Differentiate between inline and managed policies for users, groups and roles for AWS IAM node scan
      • Re-arranged the structure of AWS IAM nodes to make the AWS policy information a bit more useful
  • GOAT-502 : Place diet policy information under policy sections for users, groups and roles in AWS IAM node scan
    • Re-arranged the structure of AWS IAM nodes to make the AWS policy information a bit more useful
  • GOAT-503 : Return system errors messages from GOAT to Secure when performing a CIS policy scan
    • Failures that occur due to issues on the target node during CIS scans will now be viewable in the job history report

Fixes

  • GOAT-501 : event log entry for AWS sync should show the integration name not the API key
    • AWS sync events will now display the (much more helpful) name of the source integration, rather than the API key it is using