New

• New false positive investigation tool: You can now investigate vulnerability findings as potential false positives directly from your Security Console. If your investigation determines that the finding could indeed be a false positive, you can send the results to Rapid7 for analysis in one mouse-click. Check out our new false positive investigations article to learn how to use this.
• New MongoDB policy: We added a new Center for Internet Security (CIS) policy that provides coverage for MongoDB 3.6 for Linux.

Improved

• New tmux support for Linux-based installations: Security Console and Scan Engine installations on Linux hosts now support the tmux terminal multiplexer as an alternative to GNU Screen when the latter is unavailable during service startup. As of January 13th, 2021, tmux will become the primary multiplexer and GNU Screen will become the alternative option.
• Updated DISA policy content: We updated the following existing DISA benchmarks:
  • Microsoft Internet Explorer 11 STIG Benchmark- Ver 1, Rel 15
  • Mozilla Firefox STIG Benchmark for Windows - Ver 1, Rel 6
• Improved Scan Engine performance for policy scanning: The Scan Engine will now use less memory when scanning assets for policy compliance.

Fixed

• We fixed an issue that could occur when scanning Windows systems on two or more independent networks.