New
New Defense Information Systems Agency benchmarks. We now provide support for the following DISA policies:
- Canonical Ubuntu 18.04 benchmark, version 2, release 4
- MS Internet Explorer 11 STIG benchmark, version 2, release 1
- Sunset-McAfee VirusScan 8.8 Local Client STIG benchmark, version 1, release 4
- Sunset-McAfee VirusScan 8.8 Managed Client STIG benchmark, version 1, release 3
- Microsoft Edge STIG benchmark, version 1, release 1
- RHEL 8 STIG benchmark, version 1, release 3
- SLES 12 STIG benchmark, version 2, release 5
- MS IIS 8-5 STIG, version 2, release 4
New fingerprinting and vulnerability coverage. New fingerprinting and recurring vulnerability coverage for AdoptOpenJDK.
Improved
- Updated Windows 10 checks. We updated how Windows 10 checks work to reduce complexity.
- Improved communication. We improved the reliability of communication between the Console and the Scan Engine.
- Updated Center for Internet Security content. We updated the CIS policy content that provides a benchmark for MS Windows Server 2012 (non-R2) to version 2.3.0.
- Updated BigIP SNMP fingerprinting We updated BigIP SNMP fingerprinting to correctly identify the F5 device hotfix version.
- Improved engine transmission logs. We improved engine transmission logs to help better diagnose connection issues.
- Upgraded JRE This 6.6.115 product version upgrades the Java Runtime Environment (JRE) included with the Security Console to Zulu OpenJDK 1.8.0_312. This upgrade improves the security of the Nexpose application.
Fixed
- Correct package values will now be reflected in our CentOS checks.
- We improved F5 device fingerprinting where historically installed versions are present.
- Exceptions encountered during SSH Elevation are now logged.
- Installations of Microsoft exchange that were undetected due to lack of registry keys will now be detected.
- Fields that failed to load in the UI when editing Shared Credentials will now load properly.
- Agent-based assessments will now include all user and group information on Windows assets.
- Sites configured to include only asset groups will no longer exclude all scan targets if one of those asset groups is specified as a subset in the scan schedule.
- Excluded IP addresses and ranges are no longer being scanned during scheduled scan configuration.