Change log of the Cyberwatch software

14.6 (2025-04-07)

Highlighted features:

• Cloud: introduced a wizard to facilitate the use of Discoveries and Compliance features (preview)
• Cloud environment compliance: added Microsoft 365 compliance rules (preview)
• Corrective actions: added the Windows Package Manager support to update third-party applications (preview)
• Criticalities: integrated EPSS Version 4 into the vulnerability prioritization method called “3D prioritization”

Updated features and performance improvements:

• API: the /api/v3/cve_announcements route now also retrieves the vulnerabilities referenced in the CISA KEV and CERT-FR ALE catalogs
• Authentication provider: improved user experience for creating and configuring OpenID Connect or SAML providers, including an auto-suggestion function to assist in filling out attributes
• Cloud environment compliance: implemented new Google Cloud Platform compliance rules
• Discoveries: you can now report only powered-on virtual machines during a VMware vSphere discovery
• Exports: technology installation paths are now included in the patches list CSV exports
• External tools: improved error management in case the Syslog server is down
• Kibana: custom comments on a vulnerability are now referenced in the cve_announcements index
• Network targets and websites: implemented scan support for Ivanti and Palo Alto Networks network devices
• Performance: further global performance improvements for the application
• Scanning engine: improved analysis of Microsoft SQL Server applications

Bugfixes:

• Cloud environment compliance: fixed a migration issue related to updating compliance rules
• Corrective actions: you can once again deploy patches from the corrective actions page
• Ignoring policies: you can once again remove keywords when editing an ignoring policy
• Kibana: fixed an issue that could prevent security issues from being sent to Kibana
• Scanning engine: fixed detection issues on Palo Alto Networks devices

14.5.4 (2025-03-13)

This release contains critical fixes to address CVE-2025-25291 / CVE-2025-25292 / CVE-2025-25293.

14.5 (2025-02-24)

Highlighted features:

• API: new documentation interface (preview)
• Compliance: you can add a comment for a compliance rule (preview)
• Discoveries: added a Stormshield discovery (preview)

Updated features and performance improvements:

• Agentless mode connection: improved the creation of stored credentials set when adding a new connection
• Cloud environment compliance:
  • Implemented new Google Cloud Platform compliance rules
  • Improved and implemented new Microsoft Azure compliance rules
• Compliance:
  • Implemented CIS Red Hat OpenShift Benchmark
  • Improved and updated Active Directory checkpoints for CERTFR_AD analysis
• Details of a Compliance rule: you can also filter by status
• Details of a Corrective action: the related vulnerabilities tab has been removed
• Details of an Asset: you can now edit the connector of a cloud asset
• Network targets and websites: improved detection mechanisms for vulnerabilities related to directory traversal and file inclusion in web applications
• Discoveries: the project and region information can also be reported during a Google Cloud Platform discovery
• Scanning engine: improved the installed updates analysis on Windows assets
• Performance: improved search responsiveness by application

Bugfixes:

• Agentless mode connection:
  • Fixed a detection issue on SonicWall devices in SNMP
  • Fixed an application problem when adding a CyberArk Conjur connection
  • Fixed logins displaying problem on the edit form
• Compliance:
  • Fixed the script of rule ICS-WIN-4.2.1
  • Fixed the script of rule ICS-WIN-6.9
• Scanning engine:
  • Fixed on Mozilla Firefox patches versioning information
  • Fixed the Nginx application detection

14.4 (2025-01-27)

Application performance will be degraded if the machine hosting Cyberwatch has a Linux kernel lower than 4.0 (example: Red Hat 7 or CentOS 7), and a Docker version lower than 25.0. For more details on recommended configurations, please refer to the technical requirements.

Highlighted features:

• Cloud:
  • Updated Amazon Web Services compliance rules (preview)
  • Updated Google Cloud Platform compliance rules (preview)
  • Updated Microsoft Azure compliance rules (preview)
• Details of a Corrective action: added a section indicating Windows application details (preview)
• Performance: application global performance improvements

New features:

• Agentless mode connection:
  • Added a search bar to filter by asset, source, access protocol or address
  • Added a sortable column indicating the stored credential name of agentless mode connections
• Customization: you can customize the placeholders for comment sections
• Scope:
  • Added support for Alpine Linux 3.21
  • Added support for macOS 15

Updated features and performance improvements:

• API:
  • The /api/v3/assets/servers/{id} route now returns the date of first and last detection of technologies, as well as the ID of the scanning, deployment, reboot and ignoring policies assigned to the asset
  • The /api/v3/hosts and /api/v3/hosts/{id} routes now return the operating system names of discovered assets
  • The SBOM file uploading as air gap assets via the Cyberwatch API client is now supported
• Harbor and GitLab: the endpoint is now the same for the whole container scanner configurations defined in the application
• Scanning policies: the default execution frequency for Linux and Windows system metadata scans is now five days
• Scope:
  • Dynamic sending of Windows application data from the security database
  • Improved the Extreme Networks ExtremeSwitching devices support

Bugfixes:

• Alerts: fixed a problem preventing the filter selection when creating or editing an alert
• Assets rules: fixed an application problem that could occur when executing a rule applicable to multiple elements
• Compliance: fixed the script of SBP-LIN-01-002 rule
• Scanning engine:
  • Fixed a detection issue on HPE Aruba Networking
  • Fixed an analysis problem on VMware vCenter
  • Fixed an issue to detect the extended support presence on Red Hat systems
  • Fixed on Microsoft SharePoint Server (SharePoint On-Premise) patches versioning information

14.3 (2024-12-16)

Highlighted features:

• Assets inventory: the search bar now proposes finer filtering criteria for groups (preview)
• Discoveries: added a Red Hat OpenShift discovery (preview)

New features:

• Discoveries:
  • Added a Fortinet discovery
  • Added an Amazon ECR discovery
• Scope:
  • Added support for Dell EMC N4000 devices
  • Added support for Fedora 41
  • Added support for Jira
  • Added support for MikroTik CCR2004-1G-12S+2XS devices
  • Added support for OpenSUSE
  • Added support for Siemens SCALANCE XB-200 devices
  • Added support for Ubuntu 24.10
  • Added support for Windows Server 2025

Updated features and performance improvements:

• Discoveries: you can now restrict Kubernetes or OpenShift discoveries to a namespace
• Exports: the “CPE” column is added in the CSV technologies exports
• Scanning engine: improved the detection of applicative package versions on AlmaLinux

Bugfixes:

• Compliance:
  • Fixed the script of CIS-AWS-5.1 rule
  • Fixed the script of SBP-LIN-04-004 and SBP-LIN-02-005 rules
• Discovered assets: fixed a problem in the generated CSV exports, which could contain no elements at all
• Discoveries: fixed an application problem that could occur on some Cyberwatch instances during a network scan discovery
• Integrations: fixed an asset information sending problem on some compliance-related integration hook locations
• Vulnerabilities: fixed a problem where CVSS thresholds that had been configured were not taken into account

14.2 (2024-11-25)

Highlighted features:

• Docker images: image analysis in a GitLab pipeline is now possible (preview)
• Users: you can perform permission bulk edits (preview)

New features:

• API: the /api/v3/servers/{id}/export route can be used to get asset information in CycloneDX JSON or SPDX JSON SBOM format

Updated features and performance improvements:

• Agentless mode connection: the Forcepoint version 7 devices scan in SNMP is also supported
• Air gap assets: improved the detection of operating system and technologies in the SBOM files import feature as air gap assets
• Corrective actions: improvements in the presentation of corrective actions for the same technology
• Integrations: you can add an integration from the compliance rules encyclopedia, the corrective actions, the security issues encyclopedia, the vulnerability encyclopedia and the details of a corrective action
• MITRE ATT&CK: Cyberwatch now relies on attack techniques from ATT&CK version 16
• Network targets and websites: the authentication by a Selenium script in target scanning is also supported
• Scanning engine:
  • Improved the Java application detection
  • Improved the Mozilla Firefox application detection
  • Improved the Python package detection
• Users: improved the permission information displayed in the user profile

Bugfixes:

• Agentless mode connection: fixed a detection issue on Aruba and HPE devices in SNMP
• Reports: fixed a problem where filters used to generate PDF reports were not taken into account
• Repositories: fixed a displaying error on the number of rules and associated assets with a repository
• Scanning engine: fixed a detection issue on Alpine Linux

14.1 (2024-10-28)

Highlighted features:

• Network targets and websites: cookie authentication in target scanning is now supported (preview)

New features:

• Compliance: added CIS Ubuntu 24.04 LTS Benchmark
• Exports: added the package_detected_at field in the current technologies JSON export indicating the date on which the technology was first detected. This data is also present in Kibana or Google BigQuery, in the computers_packages index
• Scope:
  • Added GitLab security advisories
  • Added security advisories from the CCN-CERT Spain
  • Added security advisories from the CERT Santé France
  • Added security advisories from the CSIRT Italy
  • Added support for Cisco Business 250 and 350 devices
  • Added support for Opengear devices

Updated features and performance improvements:

• Administration:
  • The “Vulnerabilities” tab settings of the “Customization” sub-menu have been moved to the “Vulnerabilities” sub-menu
  • The “Customization” sub-menu has been refactored
• Agentless mode connection: improvements on the HPE devices detection in SNMP
• Air gap assets:
  • Improvements on the feature of SBOM import files as air gap assets
  • UX improvements and fixes to prevent the execution of a deployment and restart policy on air gap assets
• API:
  • The /api/v3/assets/servers/{id} route now returns the CPEs of packages that have them
  • The /api/v3/servers/{id}/cve_announcements/{cve_code} route can also be used to add a comment for a vulnerability
• Assets inventory: UX improvements on the customization modal
• Corrective actions: you can also filter by package type
• Dashboard: improvements on the modals and widgets displaying
• Details of an Asset: UX improvements in the “Technologies” tab for adding Docker images
• Details of a Security issue: you can now filter by payload in the list of associated assets
• Discoveries:
  • A discovery modified during its execution is now relaunched with its new configuration
  • A Harbor robot account can also be used for a Harbor registry discovery
  • Improvements on the automatic registration in agentless mode connections
  • Improvements on the Kubernetes namespace discoveries
  • You can now interrupt a discovery in progress
• Exports: you can now set a size limit for an export sent by email
• Kibana:
  • Improvements in the visualization of the CVE evolution graph
  • The “CVE Specific Dashboard” is renamed to “Vulnerability monitoring”
• Network targets and websites: you can also define URLs that will be excluded from the scan
• Repositories: the view has been refactored
• Scanning engine: improvements on the Red Hat detection to take extended support versions into account
• Scope: improved the Android support

Bugfixes:

• Agentless mode connection: fixed a retrieval problem on the system name of Stormshield devices in SNMP
• Air gap assets: fixed a sorting problem on last analysis dates
• Assets rules: fixed a problem with the selection of values in the search bar that could lead to errors in the list of asset rules
• Details of an Asset: fixed a display problem that could occur in the “Compliance” tab when checking custom rules
• Discovered assets: fixed a displaying error that may occur on the list of unregistered assets
• Discoveries: fixed an application problem that could occur during an AWS discovery
• Network targets and websites: fixed an API routes retrieval problem when scanning the Swagger/OpenAPI documentation of a target in headless mode
• Kibana: fixed a problem with the cvss_v3_access_vector field in the computers_cves index
• Scanning engine:
  • Fixed a detection issue on Firefox ESR
  • Fixed a detection issue on VMware
  • Fixed an analysis problem on F5 devices
  • Fixed an analysis problem on Java
  • Fixed analysis and detection problems on Microsoft .NET Framework and Windows

14.0 (2024-09-18)

This version is a major release.

Highlighted features:

• Agentless mode connection and Discoveries: you can create an asset or register a discovered asset representing a Kubernetes project (preview) (preview)
• Air gap assets: the SBOM SPDX 2.3 JSON, CycloneDX v1.5 JSON and CycloneDX v1.6 JSON files can be imported as air gap assets
• Assets inventory: you can add customized columns to display asset metadata (preview)
• Criticalities: integration of the CISA’s Stakeholder-Specific Vulnerability Categorization (SSVC) system into the vulnerability prioritization method called “3D prioritization” (preview) (preview)
• Docker images: Cyberwatch now allows you to scan images natively with the 5.20 version of the orchestrator base
• Vulnerability encyclopedia: the CVSS 4.0 version is now integrated throughout the application (preview)

New features:

• Compliance: you can ignore a compliance rule
• Details of an Asset: you can select the columns to display in the “Vulnerabilities” tab including a sortable column indicating the contextual score (CVSS-BTE) and another for the SSVC decision
• Details of an Asset and Details of a Vulnerability:
  • You can add a comment for a vulnerability
  • You can ignore a vulnerability until a given date
• Discoveries:
  • Added a Proxmox discovery
  • You can create a group when creating a discovery
  • You can delete groups of discovered assets that have disappeared
• Harbor: added the support for the Scanner Adapter API new version, to run the SPDX SBOM generation of Docker images right from the Harbor web interface
• Scanning policies: you can duplicate an existing policy
• Scope:
  • Added end-of-life dates for PHP 8
  • Added support for Alpine Linux 3.20
  • Added support for Aruba 7005 devices
  • Added support for Fedora 40
  • Added support for Progress Kemp LoadMaster LM-X3 devices

Updated features and performance improvements:

• Agentless mode connection:
  • The IP addresses of SNMP device can now be reported on the application
  • The weak SNMP community strings configured on the device are now reported as a Security issue
• Alerts: added a dedicated page to see the items processed when an alert was last executed
• API:
  • Added reference and security_announcement fields in the /api/v3/cve_announcements route
  • The /api/v3/cve_announcements and /api/v3/cve_announcements/{id} routes now return the CVSS v2 or v3 vector and the CVSS v4 score of CVEs
  • The asset routes have been consolidated
• Assets: improved the patching deployment management
• Assets inventory: you can now reorder table columns
• Assets rules: you can now define opposite actions on rules
• Compliance rules encyclopedia: you can now filter by group
• Details of an Asset: the subnet mask is now reported in IP addresses
• Details of a Vulnerability: the information section now displays all CVSS scores available for a CVE
• Discoveries:
  • The discovery creation view for managing discovered assets has been refactored
  • You can now perform a namespace discovery for AKS, EKS and Kubernetes
• Discoveries and Docker images: the discovered images and assets with the same hash are now linked
• Docker images:
  • Improved the shell less Docker images scanning
  • UX improvements on Docker images presentation in the Assets inventory and their details
• Exports and Reports: CSV exports and PDF reports of Security issues now indicate the issues to be fixed
• Network targets and websites: improved the technology versions detection when scanning network ports
• Scanning engine:
  • Improved and fixed the SUSE detection
  • Improved the F5 devices detection
  • Linux application paths are now reported in the application
• Scanning policies:
  • Scanning frequencies are now configured in the policy details
  • UX improvements for associating a scan script and creating a custom analysis script
• Scanning, Deployment or Reboot policies: you can now specify a time zone when creating a policy
• UX: improved the creation and edition views of groups and repositories

Bugfixes:

• Agentless mode connection:
  • Fixed a detection problem on Aruba devices in SNMP
  • Fixed a patching deployment issue that could occur on some Linux assets
  • Fixed a problem that could lead to the display of duplicate Windows patches after restarting an analysis
  • Fixed a version retrieval problem on some Cisco devices in SNMP
• Air gap assets: fixed an issue to block the rebooting script execution on air gap assets
• Compliance:
  • Fixed an evaluation problem when multiple checks are performed on a rule
  • Fixed the script of ICS-WIN-8.2.3, SBP-LIN-01-004 and SBP-LIN-01-007 rules
• Harbor:
  • Fixed a problem with scanning Docker images not supported by the application
  • Fixed an application problem that could prevent the Docker images scanning
• Network targets and websites:
  • Fixed an analysis problem on some WordPress extensions and themes
  • Fixed an API routes retrieval problem when scanning the Swagger/OpenAPI documentation of a target
  • Fixed a problem preventing a target from being scanned from a Kubernetes node
• Scanning engine:
  • Fixed a detection issue on OpenVPN
  • Fixed a detection issue on Palo Alto devices
  • Fixed an analysis or a detection problem on Microsoft .NET Framework and Windows
  • Fixed on Mozilla Firefox ESR patches versioning information

13.12.1 (2024-09-13)

This release contains a critical fix to address CVE-2024-45409.

Bugfixes:

• Update the SAML library

13.12 (2024-07-11)

New features:

• Agentless mode connection: added a new Security issue type to indicate the SNMP devices using the default community
• Scope:
  • Added support for CloudLinux OS
  • Added support for Dell Command Configure
  • Added support for Dell Command Monitor

Updated features and performance improvements:

• Administration: the support identifier is now indicated in “About” page
• API: improved the codes and errors messages reporting
• Scanning engine: improved the filtering installation files method in the Windows user applications scan
• Scope: improved the Extreme Networks ExtremeSwitching devices support

Bugfixes:

• Details of an Asset: fixed the cancellation of global update schedules on an asset
• Discoveries:
  • Fixed a Docker image retrieval problem when discovering the Harbor registry
  • Fixed a problem related to the discoveries mandatory naming
• Network targets and websites: fixed a problem on the scan of the target API by providing the URL of its Swagger documentation
• Scanning engine: fixed a detection issue on SUSE packages
• Users: fixed a problem where some users with global access could lose their permissions
• Vulnerability encyclopedia: you can once again use the offline Vulnerability encyclopedia filter search bar

13.11 (2024-06-18)

Highlighted features:

• Alerts:
  • Alerts are now checked every hour
  • You can configure a minimum duration between the sending of two alerts (preview)
• Criticalities: you can now define the CVSS score type for prioritizing vulnerabilities (preview)

New features:

• Air gap assets: you can assign groups when importing assets
• Assets inventory and Details of an Asset: you can perform a global update of Windows and Linux systems
• Compliance: added Ubuntu 24.04 LTS to the Security_Best_Practices for Linux repository
• Scope:
  • Added support for M100V and C100V IronPort Cisco devices
  • Added support for S190 Cisco devices
• Users: you can close the remote user sessions

Updated features and performance improvements:

• Air gap assets: the asset “Last update” information now also takes into account the date of the last edition of declarative compliance data
• Alerts: you must now name your alerts
• API: the /api/v3/remote_accesses and /api/v3/remote_accesses/{id} routes now show the used stored credentials
• Compliance: updated multiple CIS Benchmarks
• Criticalities: updating a criticality automatically relaunches vulnerability scans on the related assets
• Discoveries: you must now name your discoveries, and the unnamed discoveries will be given a unique name when Cyberwatch is updated
• Exports:
  • Improved errors management in case of scheduled exports generation problem
  • The maximum EPSS score is now present in the CSV patches exports
  • The prioritized CVSS score and its type are now indicated in the CSV vulnerabilities exports
  • The “Statut” column is renamed to “État” in the French CSV exports
• MITRE ATT&CK: Cyberwatch now relies on attack techniques from ATT&CK version 15
• Network targets and websites: errors encountered during network port analysis are now reported in the application

Bugfixes:

• Authentication provider:
  • You can once again copy the client certificate in an OpenID Connect configuration
  • You can once again copy the Cyberwatch certificate in an SAML configuration
• Compliance:
  • Fixed the script of rule SBP-LIN-02-005
  • Fixed the script of rule SBP-LIN-03-003
  • Fixed the script of rule SBP-LIN-03-004
• Discoveries:
  • Fixed a Microsoft Azure assets registration problem in agentless mode connection via Azure API
  • Fixed an execution problem during the discovery of an Amazon Elastic Container Registry
• Scanning engine:
  • Fixed an analysis problem on Oracle Database 19c
  • Fixed an SNMP scan problem on some Cisco devices
• Reports: fixed a displaying problem in the annex of PDF executive reports
• UX: fixed options enabling or disabling problem when saving a stored credential

13.10 (2024-05-20)

Highlighted features:

• Details of an Asset: you can view, in the “Summary” tab, the vulnerabilities referenced in the CISA KEV and CERT-FR ALE catalogs (preview)
• Discoveries: you can automatically register discovered assets as a network target or website (preview)
• Vulnerability encyclopedia: added the summary of a CVE in the encyclopedia, as well as in the details. (preview) (preview)

New features:

• Administration: added an “English (US)” language using international date format
• Assets inventory: you can filter by discovery name in the search bar
• Details of an Asset: you can go directly, from the information section, to the discoveries associated with this asset
• Network targets and websites: added scan support for Harbor registry, and some Citrix Fortinet and Ubika network devices
• Scope:
  • Added Rocky Linux security advisories
  • Added support for Dell EMC Networking devices
  • Added support for Foxit PDF Editor
  • Added support for TensorFlow
  • Added support for Ubuntu 24.04
  • Added support for XnView Classic and XNView MP

Updated features and performance improvements:

• Agentless mode connection: improved connection errors management reported by the application
• API:
  • The /api/v3/exports route now returns more detailed information on the filters used when generating a report
  • The /api/v3/vulnerabilities/servers/{id} route now shows EPSS scores of the asset vulnerabilities
• Assets inventory: you can now search by address range in the search bar
• Compliance: updated Active Directory checkpoints for CERTFR_AD analysis
• Discoveries:
  • Docker images hashes and tags can now be reported during an Amazon EKS, Azure Kubernetes Service or Kubernetes discovery
  • Docker images tags can also be reported during a Harbor registry discovery
• Kibana: the information of attack paths and techniques are now referenced in the cve_announcements index
• Network targets and websites: the scan scope is now indicated in the target details
• Scanning engine:
  • Improvements on the Chromium and Google Chrome detection
  • The vulnerability assessment mode of Windows and Microsoft .NET Framework has been refactored
• UX:
  • A search performed from the search bar of the dashboard, the asset inventory the vulnerability encyclopedia, the corrective actions, the security issues encyclopedia and the compliance rules encyclopedia is automatically kept in recent queries
  • The Stored credentials creation form has been refactored

Bugfixes:

• Dashboard: fixed a problem that could lead to the display of duplicate widgets
• Details of a Vulnerability: fixed a 500 error that could prevent some CVEs displaying
• Reports: fixed a PDF reports displaying problem with Adobe Reader
• Scanning engine:
  • Fixed a detection problem on Fortinet devices
  • Fixed a detection problem that could occur on some Jira Server versions
  • Fixed an analysis problem on Stormshield devices

13.9 (2024-04-22)

Highlighted features:

• Alerts: added a dedicated page to see all sent alerts (preview)
• Network targets and websites: you can scan the target API by providing the URL of its Swagger documentation (preview)

New features:

• Scope:
  • Added support for CISCO Firepower devices
  • Added support for Extreme Networks ExtremeSwitching devices
  • Added support for NetApp ONTAP devices
  • Added support for Zimbra Collaboration
• Reports: you can custom the disclaimer

Updated features and performance improvements:

• API: the /api/v3/users/{id} route now shows whether a user is active in the application
• Criticalities: you can now prioritize asset vulnerabilities using only the full CVSS score criterion (CVSS-BTE)
• Details of an Asset: when an ignoring policy is modified or deleted the vulnerability list to consider is now automatically refreshed
• Discoveries: the Assets discoveries view has been refactored
• Docker images: labels in metadata are now retrieved with the Docker API latest version
• Network targets and websites: pages scanned during a target scan are now indicated in analysis reports
• Scanning engine: improvements on the Schneider Electric Modicon devices detection

Bugfixes:

• Compliance:
  • Fixed a rule creation problem that could occur with some operating systems
  • Fixed an infinite scanning problem that could occur on a CERTFR_AD analysis
  • Fixed the script of ICS-LIN-12.5.2 rule
• Discoveries: Kubernetes discoveries now assign all their namespaces to assets using metadata
• Kibana: multiple fixes
• Network targets and websites: fixed detection problems that could occur on some CMS
• Scanning engine:
  • Fixed a detection problem on Microsoft SharePoint Server (SharePoint On-Premise)
  • Fixed an analysis problem on Fortinet devices
  • Fixed on Microsoft .NET Framework versioning installed on an asset

13.8 (2024-03-25)

Highlighted features:

• Alerts: you can create alerts from the discovered assets view to highlight new identified assets (preview)
• Network targets and websites: added security issues on the certificate expiration of the target (preview)
• Scanning engine: Cyberwatch now relies on CNA data for vulnerability analysis

New features:

• Compliance: added and updated multiple CIS Benchmarks
• Reports: you can generate a PDF report for a corrective action
• Scope:
  • Added end-of-life dates for Ruby
  • Added support for AnyDesk
  • Added support for Foxit PDF Reader
• Stored credentials: added support for CyberArk Central Credential Provider, for agentless mode connections

Updated features and performance improvements:

• Activities: actions related to asset policies are now logged
• Details of a Corrective action: you can sort by version in the related assets table
• Discovered assets: selectors have been replaced by a filter search bar
• Discoveries: you can now use the certificate authentication mode for Kubernetes discoveries
• Exports and Reports:
  • Added an option to block unauthenticated access to exports and reports from email
  • You can now disable the mailing feature
• Harbor: you can now define a permanent credential on the Harbor scanner, to launch the Docker images analysis from Cyberwatch and not only from Harbor
• Network targets and websites: the headless mode is now enabled by default when a new scanning policy is created
• Scanning engine: improved the scanning execution states management on Docker and Cloud assets
• Users: multiple UX improvements on the users list

Bugfixes:

• Agentless mode connection:
  • Fixed a Microsoft Azure API connection creation problem
  • Fixed a problem where the login could be lost when creating a connection
• Compliance: fixed the script of SBP-LIN-04-005 rule
• Network targets and websites: fixed the feature to sort by last connection error
• Scanning engine:
  • Fixed an analysis problem on Adobe Acrobat Standard
  • Fixed an analysis problem on some Microsoft Office versions
  • Fixed an analysis problem on Zoom
  • Fixed a detection issue on Fortinet devices
  • Fixed a detection issue on Java
  • Fixed a detection issue on SUSE 12 SP5 packages
  • Fixed an SNMP scan problem that could occur on some network devices
• Security issues encyclopedia: the filters of the search bar are once again considered in the generated PDF reports

13.7 (2024-02-19)

Highlighted features:

• Alerts: multiple improvements (preview)
• Discoveries: added a discovery to retrieve running Docker images on Linux assets (preview)
• UX: you can create a saved query from a recent search, from the search bar of the dashboard the asset inventory, the vulnerability encyclopedia, the corrective actions, the security issues encyclopedia and the compliance rules encyclopedia (preview)

New features:

• API: the /api/v3/vulnerabilities/servers/info route is now documented and can be used to get the raw export of an asset
• Exports: added the OS column in the discoveries CSV exports
• Scope:
  • Added Ethernet-IP protocol support for monitoring industrial devices
  • Added security advisories from the CERT-EU
  • Added support for Allen Bradley Rockwell Automation devices
  • Added support for Devolutions Remote Desktop Manager
  • Added support for Fortinet FortiMail devices
  • Added support for Schneider Electric EcoStruxure Control Expert
  • Added support for Siemens SIMATIC applications
  • Added support for Ucopia devices
• Vulnerability encyclopedia: added a tooltip when hovering over a CVE to display its summary

Updated features and performance improvements:

• Assets inventory: you can now sort by description
• API: the /api/v3/assets/servers/{id} now shows whether an application is part of the asset history or if it is currently detected
• Discoveries: The «Automatic registration of discovered assets» configuration has been refactored
• Docker images: the Docker applicative package scanning script now supports NPM 9, NPM 10 and Yarn 4
• Identity Providers: you can now use a self-signed certificate for the SAML identity provider metadata URL
• Network targets and websites: the AES-CBC encryption algorithm is now considered obsolete
• Scanning engine:
  • Improved on Windows user applications versioning installed on an asset
  • Improved performances of the vulnerabilities analysis
• UX:
  • Improved application error notifications
  • You can also view the five most recent searches in the search bar of the dashboard the vulnerability encyclopedia, the corrective actions, the security issues encyclopedia and the compliance rules encyclopedia

Bugfixes:

• API: you can once again import the Swagger documentation on API clients
• Detail of an Asset: fixed a displaying error that may occur on the status of security issues associated to an asset
• Discoveries: fixed some information reported in the Microsoft Azure discoveries
• Docker images: fixed a Docker images analysis problem from Amazon Elastic Container Registry
• Reports: fixed a displaying problem on some characters in the PDF reports of a compliance rule
• Scanning engine:
  • Fixed a detection issue on Ivanti Connect Secure
  • Fixed a package detection issue on VMWare Workstation
  • Fixed an analysis problem on Fortinet Fortigate devices
  • Fixed detection issues on Amazon Linux 1 and Amazon Linux 2

13.6 (2024-01-23)

Highlighted features:

• Alerts:
  • You can create alerts to be notified new items matching custom search criteria on assets vulnerabilities, security issues and compliance rules (preview)
  • An e-mail alert is enabled by default to be notified any CVEs referenced in the CISA KEV and CERT-FR ALE catalogs that are present in the information system (preview)
• UX: you can view the five most recent searches in the asset inventory search bar (preview)

New features:

• Activities:
  • Administrator activities perform during impersonate operations of a service account are now logged
  • The relaunch scan of a network target or a website is now logged
  • You can export the activities list in the CSV file
• Administration: added support for Gravatar
• Agentless mode connection:
  • Added support for SNMPv1
  • You can use Assume Role feature of the AWS Security Token Service API for the AWS Session Manager protocol
• Compliance rules encyclopedia: you can create a custom repository from the add rules to custom repositories modal
• Network targets and websites scans: added an option to define a scan perimeter associated with a sub-domain
• Nodes: you can perform a partial assets aggregation
• Scope:
  • Added software and BIOS support for Dell computers
  • Added support for Alpine Linux 3.19.0
  • Added support for Cisco 5520 Wireless LAN Controller devices

Updated features and performance improvements:

• Agentless mode connection: UX improvements on the Technical requirements section in the creation view
• API: added a name field in the /api/v3/credentials route
• Cloud assets: UX improvements to create a credential set from the creation view, when no asset type credential exists in the stored credentials list
• Details of an Asset: the Security issues tab now displays all obsolete versions of the same application
• Exports: improved performances on CSV exports generation
• Logs:
  • Improved administrator actions messages performed during impersonate operations of a service account
  • Improved removed user actions messages
• Scanning engine: improved performances in the vulnerability assessment on target versions of applications
• Scanning policies: The « Web application scan » section on the policy creation and edition views has been refactored

Bugfixes:

• Agents: fixed the agent configuration commands in proxy mode
• API:
  • Fixed a problem on some fields of /api/v3/cve_announcements route
  • Multiple fixes in Swagger documentation on some routes
• Compliance:
  • Fixed the script of ICS-Linux and ICS-Windows rules
  • Fixed the script of SBP-WIN-01-001 rule
  • Multiple fixes on several ICS and SBP repositories
• Discoveries: fixed a redirection problem on the creation view to the stored credentials creation page corresponding to the appropriate discovery type
• Docker images: fixed an analysis problem on Distroless images
• Scanning engine:
  • Fixed a package detection issue on GIMP
  • Fixed a package detection issue on Microsoft SharePoint Server (SharePoint On-Premise)

13.5 (2023-12-19)

Highlighted features:

• Discoveries: added an Azure Kubernetes Service discovery (preview)
• Scope: added support for Schneider Modicon M340 devices (preview)
• Users: you can create service accounts to perform administration operations that do not require the usage of a regular user account (preview)

New features:

• Agentless mode connection: WinRM Kerberos authentication is now available
• Compliance: added and updated multiple CIS Benchmarks
• Reports: add EPSS scores to Asset, Technical Management and Detailed technical PDF reports
• Scope:
  • Added end-of-life dates for Microsoft Office 2013, 2016, 2019 and 2021 (perpetual versions)
  • Added security advisories from the CERT-IST Thales
  • Added support for Fedora 38 and 39

Updated features and performance improvements:

• Discoveries: Microsoft Azure Active Directory discoveries are renamed to Microsoft Entra ID
• Exports: the scheduled exports are now sent only to user accounts whose email address is defined in the application
• Scope: improved Microsoft SharePoint Server 2019 support (SharePoint On-Premise)

Bugfixes:

• Discovered assets: fixed a displaying problem in the detail modal of a discovered asset
• Scanning engine: fixed the scanning method of Windows user applications
• Users: fixed an issue with the full name automatic synchronization of OpenID Connect user accounts

13.4 (2023-11-27)

Highlighted features:

• Discoveries and Harbor:
  • Added a Harbor registry discovery (preview)
  • You can now distribute Docker image scans across several nodes of a Cyberwatch instance (preview)

New features:

• Compliance: added CIS Microsoft Intune Benchmark for Windows 10 and Windows 11
• Details of an Asset: you can now view the details of a CVE from the “Patch management” tab
• Exports: added a search bar to the export inventory
• Harbor: you can now adjust the time between two successive Harbor API requests to get the vulnerability report for a Docker image during its preparation by Cyberwatch
• Scope:
  • Added support for macOS 14
  • Added support for Microsoft Teams classic for the Windows version
  • Added support for Windows 11 23H2
• Users:
  • Added an “E-mail” field to the user account creation form, allowing the user’s e-mail and login to be dissociated
  • You can now automatically synchronize the description of SSO user accounts

Updated features and performance improvements:

• Compliance: improved the script of SBP-WIN-01-006, SBP-WIN-02-001, SBP-WIN-02-002 and SBP-WIN-02-003 rules
• MITRE ATT&CK: Cyberwatch now relies on attack techniques from ATT&CK version 14
• Perimeter: improved support of Siemens S7 equipments
• Scanning engine: improved Connect Secure products detection, following Ivanti’s acquisition of Pulse Secure
• Users: multiple enhancements to user session management, user permissions and disabled accounts

Bugfixes:

• Air gap assets: fixed a 500 error when importing air gap asset results
• Details of a Discovery: the target name was no longer displayed for some discoveries
• Details of a Vulnerability: fixed an issue that would block the rendering of CVSS metrics for some CVEs
• Scanning engine:
  • Fixed a bug related to the maximum attack time in some modules of the network targets and websites scanner
  • Fixed a package detection issue on VMware vCenter
  • Fixed the vulnerability assessment of F5 BIG-IP products
  • Fixed the vulnerability assessment of RedHat

13.3.1 (2023-11-07)

• Fixed multiple minor bugs and regressions

13.3 (2023-11-06)

Highlighted features:

• Dashboard: the “CISA KEV and CERT-FR ALE” component now replaces by default the “critical CVE with high exploit” component (preview)
• Discoveries: you can now automatically delete scanned assets that have disappeared from discoveries (preview)
• Users: users can now set their time zone (preview)

New features:

• Assets inventory: added an indicator to identify assets that use old compliance rules
• Details of an Asset:
  • Docker containers detected on an asset can now be scanned as dedicated Docker images from the Technologies tab
  • Metadata from discoveries are now exported
• Discoveries:
  • Added Amazon Elastic Kubernetes Service (EKS) discovery
  • You can now view the details of a discovered asset
• Exports:
  • The “Publication date of the CVE”, “Date of listing in CISA KEV” and “Date of listing in CERT-FR ALE” columns have been added in the CSV vulnerabilities export
  • The “Description” column has been added in the CSV assets export
• Docker Images: detection of Go binaries on shell less images is now supported
• Kibana: added the “last_modified” field to the “cve_announcements” index
• Network targets and websites scans: added a new Security issue type to indicate when there is no HTTP to HTTPS redirection on the target
• Reports: the dates of listing in the CISA KEV and CERT-FR ALE catalogs are now indicated in the vulnerabilities PDF reports
• Saved credentials: added a search bar to search by credentials name
• Scanning policies: added an option to scan all network ports
• Scope:
  • Added support for Photon OS 5
  • Added support for SOLIDserver EfficientIP devices
  • Added support for Ubuntu 23.10

Updated features and performance improvements:

• Administration: multiple improvements to the different Integrations views
• Dashboard: saved queries are now placed to the left of the filter bar
• Details of an asset: the CVSS score is now also displayed in the CVE preview
• Discoveries:
  • Editing a discovery now allows you to disable the automatic registration of discovered assets
  • You can now specify a frequency in hours
• Docker images:
  • Improved performances and optimization of the image analysis scripts execution
  • Improved Python packages detection
• Groups and Criticalities: the color palette now offers colors more adapted to both light and dark themes, and also includes the colors that are the most already used
• Kibana: improved the date coherence in the “Detected vs Fixed CVEs Evolution” visualization results
• MITRE ATT&CK: Cyberwatch now relies on attack techniques from ATT&CK version 13.1
• Reports: multiple improvements of the PDF reports rendering
• Saved credentials: the public SSH key of a credential is now copied to the clipboard
• Scanning engine:
  • All user applications are now included without uniqueness constraints on the product name
  • Improvement the scanning method of Microsoft .NET applications installed by MSI
• UX: a global configuration page now allows you to select the default Identity provider for password and SSO authentication modes

Bugfixes:

• Compliance:
  • Fixed the script of rule SBP-LIN-03-005
  • Fixed the script of rule SBP-LIN-04-002 on RedHat
  • Fixed the script of rule SBP-LIN-04-004
  • Fixed the script of rule SBP-WIN-01-002, in order to also look into accounts configurations made with group policies
• Discoveries: fixed the selection system to specify which engine to use for automated registration of Docker images, when there is more than one available
• Scanning engine:
  • Fixed a package detection issue on Oracle Linux
  • Fixed the vulnerability assessment of Mozilla Firefox ESR

13.2 (2023-10-16)

Highlighted features:

• Details of an asset: the CVE preview now shows a graph with the CVE distribution on the information system (preview)

New features:

• Dashboard: added new components to display CVEs from the CISA KEV and CERT-FR ALE catalogs
• Discovered assets: a new selector with the address type is available
• Docker images: the Docker application package scanning script can now enumerate executable files in shell less images
• Groups: you can now sort by name or assets count
• Harbor: the ephemeral credentials provided by Harbor are now used to scan Docker images
• Scanning engine: improved performances of the vulnerabilities analysis with more granular tasks
• Scope:
  • Added security advisories from the CERT EDF G3
  • Added support for AIX 7.3 devices

Updated features and performance improvements:

• Assets inventory: the tooltip for Communication failure now displays the last communication date
• Details of an asset: the connector address is now displayed in the asset information
• Identity providers:
  • Scopes can now be edited in the OpenID Connect setting form
  • The SAML setting form has been refactored
• UX: improved the pagination component

Bugfixes:

• Agentless mode connections: fixed a SSH key-based authentication problem on specific Linux systems
• Assets: fixed the feature to sort CVE by reference
• Compliance: fixed the SBP-WIN-01-002 rule on Windows Server 2012
• Corrective actions: fixed a display issue for some details of a corrective action
• Details of a Compliance rule: fixed a display error on the rules distribution graph
• Discoveries: fixed the auto scheduling scans on VMware ESXi environments
• Docker images:
  • Added a fix to always use the root user when scanning Docker images
  • Fixed a display issue if the registry was configured with a specific port
  • Fixed a variable error in the Docker image scanning script
• Scanning engine:
  • Fixed a detection issue on Fortinet devices
  • Fixed a detection issue on SLES 15 systems
• Scanning policies: you can once again define an annual or monthly recurrence policy
• Scope: fixed an issue on SonicWall devices
• Settings: fixed an issue that could block a Cyberwatch instance with an external MySQL database
• Vulnerability encyclopedia: fixed a display issue for some details of a vulnerability

13.1.2 (2023-10-02)

• Fixed multiple minor bugs and regressions

13.1.1 (2023-09-29)

• Fixed multiple minor bugs and regressions

13.1 (2023-09-28)

New features:

• Activities: groups automatically assigned through discoveries are now logged
• API:
  • Added the ability to manage asset compliance repositories from the API
  • Added the ability to manage vulnerability comments from the API
  • Added user creation and last connection dates to the API
• Compliance: added new compliance repositories to check hardening level of the Docker application and its processes
• Connectors: it is now possible to define an automatic deletion date for Docker images that have lost communication with our scanner
• CSV exports:
  • Added the “Addresses” column to the CSV export of discovered assets
  • Added the “Installation paths” and “Package type” columns to the CSV export of technologies
• Details of an asset: added a tooltip in the vulnerability history when hovering over a CVE to display its summary
• Details of a corrective action: the technology vendor is now displayed when available
• Discoveries: associated groups are now displayed in the discoveries list
• Docker images: Kubernetes discovery scans identify Kubernetes namespaces and associate them to the corresponding scanned assets
• Scanning engine: added support for hardware CPE codes
• Session: when the user session expires, the page is automatically refreshed
• Scope:
  • Added support for Sonicwall
  • Added support for SUSE 15 SP5
  • Added support for WALLIX Bastion
• Reports: added an alert when a new generated report is available
• UX: it is now possible to replace the application favicon from the Administration > Customization menu

Updated features and performance improvements:

• Agents: agent installation scripts have now syntax highlighting
• Air gap assets: air gap assets now have a last communication date
• Analyzes: multiple improvements of the Cyberwatch analysis scripts scheduler which is now correlated to security database synchronizations
• API: the API now returns by default 100 results per page instead of 25 previously
• Cloud assets: improved error management when connecting to Cloud assets
• Details of a corrective action: multiple UX improvements on this view
• Details of a script: it is now possible to relaunch an analysis script from the script result view
• Details of a vulnerability: the technologies associated with a vulnerability are now grouped by vendor
• Discovery scans: improved the association mechanism to link discovered assets and scanned assets
• Groups: multiple UX improvements on the groups management page
• Network targets and websites scans: improved the scan results in specific cases of websites scanned in headless mode
• Reports: PDF reports are now opened in another browser tab rather than downloaded by default
• Scanning engine: multiple performance improvements on the calculation of vulnerabilities related to CPE codes
• UX: multiple performance improvements of the different inventories loading process

Bugfixes:

• Agentless mode connections: fixed an issue preventing the scan of some AIX systems
• Analyzes:
  • Fixed an analysis issue of specific Cisco Catalyst devices
  • Fixed an analysis issue of the MongoDB Compass app on macOS
• Scanning engine: fixed an Oracle detection problem on Linux systems

13.0.4 (2023-09-15)

• Fixed multiple minor bugs and regressions

13.0.3 (2023-09-14)

• Fixed multiple minor bugs and regressions

13.0.2 (2023-09-11)

• Fixed multiple minor bugs and regressions

13.0.1 (2023-09-08)

• Fixed multiple minor bugs and regressions

13.0 (2023-09-07) - Major release

Highlighted features:

• Criticalities: added a new prioritization method called “3D prioritization” which calculates the high-priority CVEs based on a combination of the full CVSS v3.1 score, the EPSS score, and the CISA KEV and CERTFR-ALE catalogs (preview)
• CVE Encyclopedia: changed the view Details of a CVE to prepare for for the arrival of the CVSS v4 score (preview)
• Identity providers: added the possibility of having multiple identity providers of the same type (SAML, LDAP, OpenID Connect) (preview)
• Scanning engine: Docker images running on a Linux system scanned by Cyberwatch are now automatically also detected and scanned (preview)

New features:

• Activities: added a heat map type graph to visualize the distribution of user activities
• Agentless mode connections:
  • Added a Microsoft Azure connector allowing you to run Cyberwatch scripts and launch scans directly through the Microsoft Azure APIs
  • Added AES 256 encryption protocol on SNMP connections
  • Added an AWS Session Manager connector allowing you to run Cyberwatch scripts and launch scans directly through the AWS APIs
• Analyses:
  • Added support for CPU vulnerabilities present on Linux systems such as Spectre Meltdown and their more recent variations. Linux CPU vulnerability scanning is optional, and must be enabled using Scanning policies
  • Cyberwatch is now able to provide multiple installation paths for a unique technology present in the same version in multiple places on a system
• API: it is now possible to set the SNMP context of an agentless mode connection
• Compliance:
  • Cyberwatch now displays the CAPEC and MITRE ATT&CK techniques on compliance rules when available
  • Cyberwatch now displays the category of compliance rules. This category can also be used to filter rule families from the encyclopedia
• Compliance rules encyclopedia: added a filter allowing you to display only the rules currently tested on your assets
• CSV exports: added the “Detected at” and “Fixed at” columns to the CSV export of Security issues
• Dashboard:
  • Added new components allowing to perform analysis by vulnerability detection date
  • Dashboard metrics are now shared between users with global rights. This features allows new users to have common history metrics available when they first connect
• Details of a Compliance rule: it is now possible to assign repositories to a rule when consulting it
• Details of a Vulnerability:
  • Added a graph to monitor the progress of the CVE remediation on affected assets, by group
  • Cyberwatch now displays the date at which the vulnerability was added to the CISA KEV
• Details of an asset:
  • A column indicating the maximum EPSS score of CVEs impacting each technology has been added to the “Patch Management” tab
  • Technologies in the “Patch Management” tab now provide a direct link to the appropriate page of the Corrective actions encyclopedia
• Discovered assets: assets metadata are now enriched with data from their associated discoveries
• Discoveries:
  • Added a GitLab Container Registry discovery allowing the discovery of Docker images on Gitlab instances with restricted rights
  • AWS Discovery Scans can now use an AWS Session Manager connector
  • Discoveries from AWS environments now enrich their associated scanned assets with region and machine-id metadata
• Encyclopedias: added a column indicating the number of assets associated with each entry in the Vulnerabilities, Security issues and Compliance rules encyclopedias
• Inventory: added a filter allowing you to search by Operating System family
• Kibana: added an environmental_score field to the computers_cve index representing the CVE context-based score
• MITRE ATT&CK: changing the filters in the inventory view now automatically update the MITRE ATT&CK navigator when opened in another tab
• Scanning policies: it is now possible to configure ports to use or exclude from scans of Network targets and websites
• Scope:
  • Added automatic Maven package detection to Docker image scanning
  • Added support for Amazon Linux 2023
  • Added support for Debian 12
  • Added support for Dell IDRAC devices
  • Added support for FortiDDoS devices
  • Added support for the Amazon Corretto application on Windows
• Security:
  • Added blocking by IP for brute force attempts to connect to the application
  • Added mechanisms to prevent time-based attempts to enumerate accounts on the app login form
• Vulnerabilities encyclopedia:
  • Added a “Catalog” filter to the search bar. This filter makes it possible in particular to filter CVEs belonging to catalogs such as the CISA KEV
  • Added the CERTFR-ALE and CISA KEV catalogs to the vulnerability encyclopedia

Updated features and performance improvements:

• Assets: Network targets and websites, and Docker Images, now have a last communication date
• Authentication: it is no longer necessary to retype the password when modifying the LDAP configuration
• Compliance: improved the way potential errors encountered when running a compliance rule are displayed
• Docker images:
  • Docker images are now always removed from the Docker runtime once scanned
  • Improved support of Alpine Linux images
• Harbor: redesigned the configuration process allowing to scan Docker images through a Harbor instance. The configuration is now located in the Administration > External tools > Harbor Scanner menu
• Linux agent: updated the agent installation lines to better manage the addition of a PGP key on hardened systems where umask permissions could be a problem
• Maintenance and security: migrated the Docker image of the Cyberwatch application from Debian 11 to Debian 12
• PDF reports:
  • Increased the maximum number of rules exported from 100 to 500 in Compliance Rules PDF reports
  • Multiple UI improvements on PDF reports
• Performance: improved the performances of the periodic vulnerabilities computation process
• Saved queries: saved queries now remember the sorting selected when saving the query
• Scans: multiple improvements on Cyberwatch scanning scripts scheduling
• Security: multiple functional and security improvements on LDAP and SAML identity providers
• User actions: added automatic escape of multiple special characters in Markdown comments
• Users: it is now impossible to modify the name/first name of users created through an external identity provider
• UX:
  • Improved management of links embedding an anchor throughout the application
  • The icon indicating a loss of communication is now white for dark theme applications

Bugfixes:

• Analyzes: fixed an analyze issue on Adobe Creative Cloud Diagnostics
• API:
  • Fixed an issue on the /api/v3/rules route that could cause performance issues
  • Fixed an issue that allowed custom rules to be added to a built-in repository
  • Fixed an issue that prevented a rule natively embedded by Cyberwatch from being added to a custom repository
• Azure Discoveries: assets that only have a private IP address are now correctly reported
• Benchmarks:
  • CIS rules that need to be processed manually are now marked as such and no longer marked as supported
  • Fixed an issue regarding the import of some Benchmarks that do not define a xccdf namespace
• Compliance:
  • Fixed a display issue for compliance rules not waiting for feedback
  • Windows Server 2012 compliance rules now use the Get-ItemProperty command for backwards compatibility
• Interface: fixed an issue on the progress bars indicating the complexity of the password entered
• Network targets and websites: fixed an issue that could cause an exception when Nmap was unable to identify the service behind a port
• Scanning engine: fixed a detection problem on Cisco AnyConnect and Cisco Secure Client
• Security issues: the payload of some Security issues is now truncated when it is too long

---

Table of contents

• Changelog of the base of the orchestrator
• Changelog of the Cyberwatch agent
• Release frequency and support lifecycle of updates