Change log of the Cyberwatch software
13.0.4 (2023-09-15)
- Fixed multiple minor bugs and regressions.
13.0.3 (2023-09-14)
- Fixed multiple minor bugs and regressions.
13.0.2 (2023-09-11)
- Fixed multiple minor bugs and regressions.
13.0.1 (2023-09-08)
- Fixed multiple minor bugs and regressions.
13.0 (2023-09-07) - Major release
Highlighted features:
- Criticalities: added a new prioritization method called “3D prioritization”, which calculates the high-priority CVEs based on a combination of the full CVSS v3.1 score, the EPSS score, and the CISA KEV and CERTFR-ALE catalogs. (preview)
- CVE Encyclopedia: changed the view Details of a CVE, to prepare for for the arrival of the CVSS v4 score. (preview)
- Identity providers: added the possibility of having multiple identity providers of the same type (SAML, LDAP, OpenID Connect). (preview)
- Scanning engine: Docker images running on a Linux system scanned by Cyberwatch are now automatically also detected and scanned. (preview)
New features :
- Activities: added a heat map type graph to visualize the distribution of user activities.
- Agentless mode connections:
- Added a Microsoft Azure connector allowing you to run Cyberwatch scripts and launch scans directly through the Microsoft Azure APIs.
- Added AES 256 encryption protocol on SNMP connections.
- Added an AWS Session Manager connector allowing you to run Cyberwatch scripts and launch scans directly through the AWS APIs.
- Analyses:
- Added support for CPU vulnerabilities present on Linux systems such as Spectre, Meltdown and their more recent variations. Linux CPU vulnerability scanning is optional, and must be enabled using Scanning policies.
- Cyberwatch is now able to provide multiple installation paths for a unique technology present in the same version in multiple places on a system.
- API: it is now possible to set the SNMP context of an agentless mode connection.
- Compliance:
- Cyberwatch now displays the CAPEC and MITRE ATT&CK techniques on compliance rules, when available.
- Cyberwatch now displays the category of compliance rules. This category can also be used to filter rule families from the encyclopedia.
- Compliance rules encyclopedia: added a filter allowing you to display only the rules currently tested on your assets.
- CSV exports: added the “Detected at” and “Fixed at” columns to the CSV export of Security issues.
- Dashboard:
- Added new components allowing to perform analysis by vulnerability detection date.
- Dashboard metrics are now shared between users with global rights. This features allows new users to have common history metrics available when they first connect.
- Details of a Compliance rule: it is now possible to assign repositories to a rule when consulting it.
- Details of a Vulnerability:
- Added a graph to monitor the progress of the CVE remediation on affected assets, by group.
- Cyberwatch now displays the date at which the vulnerability was added to the CISA KEV.
- Details of an asset:
- A column indicating the maximum EPSS score of CVEs impacting each technology has been added to the “Patch Management” tab.
- Technologies in the “Patch Management” tab now provide a direct link to the appropriate page of the Corrective actions encyclopedia.
- Discovered assets: assets metadata are now enriched with data from their associated discoveries.
- Discoveries:
- Added a GitLab Container Registry discovery allowing the discovery of Docker images on Gitlab instances with restricted rights.
- AWS Discovery Scans can now use an AWS Session Manager connector.
- Discoveries from AWS environments now enrich their associated scanned assets with
region
andmachine-id
metadata.
- Encyclopedias: added a column indicating the number of assets associated with each entry in the Vulnerabilities, Security issues and Compliance rules encyclopedias.
- Inventory: added a filter allowing you to search by Operating System family.
- Kibana: added an environmental_score field to the computers_cve index representing the CVE context-based score.
- MITRE ATT&CK: changing the filters in the inventory view now automatically update the MITRE ATT&CK navigator when opened in another tab.
- Scanning policies: it is now possible to configure ports to use or exclude from scans of Network targets and websites.
- Scope:
- Added automatic Maven package detection to Docker image scanning.
- Added support for Amazon Linux 2023.
- Added support for Debian 12.
- Added support for Dell IDRAC devices.
- Added support for FortiDDoS devices.
- Added support for the Amazon Corretto application on Windows.
- Security:
- Added blocking by IP for brute force attempts to connect to the application.
- Added mechanisms to prevent time-based attempts to enumerate accounts on the app login form.
- Vulnerabilities encyclopedia:
- Added a “Catalog” filter to the search bar. This filter makes it possible in particular to filter CVEs belonging to catalogs such as the CISA KEV.
- Added the CERTFR-ALE and CISA KEV catalogs to the vulnerability encyclopedia.
Updated features and performance improvements:
- Assets: Network targets and websites, and Docker Images, now have a last communication date.
- Authentication: it is no longer necessary to retype the password when modifying the LDAP configuration.
- Compliance: improved the way potential errors encountered when running a compliance rule are displayed.
- Docker images:
- Docker images are now always removed from the Docker runtime once scanned.
- Improved support of Alpine Linux images.
- Harbor: redesigned the configuration process allowing to scan Docker images through a Harbor instance. The configuration is now located in the Administration > External tools > Harbor Scanner menu.
- Linux agent: updated the agent installation lines to better manage the addition of a PGP key on hardened systems where umask permissions could be a problem.
- Maintenance and security: migrated the Docker image of the Cyberwatch application from Debian 11 to Debian 12.
- PDF reports:
- Increased the maximum number of rules exported from 100 to 500 in Compliance Rules PDF reports.
- Multiple UI improvements on PDF reports.
- Performance: improved the performances of the periodic vulnerabilities computation process.
- Saved queries: saved queries now remember the sorting selected when saving the query.
- Scans: multiple improvements on Cyberwatch scanning scripts scheduling.
- Security: multiple functional and security improvements on LDAP and SAML identity providers.
- User actions: added automatic escape of multiple special characters in Markdown comments.
- Users: it is now impossible to modify the name/first name of users created through an external identity provider.
- UX:
- Improved management of links embedding an anchor throughout the application.
- The icon indicating a loss of communication is now white for dark theme applications.
Bugfixes:
- Analyzes: fixed an analyze issue on Adobe Creative Cloud Diagnostics.
- API:
- Fixed an issue on the
/api/v3/rules
route that could cause performance issues. - Fixed an issue that allowed custom rules to be added to a built-in repository.
- Fixed an issue that prevented a rule natively embedded by Cyberwatch from being added to a custom repository.
- Fixed an issue on the
- Azure Discoveries: assets that only have a private IP address are now correctly reported.
- Benchmarks:
- CIS rules that need to be processed manually are now marked as such, and no longer marked as supported.
- Fixed an issue regarding the import of some Benchmarks that do not define a
xccdf
namespace.
- Compliance:
- Fixed a display issue for compliance rules not waiting for feedback.
- Windows Server 2012 compliance rules now use the
Get-ItemProperty
command for backwards compatibility.
- Interface: fixed an issue on the progress bars indicating the complexity of the password entered.
- Network targets and websites: fixed an issue that could cause an exception when Nmap was unable to identify the service behind a port.
- Scanning engine: fixed a detection problem on Cisco AnyConnect and Cisco Secure Client.
- Security issues: the payload of some Security issues is now truncated when it is too long.
12.7.3 (2023-06-19)
- Fixed multiple minor bugs and regressions.
12.7.2 (2023-06-16)
- Fixed multiple minor bugs and regressions.
12.7.1 (2023-06-13)
- Fixed multiple minor bugs and regressions.
12.7 (2023-06-07)
Highlighted features:
- Details of an asset: added tool-tips in the graph of the Summary of vulnerabilities, in order to easily identify vulnerable technologies. (preview)
- Identity Providers: SAML and OpenID Connect configurations can now manage user access to Kibana. (preview)
New features:
- Administration: the button to see the state of the execution queues now provides more detailed information.
- Analyzes: added a scan to automatically identify and analyze the Docker images present on a monitored Linux system. This feature must be enabled in Scan Policies and is still in beta.
- API: the
/api/v3/assets/servers/{ID}
API route now returns the path of detected packages if available. - Compliance: addition of the category of the rule to the compliance rules sheet.
- Corrective actions: the inventory of corrective actions now also includes the patches whose exact required version is not available.
- CSV exports: added columns “Number of Security issues”, “Asset category” and “Restart required” to the CSV export of the list of assets.
- Details of a Compliance rule: the last analysis date of the rule on assets is now displayed.
- Details of an asset:
- Added a button to see the result of a script in “plaintext” mode in the result view of a script.
- You can now export the scan results of an asset in the ZIP format, with its compliance analysis.
- Inventory of aggregated assets: a new column indicating the last communication date of aggregated assets is now present.
- Scope:
- Added support for Aruba IAP devices in SNMP.
- Added support for ManageEngine Endpoint Central application.
Updated features and performance improvements:
- Administration: it is now impossible to import a security database ZIP file older than 30 days.
- API: updated the API route to retrieve compliance rules in air gap mode, in order to support XCCDF rules.
- Benchmarks:
- Improved the view to import a new benchmark.
- The import of Benchmarks now supports XCCDFs that declare multiple platforms.
- Compliance:
- Improved formatting of code tags sometimes present in the description of compliance rules.
- Multiple UX improvements on compliance rules.
- Customization: an error is now raised when trying to import an interlaced PNG file as a logo.
- Details of an asset:
- Added a dynamic search bar to the Technologies tab in the Asset view, allowing you to search by package type.
- Improved display of new activity notifications in the Asset view.
- Multiple UX improvements on the script history in the “Patch Management” tab, in the Asset view.
- The CWE code has been moved to the tooltip displayed when hovering the mouse cursor on a CVE.
- Discoveries: refactored the data format in order to prepare new features in this part of the software.
- Inventory: the “Network addresses” field of assets is now sorted in lexicographic order, which allows IP addresses to always be displayed before FQDNs.
- Scans: the Log4J scans present by default in the application now provide the path of the identified files.
- Security: integration of a mechanism to increase the number of iterations used to hash passwords stored in the application, in order to comply with the evolution of the OWASP recommendations.
- UX: multiple UX improvements when consulting the application from a mobile.
Bugfixes:
- API: API route
/api/v3/vulnerabilities/cve_announcements
now also returns the CWE MITRE techniques of its parents, like already done in the web application. - Analyzes :
- Fixed a detection issue on Java Platform SE.
- Fixed a scanning issue on Huawei devices.
- Fixed false positives on macOS.
- Compliance :
- Fixed an issue with the compliance rate color used in some specific cases.
- Fixed compliance scripts for some rules that could show an uninstalled package as present.
- Dashboard:
- Fixed how numbers are displayed on some components.
- Ignored vulnerabilities are no longer counted in the dashboard components KPI.
- Discovery scans: added a validation on the maximum number of characters on some fields in the forms to create new Discovery scans.
- Network targets and websites: Fixed an issue that could prevent scanning if the target blocks ping requests.
12.6.1 (2023-05-22)
- Fixed multiple minor bugs and regressions.
12.6 (2023-05-11)
Highlighted features:
- Docker images: added the support of the Harbor Scanner Adapter API standard. You can now directly run Cyberwatch scans on Docker images right from the Harbor web interface. (preview)
New features:
- Administration:
- Added an alert indicating since when the synchronization with the knowledge base was launched, when it is still under progress.
- Added an icon to the Administration menu indicating when a new update is available, and when the synchronization with the knowledge base is too old.
- The last synchronization error with the knowledge base is now displayed.
- You can now disable SMTP without completely deleting its configuration.
- You can now disable the proxy without completely deleting its configuration.
- You can now enable or disable the compliance module on a Cyberwatch instance, if it has the appropriate license.
- Discoveries:
- AWS discoveries can now automatically discover ARNs on the go, and query associated accounts.
- AWS discoveries now report more metadata, such as tags, region…
- Exports:
- Added the patch status, the maximum exploit level and CVE score values, to CSV Patches export.
- Added an option to choose whether the scheduled export will be sent as an email attachment or not.
- You can now mark exports as read.
- Scans: the Windows metadata scan now detects the presence of Windows Subsystem for Linux (WSL). An asset rule, present and disabled by default, allows you to add the
WSL
group to the appropriate assets. - Scope:
- Added support for the php-zendserver application on Docker images.
- Added support for the Wireshark Portable application on Windows.
- Added support for Ubuntu 23.04.
Updated features and performance improvements:
- Analyses: improved support for Office C2R.
- Compliance:
- Improved performance and optimized of the execution code for specific sets of rules that call the same methods.
- Multiple improvements on the Benchmarks import.
- The result of compliance rules are now displayed in a modal window instead of a dedicated page.
- Details of an Asset:
- Added a curve indicating the number of high-priority vulnerabilities to the Summary tab.
- Added the end of support date for deprecated applications in the Security issues tab.
- The top 5 Security issues are now displayed with more details in the Summary tab.
- Docker images: scans no longer return the IP addresses of the Docker images by default.
- Security issues: added the ability to edit the description of a custom Security issue payload.
- UX / UI:
- Improvement of the main search bars in the different views of the application.
- Multiple UX improvements on the graphs of the application.
Bugfixes:
- Active Directory compliance: users reported by compliance rules are no longer limited to
CN=Users
. - Agents: fixed a problem that could prevent the correct reporting of the IP address of assets scanned with an agent.
- Analyses: fixed an issue that mixed the KeePassXC product with the KeePass software.
- Benchmarks: fixed a problem preventing the import of Benchmarks containing rules where the code column is larger than 255 characters.
- CSV exports:
- Fixed a headers inversion issue on CSV Asset list export generated for a corrective action.
- The CSV export of discovered assets now correctly filters its data based on the assets that are selected.
- Details of a Corrective action: fixed a problem that could lead to the display of duplicate assets.
- Docker images:
- Fixed an error when scanning some images that have a label.
- Fixed an issue preventing the creation of a Docker image from its hash.
- OpenID Connect configuration: added the ability to disable the TLS verification.
- Scan of Windows user applications: added alternative methods in order to provide better support of the script on old systems.
12.5 (2023-03-29)
Highlighted features:
- Agentless scans: added support for Android and iOS devices with Microsoft Intune. (preview)
- Details of an asset: the Patch management tab now indicates the full path of the
EXE
files detected with Windows user applications scan. (preview) - The application has been updated with a new graphical theme. Cyberwatch now uses the official branding of the Framatome group. (preview)
New features:
- Assets scanned with Microsoft Intune: added metadata for assets scanned with Microsoft Intune.
- Details of a Corrective action:
- Added a tool-tip when hovering on the related CVEs to display their summary.
- Added the EPSS score in the related CVEs tab.
- Details of a Scanning policy: advanced settings of the scanning policy are now displayed.
- Details of an asset:
- Added a toolbar to manage the comments markdown properties.
- EXE files detected with the Windows user application scan can now be uninstalled from the Technologies tab.
- Exports: added an indicator when there are unread exports, as well as their number.
- Node management: added a tool-tip displaying the description of the node when hovering the mouse over the node name.
- PDF reports: added description text to present the different sections of the report.
- Performances: added a new menu to consult the status of the
sidekiq
andsidekiq_node
service queues. - Scope:
- Added the native support for Siemens S7 PLCs and Hirschmann switches with Industrial scans.
- Added support for the Apache application on Docker images.
- Added support for the Drupal application on Docker images.
- Added support for the Grafana application on Docker images.
- Added support for the HAProxy application on Docker images.
- Added support for the Joomla! on Docker images.
- Added support for the MobyProject::Moby application on Linux.
- Added support for the MongoDB application on Docker images.
- Added support for the Nextcloud app on Docker images.
- Added support for the ownCloud application on Docker images.
- Added support for the Ruby application on Docker images.
- Added support for the Tomcat application on Docker images.
- Added support for the Wordpress application on Docker images.
- Security issues: added a tool-tip when hovering on a CVE to display its summary.
- Windows scans: added detection of portable applications deployed as
EXE
files.
Updated features and performance improvements:
- Administration:
- Improved error management when importing an invalid Cyberwatch license.
- Redesigned and moved multiple menus in this view for easier usage.
- Compliance:
- Added support for new compliance rules from CIS benchmarks.
- Modified several rules of the Security_Best_Practices repository in order to use the CIS Benchmark scripts.
- CSV export:
- Ignored CVEs are no longer exported in the Patches export.
- Modified the calculation of the compliance rate in CSV exports.
- Dashboard: multiple UX improvements.
- Scans of network targets and websites: the headless scans feature is now enabled by default in the default Scanning policy.
Bugfixes:
- Agent inventory: fixed a 500 error when an agent without a version is present.
- Dashboard: fixed an issue on the filters when clicking on the “Compliance by level” graph.
- Fixed an issue preventing the AWS compliance rule
CIS-AWS-5.2
from working. - Fixed Java detection issues on Linux devices.
- Fixed scanning issue on Synology devices.
12.4.2 (2023-03-06)
- Fixed multiple minor bugs and regressions.
12.4.1 (2023-03-03)
- Fixed multiple minor bugs and regressions.
12.4 (2023-03-02)
Highlighted features:
- Administration: changed the Administration view of the software to make it easier to use. (preview)
- Corrective actions: added a dedicated page to see all available corrective actions. (preview)
- Details of an asset: you can now edit an asset directly from the Edit bar on the right of the user interface. (preview)
- Scope: the User applications scan for Windows now browses the whole user directory instead of just focusing on the APPDATA folder.
New features:
- Administration: the synchronization of the knowledge database is now performed through a dedicated button located next to the “Administration > Security Database” section.
- Corrective actions: added a new view for each patch, in order to see their related assets and additional details.
- Criticalities: added a column to display the number of related assets for each Criticality, which redirects on-click on the Inventory with the appropriate filters.
- Dashboard: removed the Vulnerabilities and Compliance dashboards in order to provide only one aggregated dashboard that can be customized with multiple components.
- Details of an asset: you can now see the preview of a Markdown comment.
- Discoveries: added a new network discovery scan dedicated to Industrial devices.
- Exports: added the EPSS score to the CSV Vulnerabilities export.
- Scope:
- Added support for FortiRecorder.
- Added support for Hirschmann Bobcat.
- Users activity: you can now add comments to users activity.
Updated features and performance improvements:
- Agents: added an alert message when detecting obsolete agents.
- Aggregations: the aggregated nodes management has been moved to the Nodes administration view.
- Analyses: the Windows scans do not longer check the WSUS configuration in order to avoid potential requests to Windows Update.
- Benchmarks:
- Added a new metric with the number of supported rules among the total available rules in the Benchmark.
- Imported Benchmarks can now be edited and deleted.
- Multiple UX and UI improvements on the Benchmark detailed view.
- Compliance:
- Deleted multiple obsolete repositories.
- Rules: added support for new rules types in the Benchmarks.
- View of a rule: multiple UX improvements on the detailed view of a rule.
- Details of a vulnerability: Impact Metrics now correspond to the values of the CVSSv3 and no longer to the CVSSv2.
- Kibana: added the official OS name in the indices.
- Policies: policies are now sorted alphabetically when selecting them in the different views of the software.
- Technologies: deleted the package history with a one year retention duration.
- Users activities:
- Added a new metric on the number of objects affected by a user action.
- Added a new user action, generated when creating objects from the interface or the API (Docker images, agentless connections, network targets and websites).
- Website scans: added a
headless
mode to the web scanner in order to properly assess the security of heavy JavaScript-based web applications. This feature must be configured in the Scanning policies, and is still in beta version.
Bugfixes:
- Administration: improved error messages when configuring a proxy server on the agent.
- Assets rules: fixed an issue that would block the rendering of selected Operating Systems when editing a rule.
- Compliance rules: fixed an issue that would let users duplicate rules generated from OVAL / SCAP benchmarks (these rules can not be duplicated).
- Dashboard: fixed an issue that would block the rendering of the Dashboard when performing a search request with a wrong keyword.
- Docker discoveries: improved exceptions management when running Docker discoveries on GitLab.
- Scanning engine:
- Fixed a detection issue on Git for Windows.
- Fixed a detection issue that could occur on PRTG Network Monitor subversion.
- Fixed a problem that could produce exceptions on Active Directory Compliance scans.
- Fixed an analysis problem on OpenJDK.
- Fixed potential false positives related to residual Microsoft Edge data in the Users applications.
12.3.3 (2023-01-31)
- Fixed multiple minor bugs and regressions.
12.3.2 (2023-01-30)
- Fixed multiple minor bugs and regressions.
12.3.1 (2023-01-25)
- Fixed multiple minor bugs and regressions.
- Fixed a security issue on the macOS agent (the fix does not require to update the macOS). Source: Titouan Allain, Shadow SAS.
12.3 (2023-01-23)
Highlighted features:
- Dashboard: the Vulnerability dashboard can now be customized. You can add and remove widgets. (preview)
- Details of an asset: added a tool-tip when hovering CVE to display their summary. (preview)
- Users activity: added a dedicated page to consult users activity. (preview)
New features:
- Aggregated assets: it is now possible to automatically add a group to all the assets of an aggregated node.
- API:
- Security issues references are now provided in the API vulnerability route.
- The CVSSv3 ceiling is now provided in the environment field of the API asset route.
- Assets rules: added a search bar to configure filters right from the Rules creation form.
- Compliance:
- Added the ability to import your own repositories using the SCAP standard (beta).
- Modified the Compliance rules execution engine to make it compatible with scripts provided natively by the SCAP standard (OVAL, XCCDF, SCE script).
- Details of an asset:
- Added the ability to comment a user action.
- Added a button to relaunch the analysis on an asset.
- Added a dynamic searchbar in the Compliance tab.
- Discovery scans: it is now possible to specify targets that must be excluded from the network discovery scan.
- Docker images: labels of Docker images are now provided in the asset metadata.
- Kibana: added a payload field to the computers_security_issues index representing the Security issues payloads.
- PDF reports:
- Added PDF report for Security issues.
- Added the compliance rate of the assets in the PDF Compliance report.
- Scope:
- Added end-of-life dates for the following database software: MongoDB / Oracle Database / PostgreSQL.
- Added end-of-life dates for FortiOS devices.
- Added end-of-life dates for Python versions.
- Added support for Notepad++.
- Added support for SAP Netweaver Java.
- Added support for ESXi 8.0.
- Added support for Fedora 37.
- Added support for Oracle Linux 9.
- Added support for VMware vCenter Server 8.0.
- Cyberwatch now detects local Nginx deployments on Docker images.
- Cyberwatch now detects local PHP and PostgreSQL deployments on Linux systems.
- Users:
- Added a column indicating the last login date in the users list.
- Added a wizard to configure the firstname and lastname of the current user and to subscribe to the newsletter.
Updated features and performance improvements:
- Compliance repositories: multiple UX improvements.
- Configuration of the application URLs:
- The configuration of a self-signed certificate is now done in the agent configuration section.
- The configuration of the scanners mail URLs is now done directly from the Nodes management page.
- Details of an asset:
- Added a button showing the number of unread activities for each asset.
- Improved the process to ignore a CVE.
- The activities of an asset are now accessible from a specific pane, which can be displayed over any tab.
- Docker discoveries: the execution engine is automatically set by default if there is only one available.
- Performances: improved performances in the vulnerability assessment engine for third-party applications installed on Windows environments.
- UI: multiple UX improvements.
Bugfixes:
- Assessment engine:
- Fixed a parsing issue that could occur on Huawei devices.
- Fixed a parsing issue that could occur on pfSense devices.
- Fixed an issue preventing the detection of packages marked as “on hold” on Linux.
- Fixed false positives on OpenJDK.
- Fixed scanning issues that may occur on Synology Diskstation Manager systems.
- Assets rules: fixed a bug when creating an asset rule based on a metadata filter.
- Compliance: fixed the
CERTFR-AD-vuln1_dc_inconsistent_uac
rule which could be reported by mistake as an anomaly. - Network targets and websites scans: fixed an issue that could block website scans in authenticated mode.
- SAML/OpenID authentication: fixed a bug that could lead to a 500 error when the attribute allowing access to all groups is not returned by the IDP.
12.2.4 (2022-12-22)
The 2.X base is no longer supported. If you are still using this version of the Cyberwatch base, please migrate to the 5.X branch with our documentation.
- Added an “end-of-life” popup for Cyberwatch instances that are deployed on 2.X base.
12.2.3 (2022-12-06)
- Fixed multiple minor bugs and regressions.
12.2.2 (2022-12-02)
- Fixed multiple minor bugs and regressions.
12.2.1 (2022-12-01)
- Fixed multiple minor bugs and regressions.
12.2 (2022-11-28)
Highlighted features:
- Authentication: added support for OpenID Connect. (preview)
- Details of an asset: you can now add Markdown comments on an asset. (preview)
- Vulnerability encyclopedia: added a column with the EPSS score. (preview)
New features:
- API: added new nodes attributes to the
/api/v3/nodes/<id>
API route. - Agentless connections: connections in the failure status are now automatically retested once per week.
- Discovery scans:
- Added a Nutanix discovery scan.
- The Amazon Web Services discovery scans now fetch instances names.
- Exports:
- Added a column with the context-based CVSS score in the CSV Vulnerabilities export.
- Added a column with the patch type in the CSV Patches export.
- Added a JSON export with available metadata.
- Inventory:
- Added a filter to display assets with no CVE.
- Added a “Last analysis” column.
- Added a “Last reboot” column.
- Added a “Mobile” category for the assets.
- Added a “Network addresses” column.
- Added a “Registration date” column.
- Kibana:
- Added a new computers_metadata index with the assets metadata.
- Added an update_type field to the computer_updates index in order to specify the patch type.
- Network targets and websites: you can now configure the Nmap
--version-intensity
parameter. - Nodes management: a notification (bell icon on the top right of the UI) is now generated if a node has not communicated with the master instance for two hours.
- Scope:
- Added the Android and Apple iOS operating systems.
- Added the CISA ICS security advisories.
- Added support for Apache OpenOffice.
- Added support for FortiClient EMS.
- Added support for HPE Integrated Lights-Out systems.
- Added support for Microsoft Windows 11 22H2 and Windows 10 22H2.
- Added support for Ubuntu 22.10
- Software deployment: added a setup and configuration wizard after the Cyberwatch software deployment.
Updated features and performance improvements:
- Compliance: extended the Active Directory objects research to the full tree, and changed the objects identification so that it relies now on their classes and not on the
Common Name
. - Dashboards: added the asset count for the “Mobile” category.
- Inventory: assets description is now displayable in a dedicated column rather than with a tool-tip when hovering the asset name.
- PDF reports: improved Security issues data in the PDF reports.
- Permissions: non-admin users can now see the discovery scans if they have been granted access to all assets.
- Rules encyclopedia: improved filters and the search bar.
- Scans: metadata scans now provide the disks size.
- Security and general maintenance: migrated
Vue.js
to version 3.
Bugfixes:
- API: security issues created using the API are now editable.
- Discovery scans: fixed a problem on the Docker registry discovery scans, that could occur with images that have no tag.
- Fixed a problem that could occur when asking to reboot assets on their next reboot maintenance schedule.
- Security issues:
- Fixed a display problem on the “Ignore and comment” button when a global filter is enabled.
- Fixed a problem in the CSV export that did not used the filter to display only vulnerable assets.
- UX: fixed sorting by the status in the history of the scripts for the assets.
Agent 4.12 (2022-11-28)
Optional update
Bugfix :
- Agent for macOS: the pip3
requests
module is now embedded as a dependency in the agent and does not require to be installed before the agent.
12.1 (2022-10-13)
Highlighted features:
- Administration: added a Quick Access setting to add new custom menus in the main menu of the Cyberwatch software. (preview)
- API: added a new Swagger documentation, available at this address. (preview)
- Vulnerability Encyclopedia: added a new field to filter CVE based on a MITRE ATT&CK software. (preview)
New features:
- Air-gapped assets: added the ability to import assets from a CSV/XLSX file.
- Analyses: the operating system previously declared by the OS_PRETTYNAME field is now automatically detected based on the FIRMWARE field for Network targets and websites.
- Dashboards: filters available in the inventory view are now also available in the Vulnerability dashboard.
- Inventory:
- Added new filters to the inventory search bar.
- Clicking on some fields of the inventory now triggers a filtered search on selected value.
- The column customization of the inventory is now saved.
- You can now display the “Scan mode” column in the inventory.
- Logs: new manual analysis requests triggered by a user are now logged.
- Scope (Windows):
- Added support for the Dell Command Update application.
- Added support for the Docker Desktop application.
- Added support for the Git application.
- Added support for the GNU Privacy Guard application.
- Added support for the Nextcloud application.
- Added support for the ownCloud application.
- Added support for the Python application.
- Scope:
- Added support for Palo Alto PAN-OS 10.1 and 10.2.
- Added support for Cisco IOS XR devices.
- Security issues: added the End-of-life dates for Microsoft SQL Server.
Updated features and performance improvements:
- Aggregated assets: improved error management when encountering an issue with the aggregation data export process.
- Analyses: unified CPE codes for multiple network devices in order to improve their matching process with the official NIST database.
- Assessment engine: improved the Java version detection engine.
- CSV exports: added the compliance rate of the assets to the CSV export of the assets list.
- Encoding: improved invalid UTF-8 data management for data sent to the API of the Cyberwatch software.
- Scans:
- Added a 4 hours timeout on WinRM commands execution.
- Improved information reported in the Network devices scans.
Bugfixes:
- Nodes management: fixed an issue when deleting a node that had a Cloud asset associated.
- Scan engine: fixed detection issues on the FortiClient and FortiClient VPN applications.
- SMTP: improved the error management for SMTP configuration, which could lead to 500 errors.
- UX/UI: fixed a bug on the password strength progress bar.
12.0.1 (2022-09-28)
Bugfixes:
- Aggregated assets: improvement in errors logging during assets synchronizations.
- Synchronization: fixed an issue preventing synchronization for new deployments.
12.0 (2022-09-21) - Major release
Highlighted features:
- Administration: added a new menu to manage updates directly from the UI (requires version 5 of the orchestrator, deployed with a RPM / DEB package). (preview)
- Compliance: added new compliance rules to the “CERTFR-AD” repository for Active Directory environments. (preview)
- Discoveries: the discovery scans view has been changed to improve its UI. (preview)
- Exports: added new statistics JSON exports in the inventory view. This data is the same as the data sent to an Elastic stack or to a Google BigQuery data lake. (preview)
- UI/UX: the software interface has been completely changed to merge the Assets, Vulnerabilities, and Compliance modules in one unique view. (preview)
New features:
- Aggregated assets: groups configured on a child node are now automatically synchronized by default on the aggregation node. This feature can be disabled and will then delete the aggregated groups.
- API: added the EPSS score to the
/api/v3/vulnerabilities/cve_announcements
API route. - Asset view:
- Added a new “Summary” tab, with a chart to present the vulnerabilities evolution, and KPI for high-priority vulnerabilities, security issues, and the compliance ratio, and the changelog of the asset.
- You can now select and reorder the tabs to display in an Asset’s view.
- Discovery scans:
- Added a new DNS enumeration discovery dedicated to Certificate Transparency.
- Azure discoveries: added a feature to discover only assets registered in Intune.
- The discovered assets list now shows the operating system if detected.
- Whois discoveries: added a filter to facilitate which domains to select.
- Docker images: added the image creation date to the metadata of Docker assets.
- Exports:
- Added the ability to configure a retention period to planned exports.
- The CSV Assets export now has a column with their network addresses.
- Inventory:
- Added a column to display the compliance ratio of the assets.
- Added new dynamic filters to the search bar.
- Kibana:
- Added a new dashboard for technologies, based on a new computers_packages index with the assets technologies.
- You can now define which Kibana dashboard you want to display in the main menu.
- Logs: the users actions are now logged with more details, and can be used to display a changelog directly in the software interface.
- MITRE ATT&CK: you can now go to the Vulnerability encyclopedia from the attack techniques of the MITRE ATT&CK report.
- Network targets and websites: you can now bulk edit the source (Cyberwatch node) used to scan these assets.
- Nodes: the nodes list now highlights the master node and the update status of all nodes.
- SAML: you can now extract the user email from a custom SAML attribute.
- Scanning engine: applications detected from the Windows Store are now properly marked as from this source.
- Scope:
- Added EPEL security advisories for Fedora systems.
- Added support for Adobe Shockwave Player.
- Added support for Amazon Corretto.
- Added support for Go modules in the declarative mode.
- UI/UX:
- Added a new “Settings” menu to manage most of the software configurations.
- Added the ability to configure the UI to use a fixed or full screen width.
Updated features and performance improvements:
- Agentless mode:
- Added a timeout for SSH agentless connections to improve handling a blocked script.
- Improved available filters in the search bar for the agentless connections list.
- Air-gapped assets: the maximum number of file that you can import in the web interface is now 512.
- API:
- You can now authenticate to the Cyberwatch API with HTTP Basic Auth.
- You can now consult the API right from the web browser.
- API credentials:
- Added the last usage date for each API key.
- API keys are now accessible only during their creation, and must be exported during this step.
- You can now set an expiration date for API keys.
- Compliance: the Compliance module and Rules encyclopedia are now displayed for all Cyberwatch licenses. For instances that do not have an active Compliance license, please refer to your key account manager to be able to use the module.
- Cyberscore: removed the Cyberscore metric from the software, to highlight the EPSS (Exploit Prediction Scoring System, new method created by the FIRST).
- Network targets and websites: you can now register network targets even if their DNS is not resolving at the time of creation. Network targets and websites scans: improved the management of potential false positives generated by the port scan when it has been blocked by a Web Application Firewall.
- Scanning engine: improved the detection engine for Java versions on Linux.
- Security: the password reset feature now displays the same message, whether the targeted user exists or not.
- Users: multiple improvements on the users list UI, with roles and permissions now being displayed.
Bugfixes:
- Agentless connections: fixed an issue that could prevent or truncate the last error message on an agentless connection.
- Kibana: fixed a computation error on the “CVE Specific Dashboard” report.
- Scanning engine:
- Fixed a potential assessment issue on Red Hat 7 systems.
- Fixed an assessment issue that could appear on AlmaLinux and Fedora.
- Fixed an assessment issue that could appear on MariaDB ODBC.
- Fixed an assessment issue that could appear on Microsoft OMI.
- Fixed an assessment issue that could appear on VMware ESXi.
- Fixed an assessment issue that could appear on WinRAR.