Change log of the Cyberwatch software

13.9 (2024-04-22)

Highlighted features:

• Alerts: added a dedicated page to see all sent alerts. (preview)
• Network targets and websites: you can scan the target API by providing the URL of its Swagger documentation. (preview)

New features:

• Scope:
  • Added support for CISCO Firepower devices.
  • Added support for Extreme Networks ExtremeSwitching devices.
  • Added support for NetApp ONTAP devices.
  • Added support for Zimbra Collaboration.
• Reports: you can custom the disclaimer.

Updated features and performance improvements:

• API: the /api/v3/users/{id} route now shows whether a user is active in the application.
• Criticalities: you can now prioritize asset vulnerabilities using only the full CVSS score criterion (CVSS-BTE).
• Details of an Asset: when an ignoring policy is modified or deleted, the vulnerability list to consider is now automatically refreshed.
• Discoveries: the Assets discoveries view has been refactored.
• Docker images: labels in metadata are now retrieved with the Docker API latest version.
• Network targets and websites: pages scanned during a target scan are now indicated in analysis reports.
• Scanning engine: improvements on the Schneider Electric Modicon devices detection.

Bugfixes:

• Compliance:
  • Fixed a rule creation problem that could occur with some operating systems.
  • Fixed an infinite scanning problem that could occur on a CERTFR_AD analysis.
  • Fixed the script of ICS-LIN-12.5.2 rule.
• Discoveries: Kubernetes discoveries now assign all their namespaces to assets using metadata.
• Kibana: multiple fixes.
• Network targets and websites: fixed detection problems that could occur on some CMS.
• Scanning engine:
  • Fixed a detection problem on Microsoft SharePoint Server (SharePoint On-Premise).
  • Fixed an analysis problem on Fortinet devices.
  • Fixed on Microsoft .NET Framework versioning installed on an asset.

13.8 (2024-03-25)

Highlighted features:

• Alerts: you can create alerts from the discovered assets view to highlight new identified assets. (preview)
• Network targets and websites: added security issues on the certificate expiration of the target. (preview)
• Scanning engine: Cyberwatch now relies on CNA data for vulnerability analysis.

New features:

• Compliance: added and updated multiple CIS Benchmarks.
• Reports: you can generate a PDF report for a corrective action.
• Scope:
  • Added end-of-life dates for Ruby.
  • Added support for AnyDesk.
  • Added support for Foxit PDF Reader.
• Stored credentials: added support for CyberArk Central Credential Provider, for agentless mode connections.

Updated features and performance improvements:

• Activities: actions related to asset policies are now logged.
• Details of a Corrective action: you can sort by version in the related assets table.
• Discovered assets: selectors have been replaced by a filter search bar.
• Discoveries: you can now use the certificate authentication mode for Kubernetes discoveries.
• Exports and Reports:
  • Added an option to block unauthenticated access to exports and reports from email.
  • You can now disable the mailing feature.
• Harbor: you can now define a permanent credential on the Harbor scanner, to launch the Docker images analysis from Cyberwatch and not only from Harbor.
• Network targets and websites: the headless mode is now enabled by default when a new scanning policy is created.
• Scanning engine: improved the scanning execution states management on Docker and Cloud assets.
• Users: multiple UX improvements on the users list.

Bugfixes:

• Agentless mode connection:
  • Fixed a Microsoft Azure API connection creation problem.
  • Fixed a problem where the login could be lost when creating a connection.
• Compliance: fixed the script of SBP-LIN-04-005 rule.
• Network targets and websites: fixed the feature to sort by last connection error.
• Scanning engine:
  • Fixed an analysis problem on Adobe Acrobat Standard.
  • Fixed an analysis problem on some Microsoft Office versions.
  • Fixed an analysis problem on Zoom.
  • Fixed a detection issue on Fortinet devices.
  • Fixed a detection issue on Java.
  • Fixed a detection issue on SUSE 12 SP5 packages.
  • Fixed an SNMP scan problem that could occur on some network devices.
• Security issues encyclopedia: the filters of the search bar are once again considered in the generated PDF reports.

13.7 (2024-02-19)

Highlighted features:

• Alerts: multiple improvements. (preview)
• Discoveries: added a discovery to retrieve running Docker images on Linux assets. (preview)
• UX: you can create a saved query from a recent search, from the search bar of the dashboard, the asset inventory, the vulnerability encyclopedia, the corrective actions, the security issues encyclopedia and the compliance rules encyclopedia. (preview)

New features:

• API: the /api/v3/vulnerabilities/servers/info route is now documented and can be used to get the raw export of an asset.
• Exports: added the OS column in the discoveries CSV exports.
• Scope:
  • Added Ethernet-IP protocol support for monitoring industrial devices.
  • Added security advisories from the CERT-EU.
  • Added support for Allen Bradley Rockwell Automation devices.
  • Added support for Devolutions Remote Desktop Manager.
  • Added support for Fortinet FortiMail devices.
  • Added support for Schneider Electric EcoStruxure Control Expert.
  • Added support for Siemens SIMATIC applications.
  • Added support for Ucopia devices.
• Vulnerability encyclopedia: added a tooltip when hovering over a CVE to display its summary.

Updated features and performance improvements:

• Assets inventory: you can now sort by description.
• API: the /api/v3/assets/servers/{id} now shows whether an application is part of the asset history or if it is currently detected.
• Discoveries: The «Automatic registration of discovered assets» configuration has been refactored.
• Docker images: the Docker applicative package scanning script now supports NPM 9, NPM 10 and Yarn 4.
• Identity Providers: you can now use a self-signed certificate for the SAML identity provider metadata URL.
• Network targets and websites: the AES-CBC encryption algorithm is now considered obsolete.
• Scanning engine:
  • Improved on Windows user applications versioning installed on an asset.
  • Improved performances of the vulnerabilities analysis.
• UX:
  • Improved application error notifications.
  • You can also view the five most recent searches in the search bar of the dashboard, the vulnerability encyclopedia, the corrective actions, the security issues encyclopedia and the compliance rules encyclopedia.

Bugfixes:

• API: you can once again import the Swagger documentation on API clients.
• Detail of an Asset: fixed a displaying error that may occur on the status of security issues associated to an asset.
• Discoveries: fixed some information reported in the Microsoft Azure discoveries.
• Docker images: fixed a Docker images analysis problem from Amazon Elastic Container Registry.
• Reports: fixed a displaying problem on some characters in the PDF reports of a compliance rule.
• Scanning engine:
  • Fixed a detection issue on Ivanti Connect Secure.
  • Fixed a package detection issue on VMWare Workstation.
  • Fixed an analysis problem on Fortinet Fortigate devices.
  • Fixed detection issues on Amazon Linux 1 and Amazon Linux 2.

13.6 (2024-01-23)

Highlighted features:

• Alerts:
  • You can create alerts to be notified new items matching custom search criteria on assets, vulnerabilities, security issues and compliance rules. (preview)
  • An e-mail alert is enabled by default to be notified any CVEs referenced in the CISA KEV and CERT-FR ALE catalogs that are present in the information system. (preview)
• UX: you can view the five most recent searches in the asset inventory search bar. (preview)

New features:

• Activities:
  • Administrator activities perform during impersonate operations of a service account are now logged.
  • The relaunch scan of a network target or a website is now logged.
  • You can export the activities list in the CSV file.
• Administration: added support for Gravatar.
• Agentless mode connection:
  • Added support for SNMPv1.
  • You can use Assume Role feature of the AWS Security Token Service API for the AWS Session Manager protocol.
• Compliance rules encyclopedia: you can create a custom repository from the add rules to custom repositories modal.
• Network targets and websites scans: added an option to define a scan perimeter associated with a sub-domain.
• Nodes: you can perform a partial assets aggregation.
• Scope:
  • Added software and BIOS support for Dell computers.
  • Added support for Alpine Linux 3.19.0.
  • Added support for Cisco 5520 Wireless LAN Controller devices.

Updated features and performance improvements:

• Agentless mode connection: UX improvements on the Technical requirements section in the creation view.
• API: added a name field in the /api/v3/credentials route.
• Cloud assets: UX improvements to create a credential set from the creation view, when no asset type credential exists in the stored credentials list.
• Details of an Asset: the Security issues tab now displays all obsolete versions of the same application.
• Exports: improved performances on CSV exports generation.
• Logs:
  • Improved administrator actions messages performed during impersonate operations of a service account.
  • Improved removed user actions messages.
• Scanning engine: improved performances in the vulnerability assessment on target versions of applications.
• Scanning policies: The « Web application scan » section on the policy creation and edition views has been refactored.

Bugfixes:

• Agents: fixed the agent configuration commands in proxy mode.
• API:
  • Fixed a problem on some fields of /api/v3/cve_announcements route.
  • Multiple fixes in Swagger documentation on some routes.
• Compliance:
  • Fixed the script of ICS-Linux and ICS-Windows rules.
  • Fixed the script of SBP-WIN-01-001 rule.
  • Multiple fixes on several ICS and SBP repositories.
• Discoveries: fixed a redirection problem on the creation view to the stored credentials creation page corresponding to the appropriate discovery type.
• Docker images: fixed an analysis problem on Distroless images.
• Scanning engine:
  • Fixed a package detection issue on GIMP.
  • Fixed a package detection issue on Microsoft SharePoint Server (SharePoint On-Premise).

13.5 (2023-12-19)

Highlighted features:

• Discoveries: added an Azure Kubernetes Service discovery. (preview)
• Scope: added support for Schneider Modicon M340 devices. (preview)
• Users: you can create service accounts to perform administration operations that do not require the usage of a regular user account. (preview)

New features:

• Agentless mode connection: WinRM Kerberos authentication is now available.
• Compliance: added and updated multiple CIS Benchmarks.
• Reports: add EPSS scores to Asset, Technical Management and Detailed technical PDF reports.
• Scope:
  • Added end-of-life dates for Microsoft Office 2013, 2016, 2019 and 2021 (perpetual versions).
  • Added security advisories from the CERT-IST Thales.
  • Added support for Fedora 38 and 39.

Updated features and performance improvements:

• Discoveries: Microsoft Azure Active Directory discoveries are renamed to Microsoft Entra ID.
• Exports: the scheduled exports are now sent only to user accounts whose email address is defined in the application.
• Scope: improved Microsoft SharePoint Server 2019 support (SharePoint On-Premise).

Bugfixes:

• Discovered assets: fixed a displaying problem in the detail modal of a discovered asset.
• Scanning engine: fixed the scanning method of Windows user applications.
• Users: fixed an issue with the full name automatic synchronization of OpenID Connect user accounts.

13.4 (2023-11-27)

Highlighted features:

• Discoveries and Harbor:
  • Added a Harbor registry discovery. (preview)
  • You can now distribute Docker image scans across several nodes of a Cyberwatch instance. (preview)

New features:

• Compliance: added CIS Microsoft Intune Benchmark for Windows 10 and Windows 11.
• Details of an Asset: you can now view the details of a CVE from the “Patch management” tab.
• Exports: added a search bar to the export inventory.
• Harbor: you can now adjust the time between two successive Harbor API requests to get the vulnerability report for a Docker image during its preparation by Cyberwatch.
• Scope:
  • Added support for macOS 14.
  • Added support for Microsoft Teams classic for the Windows version.
  • Added support for Windows 11 23H2.
• Users:
  • Added an “E-mail” field to the user account creation form, allowing the user’s e-mail and login to be dissociated.
  • You can now automatically synchronize the description of SSO user accounts.

Updated features and performance improvements:

• Compliance: improved the script of SBP-WIN-01-006, SBP-WIN-02-001, SBP-WIN-02-002 and SBP-WIN-02-003 rules.
• MITRE ATT&CK: Cyberwatch now relies on attack techniques from ATT&CK version 14.
• Perimeter: improved support of Siemens S7 equipments.
• Scanning engine: improved Connect Secure products detection, following Ivanti’s acquisition of Pulse Secure.
• Users: multiple enhancements to user session management, user permissions and disabled accounts.

Bugfixes:

• Air gap assets: fixed a 500 error when importing air gap asset results.
• Details of a Discovery: the target name was no longer displayed for some discoveries.
• Details of a Vulnerability: fixed an issue that would block the rendering of CVSS metrics for some CVEs.
• Scanning engine:
  • Fixed a bug related to the maximum attack time in some modules of the network targets and websites scanner.
  • Fixed a package detection issue on VMware vCenter.
  • Fixed the vulnerability assessment of F5 BIG-IP products.
  • Fixed the vulnerability assessment of RedHat.

13.3.1 (2023-11-07)

• Fixed multiple minor bugs and regressions.

13.3 (2023-11-06)

Highlighted features:

• Dashboard: the “CISA KEV and CERT-FR ALE” component now replaces by default the “critical CVE with high exploit” component. (preview)
• Discoveries: you can now automatically delete scanned assets that have disappeared from discoveries. (preview)
• Users: users can now set their time zone. (preview)

New features:

• Assets inventory: added an indicator to identify assets that use old compliance rules.
• Details of an Asset:
  • Docker containers detected on an asset can now be scanned as dedicated Docker images from the Technologies tab.
  • Metadata from discoveries are now exported.
• Discoveries:
  • Added Amazon Elastic Kubernetes Service (EKS) discovery.
  • You can now view the details of a discovered asset.
• Exports:
  • The “Publication date of the CVE”, “Date of listing in CISA KEV” and “Date of listing in CERT-FR ALE” columns have been added in the CSV vulnerabilities export.
  • The “Description” column has been added in the CSV assets export.
• Docker Images: detection of Go binaries on shell less images is now supported.
• Kibana: added the “last_modified” field to the “cve_announcements” index.
• Network targets and websites scans: added a new Security issue type to indicate when there is no HTTP to HTTPS redirection on the target.
• Reports: the dates of listing in the CISA KEV and CERT-FR ALE catalogs are now indicated in the vulnerabilities PDF reports.
• Saved credentials: added a search bar to search by credentials name.
• Scanning policies: added an option to scan all network ports.
• Scope:
  • Added support for Photon OS 5.
  • Added support for SOLIDserver EfficientIP devices.
  • Added support for Ubuntu 23.10.

Updated features and performance improvements:

• Administration: multiple improvements to the different Integrations views.
• Dashboard: saved queries are now placed to the left of the filter bar.
• Details of an asset: the CVSS score is now also displayed in the CVE preview.
• Discoveries:
  • Editing a discovery now allows you to disable the automatic registration of discovered assets.
  • You can now specify a frequency in hours.
• Docker images:
  • Improved performances and optimization of the image analysis scripts execution.
  • Improved Python packages detection.
• Groups and Criticalities: the color palette now offers colors more adapted to both light and dark themes, and also includes the colors that are the most already used.
• Kibana: improved the date coherence in the “Detected vs Fixed CVEs Evolution” visualization results.
• MITRE ATT&CK: Cyberwatch now relies on attack techniques from ATT&CK version 13.1.
• Reports: multiple improvements of the PDF reports rendering.
• Saved credentials: the public SSH key of a credential is now copied to the clipboard.
• Scanning engine:
  • All user applications are now included without uniqueness constraints on the product name.
  • Improvement the scanning method of Microsoft .NET applications installed by MSI.
• UX: a global configuration page now allows you to select the default Identity provider for password and SSO authentication modes.

Bugfixes:

• Compliance:
  • Fixed the script of rule SBP-LIN-03-005.
  • Fixed the script of rule SBP-LIN-04-002 on RedHat.
  • Fixed the script of rule SBP-LIN-04-004.
  • Fixed the script of rule SBP-WIN-01-002, in order to also look into accounts configurations made with group policies.
• Discoveries: fixed the selection system to specify which engine to use for automated registration of Docker images, when there is more than one available.
• Scanning engine:
  • Fixed a package detection issue on Oracle Linux.
  • Fixed the vulnerability assessment of Mozilla Firefox ESR.

13.2 (2023-10-16)

Highlighted features:

• Details of an asset: the CVE preview now shows a graph with the CVE distribution on the information system. (preview)

New features:

• Dashboard: added new components to display CVEs from the CISA KEV and CERT-FR ALE catalogs.
• Discovered assets: a new selector with the address type is available.
• Docker images: the Docker application package scanning script can now enumerate executable files in shell less images.
• Groups: you can now sort by name or assets count.
• Harbor: the ephemeral credentials provided by Harbor are now used to scan Docker images.
• Scanning engine: improved performances of the vulnerabilities analysis with more granular tasks.
• Scope:
  • Added security advisories from the CERT EDF G3.
  • Added support for AIX 7.3 devices.

Updated features and performance improvements:

• Assets inventory: the tooltip for Communication failure now displays the last communication date.
• Details of an asset: the connector address is now displayed in the asset information.
• Identity providers:
  • Scopes can now be edited in the OpenID Connect setting form.
  • The SAML setting form has been refactored.
• UX: improved the pagination component.

Bugfixes:

• Agentless mode connections: fixed a SSH key-based authentication problem on specific Linux systems.
• Assets: fixed the feature to sort CVE by reference.
• Compliance: fixed the SBP-WIN-01-002 rule on Windows Server 2012.
• Corrective actions: fixed a display issue for some details of a corrective action.
• Details of a Compliance rule: fixed a display error on the rules distribution graph.
• Discoveries: fixed the auto scheduling scans on VMware ESXi environments.
• Docker images:
  • Added a fix to always use the root user when scanning Docker images.
  • Fixed a display issue if the registry was configured with a specific port.
  • Fixed a variable error in the Docker image scanning script.
• Scanning engine:
  • Fixed a detection issue on Fortinet devices.
  • Fixed a detection issue on SLES 15 systems.
• Scanning policies: you can once again define an annual or monthly recurrence policy.
• Scope: fixed an issue on SonicWall devices.
• Settings: fixed an issue that could block a Cyberwatch instance with an external MySQL database.
• Vulnerability encyclopedia: fixed a display issue for some details of a vulnerability.

13.1.2 (2023-10-02)

• Fixed multiple minor bugs and regressions.

13.1.1 (2023-09-29)

• Fixed multiple minor bugs and regressions.

13.1 (2023-09-28)

New features:

• Activities: groups automatically assigned through discoveries are now logged.
• API:
  • Added the ability to manage asset compliance repositories from the API.
  • Added the ability to manage vulnerability comments from the API.
  • Added user creation and last connection dates to the API.
• Compliance: added new compliance repositories to check hardening level of the Docker application and its processes.
• Connectors: it is now possible to define an automatic deletion date for Docker images that have lost communication with our scanner.
• CSV exports:
  • Added the “Addresses” column to the CSV export of discovered assets.
  • Added the “Installation paths” and “Package type” columns to the CSV export of technologies.
• Details of an asset: added a tooltip in the vulnerability history when hovering over a CVE to display its summary.
• Details of a corrective action: the technology vendor is now displayed when available.
• Discoveries: associated groups are now displayed in the discoveries list.
• Docker images: Kubernetes discovery scans identify Kubernetes namespaces and associate them to the corresponding scanned assets.
• Scanning engine: added support for hardware CPE codes.
• Session: when the user session expires, the page is automatically refreshed.
• Scope:
  • Added support for Sonicwall.
  • Added support for SUSE 15 SP5.
  • Added support for WALLIX Bastion.
• Reports: added an alert when a new generated report is available.
• UX: it is now possible to replace the application favicon from the Administration > Customization menu.

Updated features and performance improvements:

• Agents: agent installation scripts have now syntax highlighting.
• Air gap assets: air gap assets now have a last communication date.
• Analyzes: multiple improvements of the Cyberwatch analysis scripts scheduler, which is now correlated to security database synchronizations.
• API: the API now returns by default 100 results per page instead of 25 previously.
• Cloud assets: improved error management when connecting to Cloud assets.
• Details of a corrective action: multiple UX improvements on this view.
• Details of a script: it is now possible to relaunch an analysis script from the script result view.
• Details of a vulnerability: the technologies associated with a vulnerability are now grouped by vendor.
• Discovery scans: improved the association mechanism to link discovered assets and scanned assets.
• Groups: multiple UX improvements on the groups management page.
• Network targets and websites scans: improved the scan results in specific cases of websites scanned in headless mode.
• Reports: PDF reports are now opened in another browser tab rather than downloaded by default.
• Scanning engine: multiple performance improvements on the calculation of vulnerabilities related to CPE codes.
• UX: multiple performance improvements of the different inventories loading process.

Bugfixes:

• Agentless mode connections: fixed an issue preventing the scan of some AIX systems.
• Analyzes:
  • Fixed an analysis issue of specific Cisco Catalyst devices.
  • Fixed an analysis issue of the MongoDB Compass app on macOS.
• Scanning engine: fixed an Oracle detection problem on Linux systems.

13.0.4 (2023-09-15)

• Fixed multiple minor bugs and regressions.

13.0.3 (2023-09-14)

• Fixed multiple minor bugs and regressions.

13.0.2 (2023-09-11)

• Fixed multiple minor bugs and regressions.

13.0.1 (2023-09-08)

• Fixed multiple minor bugs and regressions.

13.0 (2023-09-07) - Major release

Highlighted features:

• Criticalities: added a new prioritization method called “3D prioritization”, which calculates the high-priority CVEs based on a combination of the full CVSS v3.1 score, the EPSS score, and the CISA KEV and CERTFR-ALE catalogs. (preview)
• CVE Encyclopedia: changed the view Details of a CVE, to prepare for for the arrival of the CVSS v4 score. (preview)
• Identity providers: added the possibility of having multiple identity providers of the same type (SAML, LDAP, OpenID Connect). (preview)
• Scanning engine: Docker images running on a Linux system scanned by Cyberwatch are now automatically also detected and scanned. (preview)

New features:

• Activities: added a heat map type graph to visualize the distribution of user activities.
• Agentless mode connections:
  • Added a Microsoft Azure connector allowing you to run Cyberwatch scripts and launch scans directly through the Microsoft Azure APIs.
  • Added AES 256 encryption protocol on SNMP connections.
  • Added an AWS Session Manager connector allowing you to run Cyberwatch scripts and launch scans directly through the AWS APIs.
• Analyses:
  • Added support for CPU vulnerabilities present on Linux systems such as Spectre, Meltdown and their more recent variations. Linux CPU vulnerability scanning is optional, and must be enabled using Scanning policies.
  • Cyberwatch is now able to provide multiple installation paths for a unique technology present in the same version in multiple places on a system.
• API: it is now possible to set the SNMP context of an agentless mode connection.
• Compliance:
  • Cyberwatch now displays the CAPEC and MITRE ATT&CK techniques on compliance rules, when available.
  • Cyberwatch now displays the category of compliance rules. This category can also be used to filter rule families from the encyclopedia.
• Compliance rules encyclopedia: added a filter allowing you to display only the rules currently tested on your assets.
• CSV exports: added the “Detected at” and “Fixed at” columns to the CSV export of Security issues.
• Dashboard:
  • Added new components allowing to perform analysis by vulnerability detection date.
  • Dashboard metrics are now shared between users with global rights. This features allows new users to have common history metrics available when they first connect.
• Details of a Compliance rule: it is now possible to assign repositories to a rule when consulting it.
• Details of a Vulnerability:
  • Added a graph to monitor the progress of the CVE remediation on affected assets, by group.
  • Cyberwatch now displays the date at which the vulnerability was added to the CISA KEV.
• Details of an asset:
  • A column indicating the maximum EPSS score of CVEs impacting each technology has been added to the “Patch Management” tab.
  • Technologies in the “Patch Management” tab now provide a direct link to the appropriate page of the Corrective actions encyclopedia.
• Discovered assets: assets metadata are now enriched with data from their associated discoveries.
• Discoveries:
  • Added a GitLab Container Registry discovery allowing the discovery of Docker images on Gitlab instances with restricted rights.
  • AWS Discovery Scans can now use an AWS Session Manager connector.
  • Discoveries from AWS environments now enrich their associated scanned assets with region and machine-id metadata.
• Encyclopedias: added a column indicating the number of assets associated with each entry in the Vulnerabilities, Security issues and Compliance rules encyclopedias.
• Inventory: added a filter allowing you to search by Operating System family.
• Kibana: added an environmental_score field to the computers_cve index representing the CVE context-based score.
• MITRE ATT&CK: changing the filters in the inventory view now automatically update the MITRE ATT&CK navigator when opened in another tab.
• Scanning policies: it is now possible to configure ports to use or exclude from scans of Network targets and websites.
• Scope:
  • Added automatic Maven package detection to Docker image scanning.
  • Added support for Amazon Linux 2023.
  • Added support for Debian 12.
  • Added support for Dell IDRAC devices.
  • Added support for FortiDDoS devices.
  • Added support for the Amazon Corretto application on Windows.
• Security:
  • Added blocking by IP for brute force attempts to connect to the application.
  • Added mechanisms to prevent time-based attempts to enumerate accounts on the app login form.
• Vulnerabilities encyclopedia:
  • Added a “Catalog” filter to the search bar. This filter makes it possible in particular to filter CVEs belonging to catalogs such as the CISA KEV.
  • Added the CERTFR-ALE and CISA KEV catalogs to the vulnerability encyclopedia.

Updated features and performance improvements:

• Assets: Network targets and websites, and Docker Images, now have a last communication date.
• Authentication: it is no longer necessary to retype the password when modifying the LDAP configuration.
• Compliance: improved the way potential errors encountered when running a compliance rule are displayed.
• Docker images:
  • Docker images are now always removed from the Docker runtime once scanned.
  • Improved support of Alpine Linux images.
• Harbor: redesigned the configuration process allowing to scan Docker images through a Harbor instance. The configuration is now located in the Administration > External tools > Harbor Scanner menu.
• Linux agent: updated the agent installation lines to better manage the addition of a PGP key on hardened systems where umask permissions could be a problem.
• Maintenance and security: migrated the Docker image of the Cyberwatch application from Debian 11 to Debian 12.
• PDF reports:
  • Increased the maximum number of rules exported from 100 to 500 in Compliance Rules PDF reports.
  • Multiple UI improvements on PDF reports.
• Performance: improved the performances of the periodic vulnerabilities computation process.
• Saved queries: saved queries now remember the sorting selected when saving the query.
• Scans: multiple improvements on Cyberwatch scanning scripts scheduling.
• Security: multiple functional and security improvements on LDAP and SAML identity providers.
• User actions: added automatic escape of multiple special characters in Markdown comments.
• Users: it is now impossible to modify the name/first name of users created through an external identity provider.
• UX:
  • Improved management of links embedding an anchor throughout the application.
  • The icon indicating a loss of communication is now white for dark theme applications.

Bugfixes:

• Analyzes: fixed an analyze issue on Adobe Creative Cloud Diagnostics.
• API:
  • Fixed an issue on the /api/v3/rules route that could cause performance issues.
  • Fixed an issue that allowed custom rules to be added to a built-in repository.
  • Fixed an issue that prevented a rule natively embedded by Cyberwatch from being added to a custom repository.
• Azure Discoveries: assets that only have a private IP address are now correctly reported.
• Benchmarks:
  • CIS rules that need to be processed manually are now marked as such, and no longer marked as supported.
  • Fixed an issue regarding the import of some Benchmarks that do not define a xccdf namespace.
• Compliance:
  • Fixed a display issue for compliance rules not waiting for feedback.
  • Windows Server 2012 compliance rules now use the Get-ItemProperty command for backwards compatibility.
• Interface: fixed an issue on the progress bars indicating the complexity of the password entered.
• Network targets and websites: fixed an issue that could cause an exception when Nmap was unable to identify the service behind a port.
• Scanning engine: fixed a detection problem on Cisco AnyConnect and Cisco Secure Client.
• Security issues: the payload of some Security issues is now truncated when it is too long.

12.7.3 (2023-06-19)

• Fixed multiple minor bugs and regressions.

12.7.2 (2023-06-16)

• Fixed multiple minor bugs and regressions.

12.7.1 (2023-06-13)

• Fixed multiple minor bugs and regressions.

12.7 (2023-06-07)

Highlighted features:

• Details of an asset: added tool-tips in the graph of the Summary of vulnerabilities, in order to easily identify vulnerable technologies. (preview)
• Identity Providers: SAML and OpenID Connect configurations can now manage user access to Kibana. (preview)

New features:

• Administration: the button to see the state of the execution queues now provides more detailed information.
• Analyzes: added a scan to automatically identify and analyze the Docker images present on a monitored Linux system. This feature must be enabled in Scan Policies and is still in beta.
• API: the /api/v3/assets/servers/{ID} API route now returns the path of detected packages if available.
• Compliance: addition of the category of the rule to the compliance rules sheet.
• Corrective actions: the inventory of corrective actions now also includes the patches whose exact required version is not available.
• CSV exports: added columns “Number of Security issues”, “Asset category” and “Restart required” to the CSV export of the list of assets.
• Details of a Compliance rule: the last analysis date of the rule on assets is now displayed.
• Details of an asset:
  • Added a button to see the result of a script in “plaintext” mode in the result view of a script.
  • You can now export the scan results of an asset in the ZIP format, with its compliance analysis.
• Inventory of aggregated assets: a new column indicating the last communication date of aggregated assets is now present.
• Scope:
  • Added support for Aruba IAP devices in SNMP.
  • Added support for ManageEngine Endpoint Central application.

Updated features and performance improvements:

• Administration: it is now impossible to import a security database ZIP file older than 30 days.
• API: updated the API route to retrieve compliance rules in air gap mode, in order to support XCCDF rules.
• Benchmarks:
  • Improved the view to import a new benchmark.
  • The import of Benchmarks now supports XCCDFs that declare multiple platforms.
• Compliance:
  • Improved formatting of code tags sometimes present in the description of compliance rules.
  • Multiple UX improvements on compliance rules.
• Customization: an error is now raised when trying to import an interlaced PNG file as a logo.
• Details of an asset:
  • Added a dynamic search bar to the Technologies tab in the Asset view, allowing you to search by package type.
  • Improved display of new activity notifications in the Asset view.
  • Multiple UX improvements on the script history in the “Patch Management” tab, in the Asset view.
  • The CWE code has been moved to the tooltip displayed when hovering the mouse cursor on a CVE.
• Discoveries: refactored the data format in order to prepare new features in this part of the software.
• Inventory: the “Network addresses” field of assets is now sorted in lexicographic order, which allows IP addresses to always be displayed before FQDNs.
• Scans: the Log4J scans present by default in the application now provide the path of the identified files.
• Security: integration of a mechanism to increase the number of iterations used to hash passwords stored in the application, in order to comply with the evolution of the OWASP recommendations.
• UX: multiple UX improvements when consulting the application from a mobile.

Bugfixes:

• API: API route /api/v3/vulnerabilities/cve_announcements now also returns the CWE MITRE techniques of its parents, like already done in the web application.
• Analyzes:
  • Fixed a detection issue on Java Platform SE.
  • Fixed a scanning issue on Huawei devices.
  • Fixed false positives on macOS.
• Compliance:
  • Fixed an issue with the compliance rate color used in some specific cases.
  • Fixed compliance scripts for some rules that could show an uninstalled package as present.
• Dashboard:
  • Fixed how numbers are displayed on some components.
  • Ignored vulnerabilities are no longer counted in the dashboard components KPI.
• Discovery scans: added a validation on the maximum number of characters on some fields in the forms to create new Discovery scans.
• Network targets and websites: Fixed an issue that could prevent scanning if the target blocks ping requests.

12.6.1 (2023-05-22)

• Fixed multiple minor bugs and regressions.

12.6 (2023-05-11)

Highlighted features:

• Docker images: added the support of the Harbor Scanner Adapter API standard. You can now directly run Cyberwatch scans on Docker images right from the Harbor web interface. (preview)

New features:

• Administration:
  • Added an alert indicating since when the synchronization with the knowledge base was launched, when it is still under progress.
  • Added an icon to the Administration menu indicating when a new update is available, and when the synchronization with the knowledge base is too old.
  • The last synchronization error with the knowledge base is now displayed.
  • You can now disable SMTP without completely deleting its configuration.
  • You can now disable the proxy without completely deleting its configuration.
  • You can now enable or disable the compliance module on a Cyberwatch instance, if it has the appropriate license.
• Discoveries:
  • AWS discoveries can now automatically discover ARNs on the go, and query associated accounts.
  • AWS discoveries now report more metadata, such as tags, region…
• Exports:
  • Added the patch status, the maximum exploit level and CVE score values, to CSV Patches export.
  • Added an option to choose whether the scheduled export will be sent as an email attachment or not.
  • You can now mark exports as read.
• Scans: the Windows metadata scan now detects the presence of Windows Subsystem for Linux (WSL). An asset rule, present and disabled by default, allows you to add the WSL group to the appropriate assets.
• Scope:
  • Added support for the php-zendserver application on Docker images.
  • Added support for the Wireshark Portable application on Windows.
  • Added support for Ubuntu 23.04.

Updated features and performance improvements:

• Analyses: improved support for Office C2R.
• Compliance:
  • Improved performance and optimized of the execution code for specific sets of rules that call the same methods.
  • Multiple improvements on the Benchmarks import.
  • The result of compliance rules are now displayed in a modal window instead of a dedicated page.
• Details of an Asset:
  • Added a curve indicating the number of high-priority vulnerabilities to the Summary tab.
  • Added the end of support date for deprecated applications in the Security issues tab.
  • The top 5 Security issues are now displayed with more details in the Summary tab.
• Docker images: scans no longer return the IP addresses of the Docker images by default.
• Security issues: added the ability to edit the description of a custom Security issue payload.
• UX / UI:
  • Improvement of the main search bars in the different views of the application.
  • Multiple UX improvements on the graphs of the application.

Bugfixes:

• Active Directory compliance: users reported by compliance rules are no longer limited to CN=Users.
• Agents: fixed a problem that could prevent the correct reporting of the IP address of assets scanned with an agent.
• Analyses: fixed an issue that mixed the KeePassXC product with the KeePass software.
• Benchmarks: fixed a problem preventing the import of Benchmarks containing rules where the code column is larger than 255 characters.
• CSV exports:
  • Fixed a headers inversion issue on CSV Asset list export generated for a corrective action.
  • The CSV export of discovered assets now correctly filters its data based on the assets that are selected.
• Details of a Corrective action: fixed a problem that could lead to the display of duplicate assets.
• Docker images:
  • Fixed an error when scanning some images that have a label.
  • Fixed an issue preventing the creation of a Docker image from its hash.
• OpenID Connect configuration: added the ability to disable the TLS verification.
• Scan of Windows user applications: added alternative methods in order to provide better support of the script on old systems.

12.5 (2023-03-29)

Highlighted features:

• Agentless scans: added support for Android and iOS devices with Microsoft Intune. (preview)
• Details of an asset: the Patch management tab now indicates the full path of the EXE files detected with Windows user applications scan. (preview)
• The application has been updated with a new graphical theme. Cyberwatch now uses the official branding of the Framatome group. (preview)

New features:

• Assets scanned with Microsoft Intune: added metadata for assets scanned with Microsoft Intune.
• Details of a Corrective action:
  • Added a tool-tip when hovering on the related CVEs to display their summary.
  • Added the EPSS score in the related CVEs tab.
• Details of a Scanning policy: advanced settings of the scanning policy are now displayed.
• Details of an asset:
  • Added a toolbar to manage the comments markdown properties.
  • EXE files detected with the Windows user application scan can now be uninstalled from the Technologies tab.
• Exports: added an indicator when there are unread exports, as well as their number.
• Node management: added a tool-tip displaying the description of the node when hovering the mouse over the node name.
• PDF reports: added description text to present the different sections of the report.
• Performances: added a new menu to consult the status of the sidekiq and sidekiq_node service queues.
• Scope:
  • Added the native support for Siemens S7 PLCs and Hirschmann switches with Industrial scans.
  • Added support for the Apache application on Docker images.
  • Added support for the Drupal application on Docker images.
  • Added support for the Grafana application on Docker images.
  • Added support for the HAProxy application on Docker images.
  • Added support for the Joomla! on Docker images.
  • Added support for the MobyProject::Moby application on Linux.
  • Added support for the MongoDB application on Docker images.
  • Added support for the Nextcloud app on Docker images.
  • Added support for the ownCloud application on Docker images.
  • Added support for the Ruby application on Docker images.
  • Added support for the Tomcat application on Docker images.
  • Added support for the Wordpress application on Docker images.
• Security issues: added a tool-tip when hovering on a CVE to display its summary.
• Windows scans: added detection of portable applications deployed as EXE files.

Updated features and performance improvements:

• Administration:
  • Improved error management when importing an invalid Cyberwatch license.
  • Redesigned and moved multiple menus in this view for easier usage.
• Compliance:
  • Added support for new compliance rules from CIS benchmarks.
  • Modified several rules of the Security_Best_Practices repository in order to use the CIS Benchmark scripts.
• CSV export:
  • Ignored CVEs are no longer exported in the Patches export.
  • Modified the calculation of the compliance rate in CSV exports.
• Dashboard: multiple UX improvements.
• Scans of network targets and websites: the headless scans feature is now enabled by default in the default Scanning policy.

Bugfixes:

• Agent inventory: fixed a 500 error when an agent without a version is present.
• Dashboard: fixed an issue on the filters when clicking on the “Compliance by level” graph.
• Fixed an issue preventing the AWS compliance rule CIS-AWS-5.2 from working.
• Fixed Java detection issues on Linux devices.
• Fixed scanning issue on Synology devices.

12.4.2 (2023-03-06)

• Fixed multiple minor bugs and regressions.

12.4.1 (2023-03-03)

• Fixed multiple minor bugs and regressions.

12.4 (2023-03-02)

Highlighted features:

• Administration: changed the Administration view of the software to make it easier to use. (preview)
• Corrective actions: added a dedicated page to see all available corrective actions. (preview)
• Details of an asset: you can now edit an asset directly from the Edit bar on the right of the user interface.(preview)
• Scope: the User applications scan for Windows now browses the whole user directory instead of just focusing on the APPDATA folder.

New features:

• Administration: the synchronization of the knowledge database is now performed through a dedicated button located next to the “Administration > Security Database” section.
• Corrective actions: added a new view for each patch, in order to see their related assets and additional details.
• Criticalities: added a column to display the number of related assets for each Criticality, which redirects on-click on the Inventory with the appropriate filters.
• Dashboard: removed the Vulnerabilities and Compliance dashboards in order to provide only one aggregated dashboard that can be customized with multiple components.
• Details of an asset: you can now see the preview of a Markdown comment.
• Discoveries: added a new network discovery scan dedicated to Industrial devices.
• Exports: added the EPSS score to the CSV Vulnerabilities export.
• Scope:
  • Added support for FortiRecorder.
  • Added support for Hirschmann Bobcat.
• Users activity: you can now add comments to users activity.

Updated features and performance improvements:

• Agents: added an alert message when detecting obsolete agents.
• Aggregations: the aggregated nodes management has been moved to the Nodes administration view.
• Analyses: the Windows scans do not longer check the WSUS configuration in order to avoid potential requests to Windows Update.
• Benchmarks:
  • Added a new metric with the number of supported rules among the total available rules in the Benchmark.
  • Imported Benchmarks can now be edited and deleted.
  • Multiple UX and UI improvements on the Benchmark detailed view.
• Compliance:
  • Deleted multiple obsolete repositories.
  • Rules: added support for new rules types in the Benchmarks.
  • View of a rule: multiple UX improvements on the detailed view of a rule.
• Details of a vulnerability: Impact Metrics now correspond to the values of the CVSSv3 and no longer to the CVSSv2.
• Kibana: added the official OS name in the indices.
• Policies: policies are now sorted alphabetically when selecting them in the different views of the software.
• Technologies: deleted the package history with a one year retention duration.
• Users activities:
  • Added a new metric on the number of objects affected by a user action.
  • Added a new user action, generated when creating objects from the interface or the API (Docker images, agentless connections, network targets and websites).
• Website scans: added a headless mode to the web scanner in order to properly assess the security of heavy JavaScript-based web applications. This feature must be configured in the Scanning policies, and is still in beta version.

Bugfixes:

• Administration: improved error messages when configuring a proxy server on the agent.
• Assets rules: fixed an issue that would block the rendering of selected Operating Systems when editing a rule.
• Compliance rules: fixed an issue that would let users duplicate rules generated from OVAL / SCAP benchmarks (these rules can not be duplicated).
• Dashboard: fixed an issue that would block the rendering of the Dashboard when performing a search request with a wrong keyword.
• Docker discoveries: improved exceptions management when running Docker discoveries on GitLab.
• Scanning engine:
  • Fixed a detection issue on Git for Windows.
  • Fixed a detection issue that could occur on PRTG Network Monitor subversion.
  • Fixed a problem that could produce exceptions on Active Directory Compliance scans.
  • Fixed an analysis problem on OpenJDK.
  • Fixed potential false positives related to residual Microsoft Edge data in the Users applications.

12.3.3 (2023-01-31)

• Fixed multiple minor bugs and regressions.

12.3.2 (2023-01-30)

• Fixed multiple minor bugs and regressions.

12.3.1 (2023-01-25)

• Fixed multiple minor bugs and regressions.
• Fixed a security issue on the macOS agent (the fix does not require to update the macOS). Source: Titouan Allain, Shadow SAS.

12.3 (2023-01-23)

Highlighted features:

• Dashboard: the Vulnerability dashboard can now be customized. You can add and remove widgets. (preview)
• Details of an asset: added a tool-tip when hovering CVE to display their summary. (preview)
• Users activity: added a dedicated page to consult users activity. (preview)

New features:

• Aggregated assets: it is now possible to automatically add a group to all the assets of an aggregated node.
• API:
  • Security issues references are now provided in the API vulnerability route.
  • The CVSSv3 ceiling is now provided in the environment field of the API asset route.
• Assets rules: added a search bar to configure filters right from the Rules creation form.
• Compliance:
  • Added the ability to import your own repositories using the SCAP standard (beta).
  • Modified the Compliance rules execution engine to make it compatible with scripts provided natively by the SCAP standard (OVAL, XCCDF, SCE script).
• Details of an asset:
  • Added the ability to comment a user action.
  • Added a button to relaunch the analysis on an asset.
  • Added a dynamic searchbar in the Compliance tab.
• Discovery scans: it is now possible to specify targets that must be excluded from the network discovery scan.
• Docker images: labels of Docker images are now provided in the asset metadata.
• Kibana: added a payload field to the computers_security_issues index representing the Security issues payloads.
• PDF reports:
  • Added PDF report for Security issues.
  • Added the compliance rate of the assets in the PDF Compliance report.
• Scope:
  • Added end-of-life dates for the following database software: MongoDB / Oracle Database / PostgreSQL.
  • Added end-of-life dates for FortiOS devices.
  • Added end-of-life dates for Python versions.
  • Added support for Notepad++.
  • Added support for SAP Netweaver Java.
  • Added support for ESXi 8.0.
  • Added support for Fedora 37.
  • Added support for Oracle Linux 9.
  • Added support for VMware vCenter Server 8.0.
  • Cyberwatch now detects local Nginx deployments on Docker images.
  • Cyberwatch now detects local PHP and PostgreSQL deployments on Linux systems.
• Users:
  • Added a column indicating the last login date in the users list.
  • Added a wizard to configure the firstname and lastname of the current user and to subscribe to the newsletter.

Updated features and performance improvements:

• Compliance repositories: multiple UX improvements.
• Configuration of the application URLs:
  • The configuration of a self-signed certificate is now done in the agent configuration section.
  • The configuration of the scanners mail URLs is now done directly from the Nodes management page.
• Details of an asset:
  • Added a button showing the number of unread activities for each asset.
  • Improved the process to ignore a CVE.
  • The activities of an asset are now accessible from a specific pane, which can be displayed over any tab.
• Docker discoveries: the execution engine is automatically set by default if there is only one available.
• Performances: improved performances in the vulnerability assessment engine for third-party applications installed on Windows environments.
• UI: multiple UX improvements.

Bugfixes:

• Assessment engine:
  • Fixed a parsing issue that could occur on Huawei devices.
  • Fixed a parsing issue that could occur on pfSense devices.
  • Fixed an issue preventing the detection of packages marked as “on hold” on Linux.
  • Fixed false positives on OpenJDK.
  • Fixed scanning issues that may occur on Synology Diskstation Manager systems.
• Assets rules: fixed a bug when creating an asset rule based on a metadata filter.
• Compliance: fixed the CERTFR-AD-vuln1_dc_inconsistent_uac rule which could be reported by mistake as an anomaly.
• Network targets and websites scans: fixed an issue that could block website scans in authenticated mode.
• SAML/OpenID authentication: fixed a bug that could lead to a 500 error when the attribute allowing access to all groups is not returned by the IDP.

12.2.4 (2022-12-22)

Base versions lower than 2.31 are not no longer supported. If you are still using this version of the Cyberwatch base, please migrate to the 5.X branch with our documentation. If you have a lower version, you’ll need to reinstall it.

• Added an “end-of-life” popup for Cyberwatch instances that are deployed on 2.X base.

12.2.3 (2022-12-06)

• Fixed multiple minor bugs and regressions.

12.2.2 (2022-12-02)

• Fixed multiple minor bugs and regressions.

12.2.1 (2022-12-01)

• Fixed multiple minor bugs and regressions.

12.2 (2022-11-28)

Highlighted features:

• Authentication: added support for OpenID Connect. (preview)
• Details of an asset: you can now add Markdown comments on an asset. (preview)
• Vulnerability encyclopedia: added a column with the EPSS score. (preview)

New features:

• API: added new nodes attributes to the /api/v3/nodes/<id> API route.
• Agentless connections: connections in the failure status are now automatically retested once per week.
• Discovery scans:
  • Added a Nutanix discovery scan.
  • The Amazon Web Services discovery scans now fetch instances names.
• Exports:
  • Added a column with the context-based CVSS score in the CSV Vulnerabilities export.
  • Added a column with the patch type in the CSV Patches export.
  • Added a JSON export with available metadata.
• Inventory:
  • Added a filter to display assets with no CVE.
  • Added a “Last analysis” column.
  • Added a “Last reboot” column.
  • Added a “Mobile” category for the assets.
  • Added a “Network addresses” column.
  • Added a “Registration date” column.
• Kibana:
  • Added a new computers_metadata index with the assets metadata.
  • Added an update_type field to the computer_updates index in order to specify the patch type.
• Network targets and websites: you can now configure the Nmap --version-intensity parameter.
• Nodes management: a notification (bell icon on the top right of the UI) is now generated if a node has not communicated with the master instance for two hours.
• Scope:
  • Added the Android and Apple iOS operating systems.
  • Added the CISA ICS security advisories.
  • Added support for Apache OpenOffice.
  • Added support for FortiClient EMS.
  • Added support for HPE Integrated Lights-Out systems.
  • Added support for Microsoft Windows 11 22H2 and Windows 10 22H2.
  • Added support for Ubuntu 22.10
• Software deployment: added a setup and configuration wizard after the Cyberwatch software deployment.

Updated features and performance improvements:

• Compliance: extended the Active Directory objects research to the full tree, and changed the objects identification so that it relies now on their classes and not on the Common Name.
• Dashboards: added the asset count for the “Mobile” category.
• Inventory: assets description is now displayable in a dedicated column rather than with a tool-tip when hovering the asset name.
• PDF reports: improved Security issues data in the PDF reports.
• Permissions: non-admin users can now see the discovery scans if they have been granted access to all assets.
• Rules encyclopedia: improved filters and the search bar.
• Scans: metadata scans now provide the disks size.
• Security and general maintenance: migrated Vue.js to version 3.

Bugfixes:

• API: security issues created using the API are now editable.
• Discovery scans: fixed a problem on the Docker registry discovery scans, that could occur with images that have no tag.
• Fixed a problem that could occur when asking to reboot assets on their next reboot maintenance schedule.
• Security issues:
  • Fixed a display problem on the “Ignore and comment” button when a global filter is enabled.
  • Fixed a problem in the CSV export that did not used the filter to display only vulnerable assets.
• UX: fixed sorting by the status in the history of the scripts for the assets.

12.1 (2022-10-13)

Highlighted features:

• Administration: added a Quick Access setting to add new custom menus in the main menu of the Cyberwatch software. (preview)
• API: added a new Swagger documentation, available at this address. (preview)
• Vulnerability Encyclopedia: added a new field to filter CVE based on a MITRE ATT&CK software. (preview)

New features:

• Air-gapped assets: added the ability to import assets from a CSV/XLSX file.
• Analyses: the operating system previously declared by the OS_PRETTYNAME field is now automatically detected based on the FIRMWARE field for Network targets and websites.
• Dashboards: filters available in the inventory view are now also available in the Vulnerability dashboard.
• Inventory:
  • Added new filters to the inventory search bar.
  • Clicking on some fields of the inventory now triggers a filtered search on selected value.
  • The column customization of the inventory is now saved.
  • You can now display the “Scan mode” column in the inventory.
• Logs: new manual analysis requests triggered by a user are now logged.
• Scope (Windows):
  • Added support for the Dell Command Update application.
  • Added support for the Docker Desktop application.
  • Added support for the Git application.
  • Added support for the GNU Privacy Guard application.
  • Added support for the Nextcloud application.
  • Added support for the ownCloud application.
  • Added support for the Python application.
• Scope:
  • Added support for Palo Alto PAN-OS 10.1 and 10.2.
  • Added support for Cisco IOS XR devices.
• Security issues: added the End-of-life dates for Microsoft SQL Server.

Updated features and performance improvements:

• Aggregated assets: improved error management when encountering an issue with the aggregation data export process.
• Analyses: unified CPE codes for multiple network devices in order to improve their matching process with the official NIST database.
• Assessment engine: improved the Java version detection engine.
• CSV exports: added the compliance rate of the assets to the CSV export of the assets list.
• Encoding: improved invalid UTF-8 data management for data sent to the API of the Cyberwatch software.
• Scans:
  • Added a 4 hours timeout on WinRM commands execution.
  • Improved information reported in the Network devices scans.

Bugfixes:

• Nodes management: fixed an issue when deleting a node that had a Cloud asset associated.
• Scan engine: fixed detection issues on the FortiClient and FortiClient VPN applications.
• SMTP: improved the error management for SMTP configuration, which could lead to 500 errors.
• UX/UI: fixed a bug on the password strength progress bar.

12.0.1 (2022-09-28)

Bugfixes:

• Aggregated assets: improvement in errors logging during assets synchronizations.
• Synchronization: fixed an issue preventing synchronization for new deployments.

12.0 (2022-09-21) - Major release

Highlighted features:

• Administration: added a new menu to manage updates directly from the UI (requires version 5 of the orchestrator, deployed with a RPM / DEB package). (preview)
• Compliance: added new compliance rules to the “CERTFR-AD” repository for Active Directory environments. (preview)
• Discoveries: the discovery scans view has been changed to improve its UI. (preview)
• Exports: added new statistics JSON exports in the inventory view. This data is the same as the data sent to an Elastic stack or to a Google BigQuery data lake. (preview)
• UI/UX: the software interface has been completely changed to merge the Assets, Vulnerabilities, and Compliance modules in one unique view. (preview)

New features:

• Aggregated assets: groups configured on a child node are now automatically synchronized by default on the aggregation node. This feature can be disabled and will then delete the aggregated groups.
• API: added the EPSS score to the /api/v3/vulnerabilities/cve_announcements API route.
• Asset view:
  • Added a new “Summary” tab, with a chart to present the vulnerabilities evolution, and KPI for high-priority vulnerabilities, security issues, and the compliance ratio, and the changelog of the asset.
  • You can now select and reorder the tabs to display in an Asset’s view.
• Discovery scans:
  • Added a new DNS enumeration discovery dedicated to Certificate Transparency.
  • Azure discoveries: added a feature to discover only assets registered in Intune.
  • The discovered assets list now shows the operating system if detected.
  • Whois discoveries: added a filter to facilitate which domains to select.
• Docker images: added the image creation date to the metadata of Docker assets.
• Exports:
  • Added the ability to configure a retention period to planned exports.
  • The CSV Assets export now has a column with their network addresses.
• Inventory:
  • Added a column to display the compliance ratio of the assets.
  • Added new dynamic filters to the search bar.
• Kibana:
  • Added a new dashboard for technologies, based on a new computers_packages index with the assets technologies.
  • You can now define which Kibana dashboard you want to display in the main menu.
• Logs: the users actions are now logged with more details, and can be used to display a changelog directly in the software interface.
• MITRE ATT&CK: you can now go to the Vulnerability encyclopedia from the attack techniques of the MITRE ATT&CK report.
• Network targets and websites: you can now bulk edit the source (Cyberwatch node) used to scan these assets.
• Nodes: the nodes list now highlights the master node and the update status of all nodes.
• SAML: you can now extract the user email from a custom SAML attribute.
• Scanning engine: applications detected from the Windows Store are now properly marked as from this source.
• Scope:
  • Added EPEL security advisories for Fedora systems.
  • Added support for Adobe Shockwave Player.
  • Added support for Amazon Corretto.
  • Added support for Go modules in the declarative mode.
• UI/UX:
  • Added a new “Settings” menu to manage most of the software configurations.
  • Added the ability to configure the UI to use a fixed or full screen width.

Updated features and performance improvements:

• Agentless mode:
  • Added a timeout for SSH agentless connections to improve handling a blocked script.
  • Improved available filters in the search bar for the agentless connections list.
• Air-gapped assets: the maximum number of file that you can import in the web interface is now 512.
• API:
  • You can now authenticate to the Cyberwatch API with HTTP Basic Auth.
  • You can now consult the API right from the web browser.
• API credentials:
  • Added the last usage date for each API key.
  • API keys are now accessible only during their creation, and must be exported during this step.
  • You can now set an expiration date for API keys.
• Compliance: the Compliance module and Rules encyclopedia are now displayed for all Cyberwatch licenses. For instances that do not have an active Compliance license, please refer to your key account manager to be able to use the module.
• Cyberscore: removed the Cyberscore metric from the software, to highlight the EPSS (Exploit Prediction Scoring System, new method created by the FIRST).
• Network targets and websites: you can now register network targets even if their DNS is not resolving at the time of creation. Network targets and websites scans: improved the management of potential false positives generated by the port scan when it has been blocked by a Web Application Firewall.
• Scanning engine: improved the detection engine for Java versions on Linux.
• Security: the password reset feature now displays the same message, whether the targeted user exists or not.
• Users: multiple improvements on the users list UI, with roles and permissions now being displayed.

Bugfixes:

• Agentless connections: fixed an issue that could prevent or truncate the last error message on an agentless connection.
• Kibana: fixed a computation error on the “CVE Specific Dashboard” report.
• Scanning engine:
  • Fixed a potential assessment issue on Red Hat 7 systems.
  • Fixed an assessment issue that could appear on AlmaLinux and Fedora.
  • Fixed an assessment issue that could appear on MariaDB ODBC.
  • Fixed an assessment issue that could appear on Microsoft OMI.
  • Fixed an assessment issue that could appear on VMware ESXi.
  • Fixed an assessment issue that could appear on WinRAR.

---

Table of contents

• Changelog of the base of the orchestrator
• Changelog of the Cyberwatch agent
• Release frequency and support lifecycle of updates