Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Version

2.0.0

Release date

07

Build number

9713

Next scheduled release

Staus

Status
colourGreen
titleFINAL

Upgrading instructions

Upgrading the Nanitor Server
Upgrading the Nanitor Collector
Upgrading the Nanitor Agent

...

Key objectives

This release of Nanitor introduced a new view on the data collected by Nanitor by adding a brand new dashboard view accessible from the Nanitor menu. It is meant to give a more specific view on the status of the IT infrastructure and key metrics. The dashboards will give a better and quicker insight to Security Officers and System administrators. Dashboard items are fixed to start with but can be added according to customer needs quickly and later they can be customised directly from the UI.

Nanitor did a complete redesign refactoring of its PII feature. The redesign removes the need for a Casandra database with its assigned costs and maintenance. Also meaning the refactored PII solution is a light-weighted solution for better performance. Though the PII capabilty is a full fledged solution to discover possible strored credit card information it is still in its baby steps and to be improved with the help of customer feedback and machine learning techniques in the upcoming releases.

The work started on Nanitor projects is ongoing and gets improved with each release of Nanitor. The goal is to be able to organize the work to improve the IT security from within Nanitor without the need for 3rd party tools. Nanitor projects help to organize work by assigning detected issues from Nanitor to a project for remediation. Projects are timeboxed and can be scoped for a subset of assets. This is a perfect way to follow-up on progress and set deadline.

New Features

Menu navigation. All view are now accessible from the Nanitor top menu.

Dashboards. A brandnew brand-new view where widgets with key information can be added.

Issue handling. The release implements a split screen option to select or multi select issues for a sneak preview without leaving the filter issue list. This enhances the user experience. Documentation

The PII scanner has been refactored to a more lightweight solution. The PII feature of Nanitor scans for documents and database entries that contain possible credit card information. Documentation

A news feed that is attended to make users aware of important cyber security risk or other related information. News feed can be marked as read to not to be flagged.

EOL support. Nanitor now can flag EOL devices and raise an issue for those platforms. A complete list of supported EOL operation systems is listed in our documentation.

Improvements

Projects. Projects can now be assigned to Nanitor users. General overhauling the look and feel with Nanitor projects to make it a ease to break down the work to be done in digastable chunks.

Improvements

The Nanitor diamonds got a face lift by making the displayed amount of issues clearer.digestible chunks. Issues in a project can be scoped to a subset of effected assets. The progress calculation is now taking into consideration the amount of assets an issue has been fixed on (progressive calculation per issue).

Comments can be added to issues. Comments on issues can be resolved. It is also possible to search for issues with comments for the issue filter. Documentation.

The Forensic section of a vulnerability groups together assets with same detected pattern. This is a huge improvement to support the remediation process

Performance improvements in PDF reports and other of Nanitor

Handling of Rogue Devices.

Added support for CIS CSC8 framework

Benchmarks

These benchmarks have been upgraded to support the most recent version from CIS.

Benchmark

Version

Windows 2012 R2

2.5.0

Windows 10

1.11.0

Windows Server 2016

1.3.0

Windows Server 2019

1.2.1

Fixes

  • Problems with connecting to CISCO devices. Now all Cisco devices should get a benchmark assigned to them.

  • Unable to cancel adding new whitelisting rule for ports

  • Benchmark check shows negative value

  • Don´t display "Last seen" if network discovery feature is turned off

  • Device archival shouldn´t take into account "last_discovery_at"

  • Can´t download a complete list of software vulnerabilities

  • nanitor-api locking up under high load and becomes unresponsive

  • The last logon date shows some weird date in the future

  • Issue Patch Status Report clicking numbers gives lists with non-matching number of items (filter issues)

  • Can´t assign labels to assets when all assets are selected

  • RISC score not recalculated correctly after removal of label

  • New device signup does not trigger automatic labelling rules

  • Benchmarks are now connected to CSC Compliance Framework

  • Vulnerabilities incorrect from CIS feed in many cases, especially on Windows Server 2016

Feature removal

None

Breaking changes

None