Version | 3.0.0.10411 |
|---|---|
Release date |
|
Build number | 10411 |
Next scheduled release |
|
Status | RELEASED |
Upgrading instructions | Upgrading the Nanitor Server |
Nanitor Collector | 3.0.0.10411 |
Nanitor Agent | 3.0.0.10411 |
Key objectives
This time Nanitor made a major upgrade to its versioning numbering. That is for a reason since we are now ready for the security health view across your organization and assets. We have made some touches to the health scoring that is based on feedback and information that we gather during the last couple of month since we started the implementation. That does not mean we are already finished but we are very happy with the achieved results. The health security score is a unique metric for Nanitor that will bring our customers into a really good position to judge their biggest risks in real time.
We listen to our customers. One frequent question that we always get is: where can I see the progress? Until now it has been hidden and not easy to find out. But now with the implementation of the progress dashboard you can see the needle moving (hopefully in the right direction though). We also know that resolving an issue is not always telling the whole story. This is the reason why we implemented a new term issue violation. An issue violation is an issue detected on a single issue. Nanitor can visualize how many issues have been resolved on single assets. That shows much quicker the progress that has been made towards removing security threads from your IT infrastructure.
Make cyber security easier in an enjoyable and an effective way is the mission of Nanitor. Easier means often less confusion. Therefore we removed the term RISC rating which stands for the approach used by Nanitor to prioritize the work we were recommending to be done. We have swapped the term RISC rating (since it was more than once interpreted as risk rating) and use now instead prioritization score. The prioritization score is simpler, more commonly used in general and there is no need to make any exceptions in the cyber security space. A high and a low priority is what everyone understands immediately.
Nanitor has started to implement a new, far more comprehensive vulnerability feed. This enables the Nanitor scraper to detect even more and more complex vulnerabilities. More does not always mean better and thanks to the EPSS score that Nanitor is taking into consideration, vulnerabilities stay there were they belong. You only need to take action on them when they are in the colored area of the Nanitor diamond.
This version with all its implemented features and changes is a huge step to help organizations getting more protected against security threads. Nanitor flags the right things that you should take action on.
New Features
NAN-1772: Progress dashboard
Related tickets: NAN-2005
New progress dashboard added with four progress widgets.
Issues - Resolved and open issues over time
Shows the total number of issues over time, hovering over the points show a detailed breakdown.
Projects - Project statuses
Show the total number of projects over time, hovering over the points shows a detailed breakdown of the number of projects for each project status.
Issues - Issue violations
Shows the total number of issue violations over time
Health score - Health over time
Shows the health score over time, can be configured to show score for specific issue types by selecting them at the bottom. Hovering over the points shows the precise score at that time.
NAN-1840: Sunsetting the term of RISC rating
Related tickets: NAN-2007, NAN-2048
Removing RISC terminology and replacing with Priority/Prioritization score instead
Issue RISC → Issue Priority, RISC score → Prioritization score, etc.
Improvements
Description | Relevant tickets |
|---|---|
Performance improvements
| |
Change health score grading
| |
Vulnerability detection
| |
Benchmark rule dialog
| |
Asset list
| |
Asset activity status
|
Benchmarks
These benchmarks have been upgraded.
Benchmark | Change | Relevant tickets |
|---|---|---|
Apache Tomcat 9 Benchmark | Added support for Apache Tomcat application. (Needs to be added from the configuration section of Nanitor) | |
Microsoft SQL Server 2012 | Updated to comply with v.1.6.0 from CIS | |
Microsoft SQL Server 2014 | Updated to comply with v1.5.0 from CIS | |
Microsoft SQL Server 2016 | Updated to comply with v.1.3.0 from CIS | |
Microsoft SQL Server 2017 | Added support for Microsoft SQL Server 2017 | |
Microsoft SQL Server 2019 | Added support for Microsoft SQL Server 2019 | |
Windows 11 | Added support for Windows 11 | |
MacOS 10.14 + 10.15 | Updated to comply with newest CIS version | |
MacOS 11 (Big Sur) | Updated to comply with v2.1.0 from CIS | |
MacOS 12 (Monterey) | Added support for MacOS 12 (Monterey) |
For more information on supported benchmarks visit the documentation of our benchmarks space.
Fixes
NAN-1925 Manual checkin for expired collected devices
NAN-1942 Fix health overview label filtering
NAN-1998 Fix asset type filter to include collected devices
NAN-2012 Fix empty agent up to date field in asset list for collected devices
NAN-2022 Congratulations popup shown for projects that have not been started
NAN-2023 Status message for inactive collected devices not updated
NAN-2035 Fix 1% and lower health scores showing as pending
NAN-2044 Fix empty device health chart
NAN-2045 Fix 'drag and drop' widget icon color
NAN-2053 Fix double scroll bar in 'Weakest link asset' widget
NAN-2054 Add tooltip 'Edit scaling factor'
NAN-2055 Compliance Issue Report table is not aligned
NAN-2063 Added critical severity level for issue configurations
NAN-2098 Added critical severity level for device and user configurations
NAN-2076 Rogue option does not appear in asset type dropdown on issue detail asset list
NAN-2081 Fix horizontal scroll in benchmark rule dialog
NAN-2091 Fix project still selected after being marked completed
NAN-2113 Fix grammatical error in project completion dialog