Release Notes - v3.9.0
| Version | 3.9.0 |
| Release date | 22 May 2023 |
| Build number | 11218 |
| Status | RELEASED |
| Nanitor Collector | 3.9.0.11218 |
| Nanitor Agent | 3.9.0.11218 |
Upgrading instructions:
Upgrading the Nanitor Server
Upgrading the Nanitor Collector
Upgrading the Nanitor Agent
Active Directory Discovery Mechanism
We're introducing an automated Active Directory (AD) discovery mechanism. This feature pulls information on hosts from the Active Directory and syncs it with the Nanitor Asset inventory, enriching asset information, and making unmonitored assets easily identifiable. Key benefits include:
- Automatic discovery of assets present in AD but missing an agent
- Enhanced ease in identifying unmonitored assets
- Simplification of the onboarding process and identification of onboarded assets
Obtaining OS/Service Fingerprint for Unmonitored Assets
In an effort to simplify the identification of unmonitored/rogue devices, we've added the ability to obtain OS/service fingerprints. By checking commonly used open ports and capturing the banner of the port, we can infer information about the underlying operating system, making it easier to identify various systems on your network.
SNMP Probe for Unmonitored Assets
With this release, we're adding SNMP probe support for unmonitored assets. By probing for a specific set of OIDs, Nanitor can now automatically fetch information about unmonitored assets. This new functionality offers:
Automatic gathering of information about unmonitored assets with open SNMP. Improved ability for users to identify assets.
Please note that Nanitor uses SNMP v2 which passes unencrypted information. This functionality can be shut off in the general settings (see below).
Configurable and Memorized List Columns
To enhance user experience, we've made list columns configurable and memorized on the server per user. This provides a more personalized experience as it: - Allows users to view desired information in context. - Saves users from having to reconfigure the customizations repeatedly.
Asset Inventory Sync via API
To further aid the identification of unmonitored/rogue devices, we're introducing Asset Inventory Sync via API. This feature synchronizes the DHCP lease records with our Asset inventory, creating unmonitored assets for new entries, and allowing users to fetch DHCP records using a script. This allows for: - Simplification of identification of unmonitored/rogue devices by knowing hostnames. - Tracking of asset origin with the new source type: "Discovered by: DHCP lease." - With these changes, we aim to enhance the usability and functionality of Nanitor, making vulnerability management more efficient and effective.
Improvement
- Agent log files can be uploaded to the Nanitor server
- Simplify the view for Rogue devices on asset details page
- Implement issue detail unification on the overview page
- Columns in lists are configurable per user
- Multiple UI improvements for project inventory
- Agents resilient upgrades
- Health dashboard shows '1 year' by default
Fixes
- Fixes for Tomcat benchmark
- Fixes for vendor links that lead to an 404 error
- Fixes for showing multiple IP address an asset
- Fixes for Linux machines that were not showing local IPs
- Fixes for the RedHat 7 Benchmark Rule 5.4.4 (False Negative)
- Fixes for the health report PDF
- Fixes for the sublist of software
- Fixes for the OpenBSD Agent startup scripts
Task
- Remove health score for rogue devices
- Ability to change the hostname of an asset in Nanitor
- Export feature for the collector asset screen
- Allow insecure connection to MySQL/Mariadb
- Implement benchmark for SQL server 2022
- Implement probe open ports for rogue devices
- Implement Active Directory discovery mechanism for unmonitored assets
- Implement SNMP probe for rogue assets
- Add information about the assets included in a project
- Ability to archive projects as a bulk action.