Skip to content

Release notes

Release notes
  • Version: 4.3.2
  • Build number: 11702
  • Release date: 2023-10-01
  • Server version: 4.3.2.11702
  • Agent version: 4.3.1.11625
  • Collector version: 4.3.1.11625

We're excited to announce the Nanitor v4.3.0 on 25th September for early access users with general availability rolling out on 2nd October. This release is packed with new features, improvements, and bug fixes to simplify and enhance your experience and streamline vulnerability management processes.

Highlights

Simplified Agent Installation

Implemented a new asset onboarding widget under Asset Inventory to allow users to install agents using a single command or a double click. Provides simple 1-liner commands for installation.

It is now available from "Assets Inventory" as an "Add new asset" action. It also provides other options for adding assets, such as through a Collector and/or manual asset record creation.

Add new asset action is now accessible from Asset Inventory
Inventory > Assets action "Add new asset" added
The asset onboarding widget highlights the different options for adding an asset
The asset onboarding widget shows the different options for adding an asset
The agent install window guides the user through downloading an agent or installing through a single command
The new agent install window guides the user through downloading an agent or installing through a single command

Patch Issues for Applications (Windows)

Now supports checking for updates for a wide range of applications on Windows, in addition to OS updates, enhancing the reliability of patch issues. The mechanism has also been improved and is not only reliant on requesting patch update information from the Windows OS.

Example of patch issues for applications:

Example of patch issues in Windows applications
Example of patch issues in Windows applications

Any feedback on this would be welcome and appreciated. We are also considering whether it would be easier to only create 1 issue per application, i.e. only the newest patch for a given device rather than flagging all findings.

Users can expect that their Health score may go down with the additional coverage unless the patching is in tip top shape.

NOTE: Forensics and linked vulnerabilities are not supported on Patch issues yet, but will be included in a future release.

Intuitive Settings/Admin Experience

The redesigned admin pages now group settings more intuitively, enhancing navigability and user experience. We love it but have multiple small improvements planned.

The user-related settings are now available under "Personal settings" under the user profile picture on the upper-right hand side. A "Log out" button is also available in the menu.

The organization settings are now available from the "Settings" menu (cogwheel). For users belonging to multiple organizations, a "Switch organization" menu item is also available.

In addition, for the system user, there is an additional "System management" settings option with configurations specific for the Nanitor instance. Only users running a self-hosted Nanitor instance have access to system management configuration.

Updated settings menus
Updated setting menus - now split between Personal and Organizational settings
New Personal Settings page
New Personal Settings page
New Organization Management page
New Organization Management page

Report False Positive (FP) findings

While we do everything we can to avoid false positives, we do acknowledge that they can and will happen. False positives happen when Nanitor raises a security issue that is not correct. This can happen for many reasons such as incorrect checks, human error, or bugs in our software.

This new feature allows for enhanced tracking and management of reported false positives. Now when you are certain that an issue that Nanitor is reporting is wrong, you can submit a FP report directly through the UI. This will pass information to our team so that we will become aware of it and can start looking into it. We recommend also raising a ticket with our support team to follow up.

The following image shows how to report a false positive (FP) through the Issue Detail - Report FP action.

Issue Details - Report FP action allows users to point out findings they believe to be wrong
Report a false positive

When reporting a FP, users should include a detailed explanation of why they think it is a FP (any evidence is great).

Report FP dialog allows the user to provide additional info
Report FP dialog allows the user to enter detail on why the they think the finding is incorrect

Additional changes

In addition to the new highighted features above, multiple improvements and bugfixes to our existing feature set have been implemented.

Improvements:

  • Benchmark updates: We continue enhancing the transparency between CIS benchmarks and Nanitor rules. The following benchmarks have been updated:

MS Win 10 (revision 24): updated to CIS benchmark version 2.0.0 (Microsoft Windows 10 Enterprise Benchmark).

MS Win Server 2016 (revision 22): updated to CIS benchmark version 1.3.0 (Microsoft Windows Server 2016 Benchmark).

MS Win Server 2022 (revision 8): updated CIS benchmark version 2.0.0 including transparency (Microsoft Windows Server 2022 Benchmark).

Oracle Database 12 (revision 12): Added manual rules and updated transparency to fit CIS benchmark version 2.0.0 (Oracle Database 12c Benchmark).

Oracle Database 11 (revision 10): Added manual rules and updated transparency to fit CIS benchmark version 2.2.0 (Oracle Database 11g R2 Benchmark).

  • Ability to force a benchmark onto an unsupported platform: Now when an asset is not receiving any benchmark, users can select one themself. This typically happens if an asset has an OS or application that is newer than the benchmark. For example if one is running OS 15 but only OS 14 benchmark is available, the user can now assign the OS 14 benchmark. In many cases the old benchmark is relevant although some rules may be obsolete. It can also happen due to problems, in that case the user should report the issue to us, but can apply an alternative benchmark in the meantime. Once a newer benchmark is published and starts applying, it will automatically be assigned and the old one unassigned.
Benchmark can be assigned manually if no benchmark applying
Benchmark can be assigned from Asset Inventory - "Assign benchmark"

  • Refined UI Changes: Numerous UI changes have been made across the Settings page, Action buttons, Asset Inventory, and more to ensure consistency and improve user experience.

  • Remediation AI using Chat GPT 4 Model: Our Remediation AI is now powered by the latest GPT 4 model from OpenAI.

Fixes:

  • Enhanced Performance for Agents: Profiling and improvements were made to enhance agent performance for vulnerability and benchmark assessments. This is part of our ongoing work to deliver on our promise to keep the Nanitor Agent truly low footprint.

  • Resolved several bugs related to software inventory, asset collection, benchmark scores, and more to enhance overall product stability and reliability.

  • many other UI fixes and small improvements.

Documentation:

  • Help Article: A new article detailing the difference between patch and vulnerability issues has been published.

Helpful articles

How to perform manual upgrade on self-hosted servers

Updates

  • 2023-09-25: Initial v4.3.0 release was published.
  • 2023-09-26: v4.3.1 was released to fix a problem that came up in database migrations for a limited set of early-access customers.
  • 2023-10-03: v4.3.2 was released to urgently address discrepancies in benchmark baselines where in some cases rules had been incorrectly removed from baseline due to a bug. With the changes, the software now regularly checks if all the rules are set as they should be by default (as per Nanitor’s definitions) and makes corrections if any discrepancies are found, while still respecting any modifications made by the user.