Release notes
- Version: 4.7.0
- Build number: 12021
- Release date: 2024-01-23 (general availability)
- Benchmarks release date: 2024-01-26
- Server version: nanitor-4.7.0.12100-14058-master
- Agent version: nanitor-4.7.0.12021-14055-master
- Collector version: nanitor-4.7.0.12021-14055-master
Welcome to Nanitor v4.7.0! We're pleased to announce the release of Nanitor v4.7.0, which brings significant enhancements and new features, focusing on streamlining project management, enhancing compliance support, and improving software inventory management.
This release also lays the groundwork for upcoming enhancements in Active Directory Identity security. While these changes are preparatory and not yet fully implemented, they form the foundation for future updates focused on bolstering defenses against key threats in this area. We're actively developing these features, which will become more apparent and impactful in our next version.
Highlights
Enhanced Software Inventory Management: OS inclusion
- OS Inclusion: Addition of operating systems in the software inventory, enabling asset managers to view and set software policies on different OS.
The purpose of the software inventory is to give IT admins an overview of their software titles. Having the OS included in one convenient location makes it easier to look through what operating systems are in the environment which can help with planning updates etc.
NOTE: The vulnerabilities count per OS title is not supported yet, and is an improvement ticket on our board.
Project Creation Wizard and Improved UI/UX
- New Project Wizard: Introduction of a new project creation wizard with clear descriptions of project types and parameters, aiding users in making informed choices.
Issues can now be selected immediately into issue resolution projects, with filters available to narrow down the choices
Alternatively, users can click "I'll do it later" or simply Confirm to proceed and add issues to the project in a later step, if preferred.
The Projects UI has been improved to simplify and make the user experience for Projects better and easier to use.
Compliance Framework: Support Updates
-
CyberEssentials UK: Addition of the CyberEssentials UK framework to the supported compliance frameworks.
-
Updated Framework Mappings: Existing compliance frameworks have been updated with new mappings, ensuring current and comprehensive compliance support.
Improvements
- Ability to filter based on asset activity. This can be a great way to ensure one is only looking at data for currently active assets. Available on the: Issues Prioritization Diamond and List pages.
- Collector creation dialog improvements. More intuitive selection of asset to act as collector.
- Collector history improvement: Ensure we capture any server-triggered connections.
- Various enhancements in software inventory display and management. For example software whitelisting rules were simplified and "child rules" renamed to "subrules".
- New health score impact column added to the Issue list. This indicates the impact of resolving an issue to the organizational health score.
- Revamped projects page with new columns, icons, and filters.
Benchmark updates
The new and updated benchmarks are released following the product release (the exact date provided in the header). Once the benchmarks are released in our feed, the Nanitor server fetches them automatically, so customers do not have to take any manual action.
New Benchmarks
- Cisco NX-OS (revision 1): based on CIS benchmark version 1.0.0 (Cisco NX-OS Benchmark): Automated checks have been implemented for 27 rules.
NOTE: We have deprecated an older version of this benchmark (called Cisco Nexus) that was developed in house. That one was created based on the Cisco IOS benchmark before CIS provided a CIS benchmark for NX OS. The new one provides more relevant checks and a wider coverage.
Benchmark updates
The following benchmarks have been updated:
- MS SQL Server 2016 (revision 18): based on CIS benchmark version 1.4.0 (Microsoft SQL Server 2016 Benchmark): Updated and additional automated checks added.
- MS SQL Server 2019 (revision 10): based on CIS benchmark version 1.3.0 (Microsoft SQL Server 2019 Benchmark): Updated and some checks improved to address bugs.
- Cisco Nexus: benchmark was deprecated in favor of the new Cisco NS-OS benchmark.
- RHEL 7 (revision 17): based on CIS benchmark version 3.1.1 (Red Hat Enterprise Linux 7 Benchmark): Fixes in audit rule checks. Fix assignment to avoid assigning on Oracle linux.
- RHEL 8 (revision 16): based on CIS benchmark version 2.0.0 (Red Hat Enterprise Linux 8 Benchmark): Fixes in audit rule checks. Fix assignment to avoid assigning on Oracle linux.
- RHEL 9 (revision 3): based on CIS benchmark version 1.0.0 (Red Hat Enterprise Linux 9 Benchmark): Fix assignment to avoid assigning on Oracle linux.
- MS IIS 7 (revision 9): based on CIS benchmark version 1.8.0 (Microsoft IIS 7 Benchmark): Updated assignment so the benchmark is only assigned where there is a running IIS server.
- MS IIS 8 (revision 9): based on CIS benchmark version 1.5.0 (Microsoft IIS 8 Benchmark): Updated assignment so the benchmark is only assigned where there is a running IIS server.
- MS IIS 10 (revision 8): based on CIS benchmark version 1.1.0 (Microsoft IIS 10 Benchmark): Updated assignment so the benchmark is only assigned where there is a running IIS server.
- 47 benchmarks were updated with incremented new revisions to add new compliance framework mappings, including the new UK CyberEssentials framework, and also expanded mappings for all other supported frameworks.
Bug Fixes
- Addressed device duplication issues. Device duplication is actually a tricky issue when there are virtual images deployed, container images, etc. We have updated our and simplified.
- Fixed benchmark display inconsistencies for RHEL8 and Ubuntu 20.04.
- Resolved mismatch issues in health score calculations and issue counts.
- Corrected false positive flags in CVE and SSH rule checks.
- Various bug fixes in asset management, report generation, and user interface.
Helpful articles
How to perform manual upgrade on self-hosted servers
Updates
- 2024-01-16: Initial v4.7.0 release was published and released to early-access users.
- 2024-01-23: Release published for general availability.
- 2024-01-24: A new server-only build (nanitor-4.7.0.12023-14056-master) was published to address a problem where users were not getting the new CyberEssentials framework into their system.
- 2024-01-25: Benchmarks released for 4.7.0 version.
- 2024-02-01: New server-only build published to hotfix an issue where issue and asset list exports were limited to only 20 rows (nanitor-4.7.0.12100-14058-master).