Release notes

Version: 5.1.0
Build number: 12406
Release date: 2024-05-13 (general availability)
Server version: nanitor-5.1.0.12406-15151-master
Agent version: nanitor-5.1.0.12406-15151-master
Collector version: nanitor-5.1.0.12406-15151-master

Welcome to Nanitor v5.1.0!

We are excited to announce the release of Nanitor v5.1.0, which includes a range of new features, enhancements, and bug fixes designed to improve the functionality and user experience of our platform. This release focuses on enhancing our support for Managed Security Service Providers (MSSPs), improving asset management, and introducing new security measures to keep your environments secure.

Highlights

MSSP Enhancements

Global Issue Search: Uncover Vulnerabilities Across Organizations: MSSPs gain a powerful tool to quickly pinpoint specific vulnerabilities (like CVE-2023-2323) throughout all managed organizations, streamlining response and mitigation efforts.

The new Issue Search widget in the Global Dashboard enables the global search

Global issue search widget — The Global Dashboard's Issue search widget enables searching for issues affecting multiple organizations.

It also allows getting a unified global list of assets by clicking on the asset count

Global issue search - assets list — Global Asset list showing all assets across organizations having an identical issue.

Enhanced Asset Identification with Windows FQDN Capture – Easily distinguish assets within customer environments using their Fully Qualified Domain Name (FQDN). Integrate seamlessly with other IT systems for enhanced correlation and management.

The FQDN is now captured and displayed for assets. This enables MSSPs to differentiate assets from different organizations more easily.

FQDN captured and shown for assets — FQDN helps to differentiate assets from different organizations.

The FQDN is also shown under Asset details, inventory pages, and API responses.

Note

The implementation is for Windows devices only, for other devices the FQDN will be empty or show N/A. For Independent Windows machines it is likely that the FQDN will not be captured or simply show the FQDN with the workgroup name.

Security Data Improvements

Prioritize Vulnerabilities with CISA KEV Insights – Instantly identify the most critical vulnerabilities based on CISA's list of known exploited vulnerabilities in active ransomware campaigns. Focus remediation efforts where they matter most.

The information is visible on Vulnerability issues:

Information added to vulnerability issues on whether the vulnerability is a part of known ransomware campaigns — Information on whether vulnerabilities are parts of known ransomware campaigns (from CISA) has been added.

Get to the Root of Identity Issues with Forensics – Uncover the exact cause of identity-related issues with detailed forensics information. Quickly resolve problems and minimize the risk of unauthorized access.

Our vision is that all issues should have clear Forensics pointing to the reason why the issue was created, to provide transparency regarding our checks, and also point users in the right direction towards remediation.

We have now added Forensics on identity issues, showing key information about the findings.

The following shows an example Forensics for issue Domain user has a password stored using reversible encryption, pointing to the AD user property that caused the issue to be raised.

Example Forensics for an identity issue — The identity issue forensics highlights the problematic attribute.

Mitigate Persistence Threats with DCSync Detection – Proactively identify users with the ability to perform DCSync, a critical privilege that attackers exploit to maintain a foothold in the network.

The new issue points out a critical permission that can allow users to replicate directory information from DCs and is sometimes used by adversaries for persistance. By default Domain admins have this privilege, but no other users should typically have this unless explicitly decided. We recommend addressing these issues, or creating time-limited exceptions if needed, and reviewing those on a regular basis.

DCSync identity privilege issue — Example of the forensics for the DCSync identity issue.

Improvements

Change Asset State to be Clearer to Users: The "Unmonitored" state has been renamed to "Authorized" to better reflect its meaning. Additional clarifications in asset sources help users understand whether assets are Monitored or Unmonitored.

Example of manually added asset in Authorized state.

Inheritable Settings Indicators for MSSPs: New badges now show which settings are inheritable to suborganizations, clarifying management controls for vulnerabilities and automated agent upgrades.

Automated Label Assignment for Domain Controllers: Introduced an automated label assignment rule for detecting Windows Domain Controllers. It is included as a default labeling rule for new users. Existing users need to create the rule manually to label their DCs to take advantage of this.

Automated labeling rule for domain controllers — A new asset labeling rule for domain controllers has been added to simplify labeling of DCs.

Clarity in Asset Source Information: Enhanced the asset records to clearly show whether the source implies monitoring status and which agent or collector version is used.
New Filters Added to Assets Inventory: Filters for monitoring status, source, agent version, and collector version have been introduced, enhancing the ability to sort and manage assets effectively.
Improved Sorting in Asset Inventory: Adjustments to the sorting logic for Asset Source have been made, allowing for alphabetical sorting and better version comparison.
Simplified Issue Details UI: The Issue Details page now emphasizes prioritization scores over detailed numbers, streamlining user focus and decision-making.
Streamlined Management of Compliance Frameworks: Compliance frameworks management has been centralized in System management, allowing administrators to control compliance framework availability.
Dashboard Enhancements for Intuitive Use: Overhaul of multiple widgets in the Overview dashboard to align with system parts and user feedback. The updated widgets include:
- Weakest link assets
- Top incompliant software
- Software policy
URL Visibility and Accessibility Improvements: Enhanced link functionality allowing URLs to be shown on hover and opened in new tabs, improving the user experience for sharing and accessing direct links.
Immediate Asset Health Score Updates: Health scores for assets are now updated instantly when changes occur, ensuring up-to-date information is always available.
Updated UI to Angular 17: The UI has been upgraded to Angular 17 along with all dependencies, ensuring the platform remains up-to-date with the latest security and performance standards.
Enhanced Visibility of Identity Group Memberships: The Identity details page now better displays the structure of group memberships for AD users, improving clarity on permissions and privileges.
Clarification of AD Privileges vs. Local Admin Rights: Separated columns now clarify the distinction between AD Privileged users and Local Admins, enhancing understanding of user privileges.
Transparency in Benchmark Assignment: Tooltips have been added to show why certain benchmarks are applied to assets, whether they were assigned automatically or manually.
Enhanced Filtering Capabilities on Asset Inventory Page: New filters have been implemented to manage external assets effectively, including options to exclude them or filter based on visibility.
Support for Recheck Requests in Collector: The collector now supports "Request recheck" actions, which are processed during the next check-in, enhancing data accuracy and remediation efforts.
Renaming for Clarity in UI Elements: Various elements like the Attributes tab, assets tab, and notification rules have been renamed to better reflect their function and reduce confusion.
Clarification of Identity Protection Issues: Renamed the issue related to unprotected privileged domain accounts to specify the identity by name, improving issue tracking and resolution.
Added Assets tab to all Project types: Makes it easier for users to manage and view all assets associated with a specific project.

Bug Fixes

These bug fixes address several important user experience and functionality issues, ensuring that Nanitor continues to deliver a robust and reliable platform for threat exposure management.

Inactive Cloud Devices Showing as Active Fixed: Resolved an issue where cloud devices incorrectly showed as inactive despite successful data collection. Now, activity timestamps are correctly updated following successful connections. This change ensures accurate status reporting.
Clarification in Software Version Display for Assets: Addressed a user interface issue where software versions were missing. Now, when the version information is unavailable, it will display as "Unknown" instead of leaving the field empty.
Issue Count Mismatch in Software Inventory Resolved: Corrected discrepancies between issue counts displayed and the actual lists accessed by users, ensuring consistency and reliability in issue tracking.
Unmonitored Assets No Longer Misclassified in Projects: Fixed a classification error in project types "onboard assets" where unmonitored assets were mistakenly counted as onboarded. This adjustment ensures accurate project status and asset management.
Discrepancy in PDF Reports for Projects Addressed: Eliminated a mismatch in project progress and issue counts between the PDF report and project inventory pages, aligning documentation with actual project data.
User Identity Information Processing Improved: Enhanced the resilience of the agent processing user identities, particularly when Windows groups fail to resolve. This fix ensures more reliable data transmission and reduces disruptions in identity management.

Documentation Updates

A number of pages have been updated on https://docs.nanitor.com to cover the new features, updated views and terminology.

Updates

2024-05-06: Initial v5.1.0 release was published and released to early-access (EA) users.
2024-05-13: Release published for general availability.