Skip to content

Release notes

Release notes
  • Version: 5.2.0
  • Build number: 12509
  • Release date: 2024-06-10 (general availability)
  • Server version: nanitor-5.2.0.12509-15446-master
  • Agent version: nanitor-5.2.0.12509-15446-master
  • Collector version: nanitor-5.2.0.12509-15446-master

Welcome to Nanitor v5.2.0!

We are thrilled to announce the release of Nanitor v5.2.0, packed with a variety of new features, enhancements, and bug fixes to elevate the functionality and user experience of our platform. This release focuses on expanding compliance frameworks, bolstering identity security, offering more flexibility in reporting, and refining the user interface to provide a more intuitive and seamless experience.

Highlights

Compliance Enhancements

New Compliance Framework: NIS2

  • Support for European Network and Information Security (NIS) 2 Directive: We have added support for the NIS2 directive, mapping issues and benchmarks to legislation controls to enhance compliance capabilities.

The Compliance Issues report with the NIS2 framework selected provides an overview of your standing with respect to the NIS2 requirements. This gives users a comprehensive view from a compliance perspective, highlighting where critical and less critical issues fall.

NIS2 Compliance Issues Report
The NIS2 compliance report provides a detailed overview of compliance status based on Nanitor issue status.

Reporting Enhancements

Remediation Value Parameter for Issues

  • Introducing Remediation Value: We have introduced a new field for issues that reflects the overall remediation impact, addressing the limitations of the Health score impact field.

The remediation value is a linear measure that reflects the amount of risk addressed by fixing an issue. This value takes into account the number of affected devices, their asset priorities, and issue priorities, providing a meaningful parameter for users to compare and prioritize issues for remediation.

Remediation Value for issues
The new Remediation Value parameter helps prioritize issues based on risk reduction.

Note

The main difference between Remediation Value and NPS (Nanitor Prioritization Score) is that the former accounts for the number of assets affected as a proportion of the total number of assets for the organization, while the latter is based on the most critical individual asset affected by the issue. Essentially, NPS identifies where the organization's most pressing individual weak points are, while the Remediation Value provides a measure of which issues have the greatest total impact on the organization's security health. In comparison to the Health Score Impact, the RV is linear and easier to work with. The Health Score Impact is often close to 0 if there are many issues of a given type or a large number of assets.

New Rules for Scheduled Reports

  • Flexible Scheduled Reporting: We have added new rules for scheduled reports, allowing different label selections and reporting frequencies per recipient.

Users can now tailor their scheduled reports with specific asset labels for different recipients and set different reporting frequencies, enhancing the flexibility and relevance of the reports they receive.

Scheduled Reports
New rules for scheduled reports provide greater flexibility.

Overview Dashboard Improvements

  • Dashboard Enhancements: Continued improvements to the Overview Dashboard, aligning widgets with the overall product to make them more relevant and user-friendly.

The refreshed widgets in the Overview Dashboard provide a more intuitive and informative user experience, making it easier for users to access critical information and insights.

Overview Dashboard
Improved Overview Dashboard with refreshed widgets.

Integration Enhancements

Ingest vulnerabilities through public API

  • Enhanced API Capabilities: The Nanitor API now supports importing assets and their vulnerability information from other sources.

This feature enables seamless integration with other vulnerability management tools, allowing users to consolidate vulnerability data within Nanitor and gain a comprehensive view of their security posture.

For details, see the API documentation on the API docs site: asset import

Security Coverage Enhancements

Identity Security: New AD Issues

  • New Active Directory Checks: Introduced new identity checks for AD permission issues and other related issues to enhance AD security management.

The additional checks include permission issues such as resetting passwords, modifying group memberships, and detecting accounts with blank or old passwords, among others, giving users greater control over AD security.

Nanitor now has 23 configurable identity security checks that can be configured into baseline, including a number of critical AD identity security issues.

AD Security
New AD checks enhance identity security management.

MSSP Enhancements

MSSP: Inheritance of Archival Rules

  • Enhanced Archival Rule Management for MSSPs: We have added an "inheritable" property to archival rules, allowing Managed Security Service Providers (MSSPs) to define archival rules in a parent organization and have them inherited by suborganizations.

This enhancement simplifies the management of archival rules across multiple organizations, ensuring consistency and saving time for MSSPs. By defining rules at the parent level, MSSPs can maintain control over archival policies while ensuring that all suborganizations adhere to the same standards.

Archival rules can now be inherited by suborganizations
MSSPs can manage archival rules centrally and have them inherited by suborganizations.

Improvements

  • Support for PostgreSQL 15 Benchmark v1.1.0: Added support for the latest PostgreSQL 15 benchmark, enhancing compliance capabilities.

  • Reassign Auto-Assigned Benchmarks: Improved the reassignment process for auto-assigned benchmarks, enhancing the flexibility and accuracy of benchmark assignments.

The asset inventory Benchmarks column shows the benchmarks that are currently applied.

Benchmark Reassignment
The asset list shows benchmark assignments.

The user can choose to reassign a benchmark. This can be useful in cases where the user prefers a different benchmark than the one that has been auto-assigned, such as Intune managed vs. Domain managed Windows benchmarks.

Benchmark Reassignment modal
Manual reassignment process for auto-assigned benchmarks.
  • Default Filters Design for UI: Updated the design of saved and quick filters for a better user experience.
    Default quick filters for assets
    Updated design of saved and quick filters for a better user experience.

A number of quick default filters have been added to the asset inventory. These include:

  • Actively monitored assets
  • Critical issues (Assets having critical issues)
  • Assets with end-of-life OS
  • CISA known exploits
  • More than 5 security issues
  • Vulnerabilities with CVSS score at least 7
  • Vulnerabilities with EPSS score at least 70%
  • With vulnerable or unpatched software
  • Too many local admins
  • Not domain controller accessed by privileged domain user

These are intended to address common use cases. You can also always create your own and save. Let us know if you have any good ones that you think should be included by default!

  • Issues: Vendor Fix Filtering and Export: Added new filtering and export options for issues having vendor fixes. This is particularly beneficial for filtering on issues that have a vendor fix ready to go.

Note

Nanitor does not have information on all vendor fixes and thus it is not recommended to rely only on this information. Filtering on issues with a known vendor fix can provide easy low-hanging fruit to prioritize, but other issues not listed may still also have vendor fixes.

  • Improved Project Creation and Editing: Enhanced the 'Create project' and 'Edit project' windows to improve usability and visibility of options.

  • Loading Placeholder in "Create Jira Issue" Modal: Added loading placeholders to the "Create Jira issue" modal for better user experience, as it can take a while to load.

  • Edit Project Window: Change Status Option Visibility: Improved the visibility of the 'change status' option in the 'Edit project' window.

  • Overview Dashboard: UI Enhancements for Various Widgets: Updated several UI widgets, including the Assets widget, Configuration compliance score widget, Identity widget, Top unpatched assets widget, Internal vulnerabilities widget, Health score per label widget, and Issue type overview widget.

  • Recommission Asset Fix: Addressed an issue where archived devices that had been reinstalled could not be recommissioned.

  • Health PDF Report Date Format Change: Changed the date format on the first page of the Health PDF report for improved readability, avoiding confusion between date formats.

  • Active Directory Module Warning: Added a warning for missing Active Directory modules to alert users to potential integration issues.

The identity check support requires the ActiveDirectory PowerShell module to be available on the DC. This is typically available by default, but we have added a warning in case it is missing to help clarify.

  • CSV Benchmark Export Improvements: Included baseline scores and number of assets in CSV benchmark exports for more comprehensive data reporting.

  • Rename Information for Local Admin Identity Issues: Updated the information related to local admin issues for better clarity and understanding. The issues have been renamed to Local Admin on N assets, reflecting the number of assets. The issue details and forensics have also been updated.

  • Change Issue Health Score Impact to Remediation Value: Updated the health score impact field to reflect remediation value, providing a more accurate measure of issue resolution impact.

Bug Fixes

These bug fixes address several important user experience and functionality issues, ensuring that Nanitor continues to deliver a robust and reliable platform for threat exposure management.

  • Overview Dashboard: Incorrect Issue Counts in "Vulnerabilities by CVSS3 Severity" Widget: Fixed incorrect issue counts displayed in the "Vulnerabilities by CVSS3 severity" widget.

  • Overview Dashboard: Incorrect Value in "# with Issues" Column: Corrected the value displayed in the "# with issues" column of the "Identity" widget.

  • Progress Dashboard: Inconsistent Project Statuses Widget: Resolved inconsistencies in the project statuses widget.

  • Global Overview: Exclude Archived Assets: Modified widgets to exclude archived assets.

  • Issue Details: Incorrect Vulnerabilities Fixed Value: Corrected the displayed value for fixed vulnerabilities in issue details.

  • Collector: Wrong Asset Type Default Selection: Fixed an issue where the wrong asset type was selected if the user did not change the default value.

  • Collector Displaying Assets as Inactive: Resolved an issue where collected assets were always displayed as inactive.

  • Collector Reconnecting Every 5 Minutes: Addressed an issue where the collector would reconnect every 5 minutes to re-attempt server-requested benchmark check-ins that had failed.

  • Collector Not Scanning Cloud Devices: Addressed an issue where the collector did not scan cloud devices.

  • Software Inventory: Slow Modal Opening: Improved the loading time for the "Create software status rule" modal.

  • Software Whitelisting Rule Tooltip: Labels Not Showing Up: Fixed an issue where labels were not displayed in the software whitelisting rule tooltip.

  • Issue Diamond Numbers Mismatch: Resolved mismatches between issue diamond numbers and issue results.

  • CVE-2019-18276 Incorrectly Shown as Unpatched: Fixed the issue where CVE-2019-18276 was incorrectly displayed as unpatched.

  • Microsoft Windows 10 Pro 22H2 Incorrectly Flagged as EOL: Corrected the flagging of Windows 10 Pro 22H2 as EOL.

  • Recommission Asset Text Change: Updated the text for recommissioning an asset for better clarity.

  • Action Menu Issue in System Admin User List: Fixed a bug where adding a new user edited an existing user when the action menu for a user had been opened previously.

  • Asset Inventory: Filter Errors: Addressed errors that could appear when using certain filters in the Asset Inventory for instances with a large number of assets.

  • Identity Inventory: Timeout Error: Fixed a timeout error when returning identities list.

  • Identity Audit: Identities Count Mismatch: Resolved mismatches in identity counts in the audit report.

  • Organization Management: Incorrect Vulnerability Checking in New Organizations: Fixed the incorrect enabling of vulnerability checking in newly created suborganizations where the parent organization had disabled it.

Updates

  • 2024-06-03: Initial v5.2.0 release was published and released to early-access (EA) users.
  • 2024-06-10: Release published for general availability: nanitor-5.2.0.12509-15446-master.