Skip to content

Release notes

Release notes
  • Version: 5.7.0
  • Build number: 16057
  • Release date: 2024-10-31 (general availability)
  • Server version: nanitor-5.7.0.12928-16057-master
  • Agent version: nanitor-5.7.0.12928-16057-master
  • Collector version: nanitor-5.7.0.12928-16057-master

Welcome to Nanitor v5.7.0!

Nanitor v5.7.0 brings key enhancements for MSSPs, new customization options for asset management, and improvements in identity issue handling. The release also introduces optimizations for agent performance and database operations, improving overall system efficiency.

Highlights

Custom Fields for Assets

One of Nanitor's key strengths is the Asset Inventory and the ease with which users can begin collecting asset information and can coordinate between different systems. We've been getting many requests to add more and more fields to the assets, and now we've gone the full way and added custom asset fields.

  • Custom Asset Fields: Users can now create and apply custom fields to assets, offering a more flexible way to manage asset data. These fields can be displayed, filtered, and sorted in the asset inventory list.

Users can configure what asset fields they want. There are a few types:

  • Checkbox (yes/no; true/false)
  • Date
  • Select list - single choice (pick from a list of options)
  • Select list - multiple choice
  • Number

The Asset Inventory also contains flexible capabilities to filter on these custom fields.

The field values can be populated through the UI, and we're working on support to set them through our API to further open up integrations with other IT tools.

The following image shows where we have defined five custom fields for tracking on assets.

Custom fields in asset inventory
Custom fields allow more flexible asset tracking.

Example of how to define a field for tracking asset condition from a specific set of values:

Defining a new field to track asset condition
Defining a field for tracking asset condition.

The fields can be filled in directly through the Asset Inventory list, as well as in the Asset details.

Viewing asset fields in Asset Inventory
Filling in Asset fields in the inventory.

The asset fields can also be filtered on, for example filtering on condition "Needs maintenance":

Filtering by asset fields in Asset Inventory
Filtering on custom asset fields in the inventory.

The Asset Detail also shows the fields clearly, and they can be filled in directly:

Asset Detail view of the custom fields
Asset fields in the asset detail.

Note that the existing fields "Owner", "Maintainer", "Physical location", "Mobile device management" will be migrated to the new custom fields system in next release.

We look forward to seeing how our users come up with ways to utilize the custom fields, which offer a lot of possibilities, especially once they can be integrated through the API.

MSSP Inheritable Exclusions

  • Inherited Exclusions Across Organizations: MSSP customers can now globally apply exclusions for specific issues across a parent and all its suborganizations, simplifying cross-organization issue management.

This was developed in collaboration with our MSSP partners, where they were applying exclusions but needed an easier way to do it across organizations, typically as they wanted to handle patches or vulnerabilities in the same way for all their clients. This may happen when dealing with vulnerabilities that are risky to patch due to operational risks, etc.

The global exclusions can be applied on issues by creating Exclusions like normally but checking the "Exclude for X and all suborganizations" box. Then the issue will be excluded for the parent and all suborganizations. Note that this can be done from the Issue Detail view for issues both in the parent and the suborganizations.

Inherited exclusions for MSSPs
Inherited exclusions streamline issue management for MSSPs.

The event log for the created exclusion is visible in the Activity Log on the parent organization.

Identity Issues: Exclude Specified Identities

  • Identity Exclusions: Users can now exclude individual identities from identity issues, with the option to provide rationale and set a timeframe for exclusion. This helps to reduce noise in monitoring and focus on issues in need of resolution.

For identity issues, it's very common that certain identities are intended to have some permissions and therefore it's essential to be able to exclude them. Now users can exclude them and set a time period, so they can review it periodically, such as quarterly, depending on the nature of the issue and preferences.

Identity exclusions in issue management
Identity exclusions can be applied with rationale and timeframes.

The list of excluded identities appears in the Exceptions tab, as well as the Issue Exceptions Report (along with all other exclusions).

List of excluded identities - Issue exceptions
Identity exclusions can be seen in the Exceptions tab.

Improvements

Display Affected Identities in Issue Lists

  • Identity issues now display the number of affected identities in the issue list, providing clearer visibility of impacted accounts.

NOTE: We've changed the "Assets" column to "Affected" which can reflect the number of assets or identities affected. Clicking on the number reveals the affected items.

For example, the below screenshot shows an identity issue and a vulnerability issue, where the affected number refers to the affected identities or devices respectively.

Affected refers to the affected devices or assets respectively
Affected refers to the affected identities or devices depending on the issue type.

Export Open Ports Inventory

  • Users can now export the open ports inventory as a CSV file (Inventory -> Open ports -> ... (upper right action menu) -> Export). The CSV file includes the following columns: port, name, description, first opened at, last opened at, closed at, num devices, has whitelisting rules.

Filter Asset Labels in Issue Lists

  • New options for filtering asset labels in issue lists have been added, allowing users to apply "None of these labels" and "All of these labels" filters for more targeted results.

This enables users to filter out for example "EOL" or "non production" devices from the issue lists, if there are asset labels tagging those devices.

Issue Progress Status Filtering

  • Users can now filter issue lists based on progress status (New, Stalled, In Progress, Done), offering more control over issue tracking and management.

This can be useful for quickly viewing new issues, investigating why issue progress has stalled, and so on.

API: Return affected hostname in Issue list

  • The issue list in the Public API now returns hostnames for up to ten affected devices, providing better context for issue tracking. For identity issues, it returns up to ten affected identities. To see a full list of assets affected by an issue, use the issue detail endpoint.

API: Return Project Assignee in Issue list

  • The project assignee is now included in the API response for open issues.

Compatibility for Cisco Nexus Version 10.3

  • Improvements regarding Cisco Nexus version 10.3 have been added. Issues related to command compatibility have been resolved, ensuring smooth check-ins for these devices.

NOTE: There will still be some errors in the debug log, as the "show privilege" command is no longer supported on this system. However, the collector will continue, ignoring these errors and going fully through the benchmark evaluation.

PCI Compliance Mapping for Apache Benchmark

  • PCI compliance mappings are now available for the HTTP Apache benchmark, ensuring that rules are properly aligned with security standards.

Database Optimization: VACUUM and ANALYZE

  • Nanitor now automatically runs VACUUM and ANALYZE tasks following upgrades post-migration, improving database performance. This process only executes when sufficient disk space is available and can be triggered via CLI for manual execution if needed.

Linux/MacOS Agent Enhancements

  • Enhanced Shell Script Monitoring and Execution Controls: We've implemented monitoring and controlled execution for our Linux/macOS benchmark checks that rely on shell scripts. If a script's runtime or resource usage exceeds a defined threshold, it will pause to prevent excessive resource consumption. If the script continues beyond a set limit, it will be terminated. Performance data is now recorded in the database, enabling easy diagnostics and troubleshooting.

  • Optimized Resource Utilization: On Linux, macOS, and other UNIX-based systems, shell scripts now run with the lowest CPU priority (niceness 19) and, on Linux, an idle/low IO priority.

We remain committed to ensuring a minimal system footprint for our agent, continuously refining for better efficiency and performance.

Bug Fixes

  • Windows OS EOL Reporting: Resolved false-positive EOL issues for Windows 10 and 11 devices. The forensics tab for these issues has also been expanded to give detailed information.

  • Issue List - EPSS filter: The EPSS scores filter has been fixed to correctly filter on the specified percentage.

  • Improved Collector Page Efficiency: Optimizations have been made to prevent redundant network requests on the collector page, which could in certain circumstances cause the page to appear to hang.

  • IIS Benchmark Not Returning Results: Investigated and resolved an issue with the IIS benchmark not returning results on certain servers.

  • Benchmark Unarchival Issue: Fixed an issue where benchmark assignments did not get restored after an application benchmark was removed and re-added to an organization.

  • Unassigned Projects Issue: Fixed a bug preventing projects from being left unassigned.

  • Top Incompliant Software Widget Fix: Resolved an issue where widget links directed users to an unfiltered software inventory page.

  • Collector UI Context Menu Cropping: Fixed an issue where the "Actions" context menu was cropped on the "Credentials" page.

  • Various other small fixes and performance improvements.