Product Updates

Release Notes 4.7.0

Gunnsteinn Hall

Chief Product Officer

23.01.24

4 min read

Version: 4.7.0
Build number: 12021
Release date: 2024-01-23 (general availability)
Server version: nanitor-4.7.0.12021-14055-master
Agent version: nanitor-4.7.0.12021-14055-master
Collector version: nanitor-4.7.0.12021-14055-master

Welcome to Nanitor v4.7.0! We're pleased to announce the release of Nanitor v4.7.0, which brings significant enhancements and new features, focusing on streamlining project management, enhancing compliance support, and improving software inventory management.

This release also lays the groundwork for upcoming enhancements in Active Directory Identity security. While these changes are preparatory and not yet fully implemented, they form the foundation for future updates focused on bolstering defenses against key threats in this area. We're actively developing these features, which will become more apparent and impactful in our next version.

Highlights

Enhanced Software Inventory Management: OS inclusion

OS Inclusion: Addition of operating systems in the software inventory, enabling asset managers to view and set software policies on different OS.

Software Inventory not captures OS inventory — Software inventory now contains software type OS.

The purpose of the software inventory is to give IT admins an overview of their software titles. Having the OS included in one convenient location makes it easier to look through what operating systems are in the environment which can help with planning updates etc.

NOTE: The vulnerabilities count per OS title is not supported yet, and is an improvement ticket on our board.

Project Creation Wizard and Improved UI/UX

New Project Wizard: Introduction of a new project creation wizard with clear descriptions of project types and parameters, aiding users in making informed choices.

Issues can now be selected immediately into issue resolution projects, with filters available to narrow down the choices

Project creation wizard - issue selection — Issue selection is now a second step.

Alternatively, users can click "I'll do it later" or simply Confirm to proceed and add issues to the project in a later step, if preferred.

The Projects UI has been improved to simplify and make the user experience for Projects better and easier to use.

Compliance Framework: Support Updates

CyberEssentials UK: Addition of the CyberEssentials UK framework to the supported compliance frameworks.
Updated Framework Mappings: Existing compliance frameworks have been updated with new mappings, ensuring current and comprehensive compliance support.

Improvements

Ability to filter based on asset activity. This can be a great way to ensure one is only looking at data for currently active assets. Available on the: Issues Prioritization Diamond and List pages.

Issues - Asset last activity filter — Last activity filter for issues is useful to view the current status of the environment.

Collector creation dialog improvements. More intuitive selection of asset to act as collector.
Collector history improvement: Ensure we capture any server-triggered connections.
Various enhancements in software inventory display and management. For example software whitelisting rules were simplified and "child rules" renamed to "subrules".
New health score impact column added to the Issue list. This indicates the impact of resolving an issue to the organizational health score.
Revamped projects page with new columns, icons, and filters.

New Benchmarks

Cisco Nexus (revision 1): based on CIS benchmark version 1.0.0 (Cisco NX-OS Benchmark): Automated checks have been implemented for 27 rules.

NOTE: We have deprecated an older version of this benchmark that was developed in house. That one was created based on the Cisco IOS benchmark before CIS provided a CIS benchmark for NX OS. The new one provides more relevant checks and a wider coverage.

Benchmark updates

The following benchmarks have been updated:

MS SQL Server 2016 (revision 17): based on CIS benchmark version 1.4.0 (Microsoft SQL Server 2016 Benchmark): Updated and additional automated checks added.
MS SQL Server 2019 (revision 9): based on CIS benchmark version 1.3.0 (Microsoft SQL Server 2019 Benchmark): Updated and some checks improved to address bugs.

Bug Fixes

Addressed device duplication issues. Device duplication is actually a tricky issue when there are virtual images deployed, container images, etc. We have updated our and simplified.
Fixed benchmark display inconsistencies for RHEL8 and Ubuntu 20.04.
Resolved mismatch issues in health score calculations and issue counts.
Corrected false positive flags in CVE and SSH rule checks.
Various bug fixes in asset management, report generation, and user interface.