Skip to content

2024

Release notes for the update October 20, 2024

Update Version 4.1.202410181909

New Features

Added multi-asset connection report.

New multi-asset connection summary report option allows to build the list of connection report along with the inter-asset connection chart for the assets located in the selected container and its sub-containers.

Connection report and graphical chart allow to analyze network traffic between multiple assets to help to design microsegmentation policies and visually analyze connection patters in the logically grouped parts of the network.

Security

  • Updated Duo Security connector to the last version.

  • Updated MySQL driver to the latest version.

Extensions

  • Added the option to check the server IP address match the configured Management Server network location when enforcing asset policies to prevent blocking the server from accessing the asset endpoint in case the server moved to another network after deployment.

Bug Fixes

  • Fixed the issue with restoring asset version that have no custom fields.

  • Fixed the issue with the error feedback message on the MFA requirement configuration form.

  • Fixed the issue with the Duo Security MFA redirecting back to the application page.

  • Fixed the issue with displaying backend directory display name on the list of SAML configuration.

Release notes for the update October 13, 2024

Update Version 4.1.202410111255

New Features

Added Search Center option

Search Center allows users to find assets in the Asset Database by name, description, field value or tag value. Search Center also allows users to find assets by the taxonomy term selected from the terms list or type-ahead term selection.

Search Center is a useful tool to find assets in the large container hierarchy as well as to help to design policy selectors to identify target and source assets.

Security

  • Updated WEB Container to the latest version 11.0.0.

  • Updated ssh communication component to the latest version.

  • Updated client side dependencies to the latest versions.

  • Removed obsolete client side dependencies.

  • Updated REST API component to the latest version.

  • Fixed the issue with non-FIPS compliant library used for some of the dependent components.

Extensions

  • Added the option to search assets by the text field values.

  • Added the option to search assets by the tag values including term hierarchy.

  • Added the option to search terms by full term path typed or pasted into the term type-ahead search control.

Bug Fixes

  • Fixed the issue with the option to select the same term multiple times in the term picker control and on the intelligent tagging rule configuration.

  • Fixed the issue with preventing to disable the Management Policy for the assets with enabled Policy Enforcement mechanism. Note that Management Policy allows the application server to access asset endpoints after enabling firewall enforcement.

  • Fixed the issue with the automatic asset state refresh after Enforce Policies and Restore Original actions.

Release notes for the update October 6, 2024

Update Version 4.1.202410041613

New Features

Added Delegated Execution option for scripts through distributed network of application nodes.

The option allows to delegate execution of scripts on the asset endpoints to the external application deployment (or a tenant) through the secure network protocol to manage assets located in remote isolated networks unreachable from the main deployment.

Delegated Execution option allows system owners to build the mesh of peer nodes to provide access to assets located in isolated datacenters and cloud virtual networks while maintaining the single control plane for configuration, operations and reporting.

The option is useful for the deployments seeking to manage multiple distributed networks as well as for MSPs managing networks of several independent clients.

The option includes the following features:

  • A Peer Node is configured using the node URL that includes tenant and space information and the API authentication token created for a Service account on the peer node.

  • Delegated peer nodes are configured on the asset or on the container level inheriting down the container hierarchy with the options to enhance or to disable peer node connection on the child assets.

  • A main node load balances multiple configured peer nodes to distribute the load of the script execution.

  • A single peer node executing delegated scripts might serve multiple main nodes.

  • The peer node that executes the script on the asset endpoint on behalf of the main node creates and event log record about details of the execution including the Node Signature of the main node delegating the execution.

  • Node Signature field in the job report indicates the node that executed the script.

Added ID Generator Field Type

Added ID generator field type that generated new GUID when creating an asset with the option to refresh the field value when editing the field.

To add an ID Generator field to an asset type, use String field with the $GUID as a default value.

Security

  • Updated REST API data parsing infrastructure component to the latest version.

  • Updated logging infrastructure component to the latest version.

  • Updated OpenAPI REST API documentation generator to the latest version.

Extensions

  • Added the option to filter asset firewall rules report by Backup rules.

  • Added Save and Promote button on the asset creation and editing screens to promote the asset to the major version right after saving.

  • Added a warning message about the asset is in the draft state when applying policies to the asset or when enforcing the asset policies from asset view or asset list screens.

Bug Fixes

  • Fixed the issue with deleting request selectors disabled in the child assets.

  • Fixed the issue with displaying only scripts that could be executed interactively on the asset view screen removing the scripts that could only be executed as a part of a handler.

  • Fixed the issue with Windows Firewall Management scripts allow to continue the process after failing to delete missing rule from the endpoint.

  • Fixed the issue with switching to policy enforcement action deleting firewall rules created for standard ports when they are not managed by policies.

  • Fixed the issue with preserving duplicate rules when reading Windows firewall rules provisioned by the application with different keys.

  • Fixed the issue with failing new version detection during the application update on Windows platforms for certain application versions.

  • Fixed the issue with the context help description of the Space Management Manager role.

  • Fixed the issue with unused Space Management Manager role.

  • Fixed the issue with Space Manager role labeling.

Release notes for the update September 29, 2024

Update Version 4.1.202409271713

New Features

Added the option to require approvals of the user requests to access select application functions.

The Request Approval option is useful to implement dual control (four-eyes), peer review principles for critical functions or configuration options, fine grained security for field-, operation-, and time- based access, preventive yet flexible permissions mechanism, and strong auditing with reporting requests reasons.

The Request Approval option includes the following features:

  • Automatic or interactive approvals including multiple consecutive approval levels as well as a select number of alternative authorizers from a group. Selection of authorizers from various integrated user directories such as MS Active Directory, Entra ID, LDAP-based directory, or local directory)

  • Function restriction.

  • User or group based approval requirements for the principals from various integrated user directories.

  • Time of the day, day of the week or day of the month based approval requirements.

  • Alternative approval forms selection when submitting action requests for approval.

  • Inheritance of the approval requirements down the container hierarchy with the option to override or to enhance the parent-level configuration.

  • My Requests report to display action requests made by the current user. The screen allows request owners to review the requests including request approval process as well as to complete approved requests before their expiration time, and to delete active requests that are not yet approved by any authorizer.

  • Approver List report to display action requests the current user can approve. The screen allows authorizers to review the request including request approval process as well as to approve or to reject an active request while providing a reason for the rejection.

  • Action Request report to display all action requests made in the current space a space auditor can review. The screen allows auditors and administrators to review the request including request approval process as well as to complete approved requests before their expiration time.

Added the option to require approval process for the following space-level operations

  • Manage Space Permissions.

  • Manage Microsegmentation Policy.

Added the option to require approval process for the following asset-level operations

  • Request Service Access.

  • Manage Asset Permissions.

  • Manage Asset.

Security

  • Updated REST API browser GUI to the latest version 5.17.14

  • Updated CSV processor to the last version.

  • Updated client-side dependency components to the latest versions.

Bug Fixes

  • Fixed the issue with a user with a non-global role accessing asset database.

  • Fixed the issue with the locked installation directory during application update on Windows computers.

  • Fixed the issue with the red color of the error messages on the context help dialogue

  • Fixed the issue with the wrong position of the refresh button on the jobs report screen.

  • Fixed the issue with context help text description for the alias configuration management.

  • Fixed the issue with the color of a custom checkbox field on the edit asset screen.

Release notes for the update September 22, 2024

Update Version 4.1.202409202108

Security

  • Updated WEB container to the latest version 10.1.30

  • Updated Native Access component to the latest version.

  • Updated HTTP Communication component to the latest version.

  • Updated client-side dependency components to the latest versions.

Bug Fixes

  • Fixed the issue with asset view screen opened for the space root asset.

  • Fixed the issue with the updating space root container.

  • Added trace logging when collecting data from remote host.

Release notes for the update September 15, 2024

Update Version 4.1.202409131407

Extensions

  • Added support for displaying connections graph for summary connections.

Security

  • Updated WEB container to the latest version 10.1.29

  • Updated application logger component to the latest version.

  • Updated internal scripting Groovy library to the latest version.

  • Updated HTTP Communication component to the latest version.

Bug Fixes

  • Fixed the issue with loosing active connection status when aggregating connections.

  • Added debug trace information to troubleshoot connection aggregation.

  • Fixed the issue with the icon on the remove tagging condition button.

  • Fixed the issue with the incorrect label for reading on the mass delete buttons on several screens.

  • Added location information about application error messages in in the log file.

  • Added trace logging when collecting data from remote host.

Release notes for the update September 8, 2024

Update Version 4.1.202409061622

Extensions

  • Added support for the summary asset connection tabulated report that aggregates connections to the same port from multiple different high-numbered ports with the count of connections to simplify the view of the connections on the asset endpoint.

  • Added the option to regenerate Summary Connections report from the already collected raw connections data from the endpoint instead of accumulating the summary during new collections.

Bug Fixes

  • Fixed the issue with API Tokens management in the base tenants.

  • Fixed the issue with accessing OpenAPI GUI with the token generated for different user as the WEB GUI opened in the other tab of the same browser.

  • Fixed the issue with refresh token even if present intefering with the API token verification.

  • Fixed the issue with spelling RADIUS protocol in the application GUI.

  • Added debug trace information to troubleshoot rules generation and deletion.

  • Fixed the authentication issue when navigating to the asset tenant from the base tenant tenant list.

Release notes for the update September 1, 2024

Update Version 4.1.202408301921

New Features

Added the option to mass tag assets

The option to Mass Tag assets allows users to identify several assets on the asset list screen and assign multiple terms to the chosen taxonomy field of each selected asset.

The option also allows to mass enhance metadata of the selected assets by enabling Intelligent Tagging option on the mass tagging screen. The option generates new terms for each asset based on the individual asset metadata, field values or data collected from the asset endpoint based on the currently enabled Intelligent Tagging rules.

Mass Tagging

The option simplifies the process of assigning tags to the assets for the purpose of microsegmentation policy management.

Added the option to mass un-tag assets

The option to Mass Un-tag assets allows users to identify several assets on the asset list screen and remove multiple terms from the chosen taxonomy field of each selected asset.

Added the option to import assets from MS Active Directory.

The option to import assets from Microsoft Active Directory allows to query enabled and verified Active Directory connection for the domain computers to import into selected container in the asset database.

The option assigns Asset Type and Shadow Asset configured for the import process to each imported asset.

Import query is given in the LDAP Query Language and allows to select devices based on various fields from the MS Active Directory such as OS name, version, last use or host name.

AD Import

The option allows to quickly load assets including enhanced metadata, tags and connectivity option to the asset database from the well known source.

Added Intelligent Tagging support during asset import.

The option to use Intelligent Tagging during the import process allows to enhance asset taxonomy fields during the import process with the terms suggested by the Intelligent Tagging mechanizm based on the asset known metadata, field values and location in the asset database.

The option allows to mass load assets to the asset database ready to use by configured microsegmentation policies. The option is useful for the initial data load as much as for the addition of new assets into the configured and working system.

Security

  • Updated WEB page rendering infrastructure component to the latest version.

  • Updated IP Address utility module to the latest version.

  • Updated OpenAPI REST API documentation component to the latest version.

  • Updated string utilities component to the latest version.

Extensions

  • Added the option to Apply Policies from the asset list asset context menu.

  • Added support for the scripts executions to use connection parameters from the Shadow asset member when the defined task Run As asset does not include these parameters.

  • Added asset description to all asset selection controls (such as Member or Base Asset on the Asset Editing screen, Reference Asset on the Import from LDAP screen) to simplify identification of the similar named assets during selection.

Bug Fixes

  • Added debug trace information to troubleshoot asset policy enforcement enabling for the package com.otna.runner.handler.SwitchToPoliciesJobFlowHandler.

  • Fixed the issue with the Asset Viewer role for the container should be able to browse the container for the assets it has permissions to

  • Fixed the issue with missing menu items for Enforce Policies, Restore Original as well as Request Service in the asset list context menu for the asset.

  • Fixed the issue with the language translation of Complete status of the jobs on the Jobs Report.

  • Added the description for the options of the Source to the tagging rules context help menu.

  • Fixed the issue with formatting of the context help menu about member assets on the asset view screen.

  • Fixed the issue with Tagging Rule criteria predicate selection from different conditions interfered with each other.

  • Fixed the issue with failure to save the Tagging Rule invalidated the rule editing form.

  • Fixed the issue with navigating to the application using unterminated by slash URL directly to the valid tenant and space.

Release notes for the update August 25, 2024

Update Version 4.1.202408232020

New Features

Added Intelligent Tagging Option

Intelligent tagging is a process of either suggesting or assigning tags to an asset based on the asset characteristics. Intelligent tagging rule is a configuration that assigns terms to an asset based on the asset metadata, field values or data collected from the asset endpoint. Intelligent tagging is triggered at the various stages of the asset lifecycle such as asset creation, updating, bulk tagging or importing.

Intelligent tagging is a useful tool to automatically assign terms to assets based on the known data. Intelligent tagging rules could be created to follow naming conventions used in the organization, IP locations of the groups of endpoints, device vendor or version information.

Intelligent Tagging Rule

New terms suggestions are initiated from the screens to create or edit an asset using the Intelligent Tagging option located in front of the relevant Taxonomy field. Intelligent tagging action automatically populates the taxonomy field with the new term suggestions and pops up an information message referencing the intelligent tagging rules generating suggested terms.

Asset Intelligent Tagging

Security

  • Updated MS SQL and PostgreSQL drivers to the latest versions.

Extensions

  • Added API Manager, Intelligent Tagging Manager and Task Manager space level roles to granularly control access to the space actions.

  • Added version number on the policy history report.

  • Added the option to reconnect the import entry with the existing asset during the import process. When reconnecting, the import process updates the existing asset with the imported data and reuses the resulting asset in the further import.

  • Added default setting for the asset permissions screen.

  • Added asset path to the list of the asset permissions as well as to the create or edit asset permission screens.

Bug Fixes

  • Fixed the issue with the access to the asset actions for the user with the asset-level roles.

  • Fixed the issue with the access to the configuration, management and asset actions for the users with various space level roles.

  • Fixed the issue with deleting various configuration, management and asset objects from the system.

  • Fixed the issue with the group name to appear in the warning message about deleting a group.

  • Fixed the issue with the Add button available on the policy history screen.

  • Fixed the issue with space name on the policy history report.

  • Fixed the issue with deleting spaces.

  • Fixed the issue with saving new parser after specifying only parser name without any other field.

  • Improved troubleshooting errors about failure to apply policy job execution.

  • Updated test tenant database connection action icon.

  • Fixed the issue with the members user directory display on the local groups screen.

  • Fixed the issue with the container level asset or container creator implies the permission to view the container.

  • Fixed the issue with inheriting asset permissions from the root parent.

Release notes for the update August, 18 2024

Update Version 4.1.202408161841

New Features

Added the option to manage logger configuration

Logger is a system module that sends information about system events (such as creating an asset) to the external media in the Common Events Format (CEF).

The system supports the following loggers types:

  • Console - Console Logger prints events on the system console when the application is run from the command line. When the application is run on the Linux platforms the events printed on the console are captured in the catalina.out file in the $HOME/web/logs folders.

  • File - File logger prints events in the specified file. File logger supports log file archiving based on several conditions as well as deletion of the old archives.

  • Syslog - Syslog logger streams log records over the network to syslog servers using UDP or TCP protocols.

All loggers support event filtering by tenant or message search conditions.

Logger configuration allows to customize message patterns, metadata sent with the message, file naming pattern and file rotation schedule.

Typical uses of the logger configuration are outlined below:

  • Stream all system events (or events generated by certain tenants) to the external SIEM system.

  • Change location of the log file to the location outside of the installation $HOME directory.

  • Segregate events generated by certain tenants into separate files or separate syslog servers.

  • Enable debug or trace logging for certain modules of the system to troubleshoot certain functionality.

Added the option to deep delete an asset.

Deep delete operation deletes this container and all its child objects in a single operation.

When deep deleting the assets, the operation deletes this selected object and all its links to parent objects as well as the object itself in a single operation. The action cannot be undone.

Security

  • Updated the logging infrastructure, PDF generation, dynamic WEB page rendering, WEB GUI infrastructure, and database access modules to the latest version.

  • Updated the application framework (Windows, Linux on X64 and ARM architectures) to the latest version 21.0.4+7 LTS.

Extensions

  • Added a link to the view import entries screen from the import name of the list of the imports.

Bug Fixes

  • Fixed the issue with the file deletion pattern in the default logger configuration.

  • Fixed the issue with updating the application on Linux platforms in case the update includes updates of external libraries.

  • Fixed the word spelling on multiple context help popups.

  • Fixed the issue with missing chart on the asset workload report in certain conditions.

  • Fixed the issue with deleting the asset added using the import process.

  • Fixed the issue with creating the asset that includes a base asset.

  • Fixed the issue with creating the asset that includes a base account of the same type as the asset itself.

  • Fixed the issue with the link to the imported asset in the details view of the list of the import entries.

  • Fixed the issue with missing context help entries on the Container Import screen.

  • Fixed the issue with importing asset members.

  • Fixed the issue with pasting assets into the root container.

  • Fixed the issue with displaying the non-editable status for the MFA rules inherited from the parent spaces.

  • Fixed the issue with mass operations available for the MFA Rules inherited from the parent spaces.

  • Fixed the issue with asset viewer cannot open an asset for the view.