Skip to content

2024

Release notes for the update August, 11 2024

Update Version 4.1.202408091846

New Features

Updated Cryptographic Module to Bouncy Castle FIPS 2.0.7

Cryptographic module performs encryption and hashing functions to secure both at-rest and in-motion data handled by the system. FIPS is a Federal Government Information Processing standard that mandates cryptography algorithms used by the system functions as well as the strength, the format and the storage requirements for the cryptographic keys generated and used by the system.

As of July, 29 2024, Bouncy Castle FIPS version 2 has been approved by the Federal Government for its latest version of FIPS 140-3 standard.

https://csrc.nist.gov/projects/cryptographic-module-validation-program/Certificate/4743

Cryptography module version is displayed on the My Profile / About screen.

FIPS2

Added the option to restore old asset version.

The Restore action is available for each historical version of the asset but the last one on the Asset History report. When executed, it adds a new version to the asset history with the field values and the asset metadata of the selected version.

Added the option to restore old segmentation policy version.

The Restore action is available for each historical version of the policy but the last one on the Policy History report. When executed, it adds a new version to the policy history with the policy parameters and metadata of the selected version.

Security

  • Updated WEB Container version to the last one 10.1.28

  • Updated REST API, SSH remote connectivity, part of the logging infrastructure, string processing modules to the latest version.

  • Updated MS SQL and Oracle drivers to the latest versions.

Extensions

  • Added the option to delete backed up firewall rules from the asset database.

  • Added the option to demote a last major version of the asset to the previous minor version.

  • Added the option to demote last promoted version of the segmentation policy back to its previous minor version.

  • Renamed Cryptographic Module label on the About screen.

  • Added keyboard shortcut to save local group.

Bug Fixes

  • Fixed the issue with duplicate publishing of backed up firewall rules when restoring asset to original state.

  • Fixed the issue with updating cached user email when modifying it on the Local User or My Profile editing screens.

  • Fixed the issue with failing a mass operation for one of the selected entries failed to complete the same operation for other entries.

  • Fixed the issue with displaying SMTP Servers on the Mail MFA list and editing form.

  • Removed IMAP configuration page for now from the navigation menu until the further use of IMAP in the system.

  • Fixed the issue with configuring and using Yubikey access.

  • Fixed the issue with interchanged OTP and HOTP indicators on the users report.

  • Fixed the issue with the action menu to reset MFA tokens on the Users report should only be available to the space administrators.

  • Fixed the issue with creating and editing local groups.

  • Fixed the issue with removing members from local groups.

  • Fixed the issue with broken event log message about adding a user from external directory to the local group.

  • Fixed the issue with transparent checkbox switch on Local User, API token, Type Field, Local Directory, Templates, Aliases, Duo Security, Radius MFA and TOTP MFA editin screens.

  • Fixed the issue with missing Add asset button in the subspaces.

  • Fixed the note wording on the first tenant creation screen after deployment.

  • Fixed the issue with error message displayed after failure to delete asset type.

  • Fixed the issue with renaming a space left access to the space with the old name until the application restart.

Release notes for the update August, 4 2024

Update Version 4.1.202408022057

New Features

Added service selection dialogue

Added the option to select a network service from the list of entries on policy editing and service request screens. Service selection screens visualizes services configured in the system to simplify the selection.

Note the alternative method to select services by typing service name or a port to the service field.

Service Selector

Added access protection check before enabling asset enforcement.

Added a check that allows management server to access the asset enabling enforcement of firewall rules. Management server access is a default out of the box policy that has to be published on the asset before enforcing the policies to allow management server to still access the asset for the further configuration.

When the management server access policy is not published to the asset, the job that enables the enforcement fails with the corresponding message in the job report.

Enable Aborted

Extensions

  • Added job status Failover (Delayed) to indicate that the job is delayed because some other job already runs on the endpoint.

  • Added asset level statuses report displaying infrastructure information collected from the selected endpoint.

Asset Status

  • Added navigation option to the asset from the asset path on the task editing screen

  • Added context help for the job exit code column.

  • Added the time of the next job execution to the details section of the jobs report.

Job Next Run

  • Added navigation link to the asset view screen from the asset path control of the asset level connection and workloads report.

  • Added refresh button to workloads, interfaces, connections, firewall, events, asset history, net statuses reports.

Bug Fixes

  • Fixed the issue with automatic publishing of newly generated rules to the affected endpoints after applying policies to the modified assets acting as sources for these endpoints.

  • Fixed the issue with Restore the Original action handler applying different logic to the endpoint as compare with Enabling Enforcement action.

  • Fixed the issue with language translations to the job statuses.

  • Fixed the issue with the Enable Enforcement and Restore Original actions applied to the Windows endpoints use the segmentation loginc through the action handler instead of the single script executed on the endpoint.

  • Fixed the issue with periodic scheduled task executions used the same original job record as a collector of job results as well as the record about the job execution. Added the logic that creates new job object for each consecutive execution of the periodic scheduled task.

  • Fixed the issue with defaulting seconds and minutes section of the newly created schedule in the schedule builder to the randomly selected second of a randomly selected minute of each hour.

  • Fixed the issue with enabling save button on the task editing form after modifying the schedule using schedule builder screen.

  • Fixed the issue with the empty message when deleting an API Token with no description.

  • Fixed the issue with re-ordering the list of displayed entities for many reports and lists in response to refresh action.

  • Fixed the issue with selection indicator position on the icon selection component as well as on the application customizer screen.

  • Improved failed jobs error message about connecting to the unreachable endpoints.

  • Fixed the issue with login to the system in the case of configured broken integration with external user directory.

  • Fixed the issue with authenticating to external LDAP directory during the login process.

  • Fixed the error message when accessing My Profile / Account page with the external user directory account.

  • Fixed the issue when host detected firewall rules were deleted even if enforce policy aborted during execution.

  • Fixed the visibility of the checkboxes on the LDAP, SAML, SMTP, and Entra ID editing screens.

  • Fixed the issue with generic error message in response to failed LDAP test.

  • Fixed the issue with occasional error during periodic internal cache clean up.

  • Fixed the issue with connecting to LDAP servers with SSL Certificates not including the ldap server name in their subjects using Linux deployments.

  • Improved troubleshooting message about errors running tenant maintenance process by indicating the name of the tenant.

  • Fixed the issue with inability to login with EntraID user or a user from LDAP or EntraID group after assigning permission to this principal

  • Fixed the issue with the context help for the Name field on the SAML editing screen.

  • Fixed the issue with the keyboard shortcut button to save SAML, SMTP and LDAP configurations.

  • Fixed the issue with creating new SAML configuration.

  • Fixed the issue with too frequent logout events in the event log.

  • Fixed the issue with creating second SAML configuration filled default values with the previous configuration.

  • Fixed the ${dynamic} issuer resolution to include tenant and root space to simplify SAML integrations.

  • Fixed the issue with an inappropriate error message after successful send of the test email on the SMTP configuration.

  • Improved the error message about sending Mail MFA notification.

  • Fixed the issue with the timestamp formatting for SSO requests generated from different environments.

Release notes for the update July, 28 2024

Update Version 4.1.202407262237

New Features

Added Reports button to the Asset View screen.

Asset Reports selection include Asset History, Events, Job reports as well as asset level Network Connections, Workloads and Firewall reports.

Asset View - Reports

The update also adds a link to the asset view screen from asset-related reports as a part of the screen breadcrumbs as well as the asset path.

Access to these reports on the asset level still accessible through the actions menu item in the list view.

Added Manage button to the Asset View screen.

Manage Asset selection include actions to edit, promote major, view task list, apply policieis, enforce policies, restore original and request service.

Access to these management actions on the asset level still accessible through the actions menu item in the list view.

Asset View - Manage

Added debug logging information about detection of connection violations

With enabled debug level the violation detection logic adds the internal data to the asset event log for the further review.

Violation Detection Debug

Extensions

  • Added the option to display jobs report for the selected asset.

  • Added asset level events report

  • Updated default filter for the asset connections report to Active connections

  • Added the option to the Asset Manage menu to apply all related policies to the selected asset without the need to create new asset version. This option might become a debugging tool available under the debug mode.

  • Added the option to navigate taxonomy and term hierarchy by clicking on the term or taxonomy name in the list.

Term Navigation

Bug Fixes

  • Fixed the Copyright vendor name in the application deployment scripts on Windows

  • Updated Copyright wording on the About page

  • Updated offline installer to remove QA related setup files

  • Fixed the issue with over-reporting field decryption event in the event log for the internal operations.

  • Fixed the issue with deleting an asset that has related service requests and jobs referencing firewall rules

  • Fixed the issue with missing asset header in the asset events report

  • Fixed asset level title for the jobs and events report

  • Fixed the issue with creating new user or new group kept add new form populated with the fields of the previously created user or group.

  • Fixed the issue with content part of the application disappeared under the left navigation sidebar after browser refresh.

  • Fixed the issue with applying policies to to the asset used as a source of the same asset that lead to the circular policy application after reading firewall rules on the asset.

  • Fixed the spelling mistake in the Linux Status script description

  • Fixed the issue with alphabetizing the tasks under the asset's Execute dropdown menu

  • Fixed the issue with too narrow dropdown menu for the tasks under the asset's Execute dropdown menu

  • Fixed the issue with navigating to a term on the term selection screen by clicking only to the term name to demonstrate the navigation path.

  • Fixed the issue with the term copy failed on Paste operation from the term actions menu.

  • Fixed the issue with missing row separators on the taxonomy term browser.

  • Fixed the issue with deleting policies that have collected connections and firewall rules.

  • Fixed the issue with deleting API tokens.

  • Fixed the issue with default token expiration date set in the past.

  • Fixed the issues with using MS SQL Server as a backend tenant database.

MS SQL Server

  • Fixed the issues with using MySQL as a backend tenant database.

MySQL

  • Fixed the issues with using PostgreSQL as a backend tenant database.

MySQL

Release notes for the update July, 21 2024

Update Version 4.1.202407192016

New Features

Added API Tokens Management

Added the option to manage API tokens and to generate JWT tokens to authenticate and authorize external scripts and application to access data and processes of the application server.

API token represents an authentication and an authorization mechanism for 3rd party scripts and applications to communicate with the system server using its REST API. After created in the system, an API token generates a unique string signed by the tenant signature key in a standard JSON Web Token (JWT) format that that defines a compact and self-contained way for securely transmitting information from external parties to the system server.

To ensure access security, an API token encapsulates information about the user, expiration time and IP address filter for the caller location. It is signed by the tenant signature keys and could be disabled on the server side.

OpenAPI Tenant

Added the option to execute system API from OpenAPI browser

Added the option to OpenAPI browser GUI to specify tenant for the script execution to execute selected function with the real data.

The option allows to use OpenAPI REST API browser to execute functions in the real application server tenant in addition to just browsing API categories and functions.

The option facilitates adoption of the system integration into the specific clients networks.

OpenAPI Tenant

Improved filters on the Network Connections reports.

Added the option to filter connection list on space- and on asset-level reports by the Active indicator.

Active Connections Filter

Added the option to filter system and asset level connection report by local and foreign address and port.

Port and Address Connections Filter

Extensions

  • Updated the application framework and WEB container to the latest versions.

  • Fixed the issue with Enable Policy Enforcement action disabling default in-bound traffic.

  • Updated server and client side application components to the latest versions.

  • Added context help for the Framework update on the About screen.

  • Added Oracle RDBMS, MS SQL Server, MySQL and PostgreSQL drivers to the software distribution.

  • Added the option to show a progress indicator when creating, updating a tenant or testing tenant back end database connectivity.

Bug Fixes

  • Fixed the issue with processing SSH script results with no exit code.

  • Fixed the issue with the missing Linux Firewall Management Script Batch in the default Unix-related asset types.

  • Fixed the issue with the blanket error message during the Linux installation about removing non-existing files.

  • Fixed the issue with saving asset that contains a single space character in a Password field.

  • Fixed the issue with parsing incomplete data in script definitions.

  • Fixed the publishing of the offline installer package.

  • Fixed the issue with the error message unlocking the empty secret field.

  • Fixed the issue with some password managers embedded into the browser attempting to save asset user and password fields to their vaults when saving assets.

  • Fixed the issue with accessing the application home page and the asset list by the user with no space administrator or space auditor permissions.

  • Fixed the issue with mis-counting total number of accessible space assets on the home page wizard for non-admin users.

  • Fixed the issue with non-admin users browsing the asset hierarchy.

  • Fixed the home page layout for non-admin users.

  • Fixed the issue with losing database password when creating tenants with the external database.

  • Fixed the success message after testing a tenant connection to the new database on the tenant add of edit screen.

  • Improved context help for DB URL field on the tenant editing screen to include database connection strings.

  • Fixed the issue with switching to policies and switching to original state checking the status of the operation.

  • Changed default rule prefix generated on Windows platforms to ZT.

  • Fixed the issues with using Oracle RDMS as a backend tenant database.

Oracle

Release notes for the update July, 14 2024

Update Version 4.1.202407121357

New Features

Added signatures to the application installation and update scripts on Windows platforms.

While Windows Server OS does not trust the installer right away (although it might start doing this following enough executions from different locations), it prints the vendor information during the launch of the script and offers to establish permanent trust with the vendor's certificate. This is a good progress as compare to the unsigned script considering that the script itself comes from the WEB site mentioned in the certificate.

Add or Edit Service Request

Default setting on the Windows Server platforms allows signed script executions and prompts to establish the trust with the vendor. There is nothing special needs to be done on Servers to install and to update the application.

Default setting on the Windows Desktop blocks any script executions. To start deploy the application on Windows Desktops the script execution should be enabled by using the following PowerShell command:

Set-ExecutionPolicy -ExecutionPolicy RemoteSigned

The command should remain in effect on Windows Desktop platforms during application life time to ensure application updates that are also script driven.

Another advantage of the script signatures is that the script download using WEB browser does not produce warning messages from the WEB browser about unknown origins of the downloaded scripts.

Added offline installer accessible using the following URL

https://bin.12port.com/product/12port-offline.tgz

Added support for Handler script orchestration type

Handlers allow the application to expose customizable parts of the complex network management workflows as editable scripts in the script library while preserving proprietary micro-segmentation logic inside the application core. This approach simplifies customizations and development of new device types.

Handlers

Example of a handler is the action that enables policy rules enforcement. The action collects current asset status and the firewall configuration from the asset endpoint using the scripts from the script library. Then the action analyses the result using the proprietary logic. Finally, the action enables the firewall enforcement using another script from the script library.

Added support to enforce application license expiration.

While waiting for the License Server implementation, current expiration date is set for now to October, 18th with the expectation we will move the date forcing the current users to update until the proper licensing system will be implemented.

In the expired state the application prohibits creating, updating and deleting Assets, Network Services and Segmentation Policies as well as moving, copying assets and promoting objects to major version.

Both server side restrictions and client side helpers are implemented.

Added the notification box about the license expiration to the home screen as well as to the asset, services and policies lists.

Home Screen License Expiration Notification

Added license expiration entry to the system About screen.

License Expiration on About screen

Extensions

  • Added Japanese translation for server- and client-side labels and messages.

  • Added the option to use note element > in the context help markdown files.

  • Added context help for the Users Report

  • Added context help to the Service Request report as well as to Add and Edit Service Requests screens.

  • Added context help to the Network Status report.

  • Added context help to the Workloads report.

  • Added context help to the Connections report.

  • Added context help to the Firewall report.

  • Added context help to the Network Service management screens.

  • Added context help for Policy management screens.

  • Added context help for Policy Query Preview screen.

  • Added context help to the About screen

  • Added context help to the SSL Key Import screen

  • Added context help to the Time Range picker dialogue

Bug Fixes

  • Fixed the issue with unnecessary creating new local database when testing database connection for the new tenant created with the embedded database.

  • Fixed the issue with XSLT parser processing empty list results.

  • Fixed the issue with the availability of the option to edit detected firewall rule.

  • Fixed the issue with deleting an asset associated with the collected data.

  • Fixed the issues with successful and un-successful message confirmation when changing password on My Profile / Account page.

  • Fixed the issue with resetting password update fields on the My Profile / Account screen after successful update of the password.

  • Fixed the issue with out of the box assets and policies appear in the draft state.

  • Fixed the issue with automatic publishing of the firewall rules generated after publishing a policy.

  • Fixed the issue with passing PowerShell script parameters from handlers.

  • Fixed the issue with missing Firewall Management task in the out of the box Windows Host asset type

  • Fixed the issue with disabling default RDP and WinRM rules when enabling enforcement on the Windows hosts as well as re-enabling them when restoring firewall to the original state.

  • Fixed the issue with increasing asset minor version when switching status of the segmentation policy affecting the asset.

  • Fixed the issue with asset copy preserving secure fields.

  • Fixed the issue with placeholder for the asset displayed on the success message after the individual asset copy, move and delete operations.

  • Fixed the issue with detecting terms match using Same policy source criteria.

  • Fixed the issue with inability to delete all values from multi-values fields.

Release notes for the update July, 7 2024

Update Version 4.1.202407052156

New Features

  • Added the option to create service requests for an asset under management to open requested service for the requested period of time in the future.

The option allows users to request the system to open requested ports on the managed endpoints for the requested devices during the requested time range (possibly in the future) outside of the context of existing policies.

Add or Edit Service Request

Service requests track in the Service Request report with the options to review, delete and modify existing requests.

Track Service Request

Firewall report displays rules originated from the service requests with the indication of this service request.

Track Service Request

Service requests are triggered from the asset context menu in the asset database navigator. Service request replace previously introduces Add New Rule action in a controlled, tracked and managed way.

Track Service Request

Extensions

  • Added the option to change date / time format using the application customizer to test data format use across the application.

Note that like everything in the customizer right now the setting is not preserved during the browser refresh.

Track Service Request

  • Added vertical scroll to the asset context menu to better accommodate smaller screens.

Asset Scrollable Context Menu

  • Added the option to open container browser or asset view screens from the asset database navigator in the new tab by right clicking on it and selecting "Open in a new tab" browser action.

  • Added the option to open Add SMTP configuration screen in the new tab by right clicking on Add button and selecting "Open in a new tab" browser action.

  • Added the option to open Add and Edit Parser screens in the new tab by right clicking on corresponding buttons and selecting "Open in a new tab" browser action.

  • Added the option to open Add and Edit Script screens in the new tab by right clicking on corresponding buttons and selecting "Open in a new tab" browser action.

  • Added the option to open Add and Edit Network Service screens in the new tab by right clicking on corresponding buttons and selecting "Open in a new tab" browser action.

  • Added the option to open Add and Edit Policy as well as policy history screens in the new tab by right clicking on corresponding buttons and selecting "Open in a new tab" browser action.

  • Added the option to open View Import screen in the new tab by right clicking on corresponding buttons and selecting "Open in a new tab" browser action.

  • Added the option to save new or update existing space using Ctrl-S shortcut

  • Updated context help for the Import management screens

  • Updated context help for the Tenant management screens

Bug Fixes

  • Fixed the issue with displaying asset icons that are default to type.

  • Fixed the issue with changing asset icon dialogue defaulting to the asset type icon.

  • Fixed the issue with rendering display names of principals in case of their source directory is not known at the time of reporting.

  • Fixed the issue with exporting reports that contain data that require database access during rendering

  • Fixed the issue with allowing to create a space with non-alpha-numeric characters

  • Fixed the issue with Success message fixed when promoting asset to major version

  • Fixed the issue with failing Test button on Create New Tenant and Initialize first tenant screens

Release notes for the update June, 30 2024

Update Version 4.1.202406282233

New Features

  • Added support for the native deployment on Windows ARM platforms

Windows ARM

Extensions

  • Changed the system log name to ztna.

  • Added the option to open application screens from the left side vertical menu in the new tab by right clicking on it and selecting "Open in a new tab" browser action.

  • Added the option to open application screens from the left side horizontal menu in the new tab by right clicking on it and selecting "Open in a new tab" browser action.

  • Added the option to open Add New SMTP Connection screen in the new tab by right clicking on the Add button and selecting "Open in a new tab" browser action.

  • Added the option to open Add New Asset screen, Manage Asset Permissions and Container Visibility, View Asset screens as well as all screens from the asset drop down menu in the new tab by right clicking on the Add button and selecting "Open in a new tab" browser action.

Bug Fixes

  • Fixed the issue with switching from default script or parser content when updating other script or parser properties

  • Fixed the issue with starting WEB Server from command line for troubleshooting purposes

  • Fixed the issue with creating new tenants in case there were issues accessing one of the old ones

  • Fixed the issue with detecting framework update on all platforms that support vendor driven framework distribution

  • Fixed the issue with creating tenants with embedded back end database to ensure that database user and database passwords are not set.

  • Fixed Windows platforms update procedure compatibility issue with different brands of JRE framework

  • Fixed the application name on the My Profile / About screen

Release notes for the update June, 23 2024

Update Version 4.1.202406211732

New Features

  • Added version support for micro-segmentation policies.

Creation of a new policy as well as updating existing policy will create a minor version of the policy (such as 2.1, 2.2, 2.3, ...). Policy application that generates rules and checks for traffic violations only works with the major versions of the policies while the system users can review all versions.

Added the option to promote current minor version of the policy to a major version.

Added the option to review policy history report with details about each policy version. Added the option to run a policy review for any selected historical version.

Policy versioning adds a story about change control. Changing policy selectors, services or sources might affect multiple endpoints by generating or removing firewall rules on these endpoints. The system allows policy owners to review the change before applying it to the assets either themselves, or with their peers, or with the other stakeholders that have interests in the maintaining the endpoints under management.

Policy Versions 1

Policy Versions 1

  • Firewall Rules synchronization

Added synchronization logic to re-apply segmentation policies to the assets when the new rules created on the endpoints or existing policy-generated rules deleted from the asset directly without the use of the application policies.

This update maintains a consistent state between configured segmentation policies in the application and the state of the firewall on the endpoints even if admins create of delete firewall rules directly on the endpoint.

The process happens in the background and triggers automatically after execution of List Firewall Rules scripts.

  • Policy Preview for Asset Versions

Added support to display Policy Preview screen for a selected asset version and a selected segmentation taxonomy field of this version.

This update continues the story of change control. It allows system owners to review the policy application to an old version of the asset (for example, for the currently production major version) as compared to the last version or to one of the past versions.

Also note that an asset might contain several segmentation taxonomy fields that would apply different policies based on different segmentation taxonomy. It allows demonstration of different segmentation taxonomies and their application to control the traffic for the same asset. Example is that the same asset might be classified based on the location, environment, component and application or it might be classified based on specific process phase, confidentiality level and priority impact. The update allows to run Policy Preview not only for the selected version of the asset but for the selected segmentation field.

Extensions

  • Updated the application favorite icon in the browser page tab.

It looks like the icon has white background instead of transparent background. The original icon has ico format (favicon.ico) that included multiple resolutions. We generated one from the supplied png files using some online WEB converter. Maybe the supplied png files could be combined into the aggregated ico file better than this online converter. We will keep working with the designer to generate the icon in the right format.

  • Menu ident

Changed left side application menu appearance to indent second level menu to the right to show that this is another menu level.

  • Added support for unsupported rules

Added support for ignoring firewall rules from the endpoints that are not supported by the application. We will decide during business operation whether do we want to add support for these rules or leave them undetected. The fix allows to continue micro-segmentation logic in the presence of unsupported firewall configuration. Firewall service has more functionality that is needed for micro-segmentation story so the current approach is to ignore firewall aspects that are not interesting for our current marketing.

The rule in question this week was the enabling Ping service to respond on Windows 10 computers (worked fine for Windows 11). Ping is an ICMP protocol which is outside of the scope of the first implementation (TCP and UDP are supported).

This update should fix the issue we had with Windows 10 computers on the demo tenant.

  • Asset-specific icons

Added the option to change application icon on the asset level overwriting the asset type configuration.

This update allows to emphasize certain areas of the application both containers and assets. We will surely use it for demos. Based on our past experiences, clients like it too.

  • Hardware Architecture

Added hardware architecture information to the system about screen.

  • Mass Promote

Added the option to mass promote selected assets to the major version.

This is a handy productivity enhancement tool especially after large imports but useful for the manual asset creations as well.

Bug Fixes

  • Cleaned up language translations files so they would be consistent with each other.

  • Automated language translations through the corporate Google Cloud account to maintain language translations consistent for the weekly releases.

  • Fixed the issue with importing assets to the system in case the import file does not include asset name (use host instead) or both asset name and a host (post an error during import).

  • Fixed the issue with deleting imported assets from the system without deleting the import before that

  • Fixed the issue with updating default parsers in the existing tenants

  • Fixed the issue with using default script templates for Groovy and PowerShell scripts. This fix resolves the issue that required us to re-save each PowerShell script on the demo tenant before it started to work.

  • Fixed the issue with unclassified API documentation for Import module.

  • Removed default time filter from Interfaces report.

  • Removed default time filter from Firewall Rules report.

  • Removed default time filter from Workloads report.

  • Fixed the issue with not-adjustable IPv6 column on the Interface report to make it fit to the lower resolution displays.

Release notes for the update June, 16 2024

Update Version 4.1.202406162121

New Features

Added initial support for asset database

  • Manage and browse space hierarchy of nested sub-spaces. Sub-space inherits and extends a configuration of its parent space and maintains unique asset database.

  • Browse containers and assets based on users permissions.

  • Create, edit, view and delete as well as copy, paste and link containers and assets.

  • Mass import assets into the space database from CSV spreadsheets.

  • Manage and query asset versions including draft (minor) and production (major) versions.

  • Manage containers and assets custom fields derived from the asset types as well as properties such as name, description and icon.

  • Manage space, container, asset and field permissions including access inheritance following the space and container hierarchy. Manage global space level access to space operations and access to assets.

  • Manage asset types defining asset fields with pre-built asset types for Windows and Linux hosts with different access strategies. Support asset fields includes Checkbox, Choice, Date, File, Number, String, Taxonomy, Text and IP Address.

  • Manage taxonomies as hierarchies of terms with synonyms used to tag assets and build policies. Graphically display taxonomy structure.

  • Query and export system event log

Added initial support for remote endpoint management

  • Support for direct PowerShell (Windows), SSH (Unix) and Groovy (local server) job execution strategies. Support for text and object model results for PowerShell scripts to parse by different parser strategies.

  • Support for RegEx (through unstructured text analytical handler), XSLT parsers processing results returned by the scripts run at the endpoints.

  • Manage script library with customizable PowerShell and Shell scripts as well as with batches executing several scripts through the same connection.

  • Manage parser library with customizable parsers.

  • Manage task execution policies defining when the script is executed on the endpoint including event based triggers as well as a scheduling mechanizm. Inherit task execution policies from the asser types to the individual assets with the option to override the policy on the asset level.

  • Query and export job execution queue with the raw job results returned from the script execution on the endpoint.

Added initial support for user authentication

  • Integration with Microsoft Active Directory as a user directory for authentication and authorization purposes including nested groups membership.

  • Integration with LDAP Servers as a user directory for authentication and authorization purposes including nested groups membership.

  • Integration with Entra ID as a user directory for authentication and authorization purposes including groups membership.

  • Manage space level local user directories. Manage local users and groups including external directories users and groups membership in local groups.

  • Integration with external Identity Providers using SAML protocol for the authentication and authorization purposes optionally utilizing group membership transferred using SAML protocol.

  • Integration with TOTP MFA (such as Google or Microsoft Authenticator).

  • Integration with HOTP MFA using Yubico services.

  • Integration with Duo Security Services as MFA provider.

  • Integration with 3rd party MFA devices over Radius protocol.

  • Integration with the MFA code provided through email.

  • Manage MFA requirements for various groups of users.

  • Manage API Tokens providing access to the application API.

  • Analyse users using the application and manage users MFA preferences.

Added initial support for network micro-segmentation

  • Manage services including ports, port range or process comprising the service

  • Manage micro-segmentation policies defining access to the services on the assets for the selected sources through taxonomy tagging of the asset database.

  • Manage micro-segmentation policies publishing status including disabled, monitoring and published.

  • Manage and query policy versions including draft (minor) and production (major) versions.

  • Manage out of the box micro-segmentation management scripts and parsers for Windows Defender Firewall and Linux IPTables.

  • Query network information collected from the endpoints including: asset status, network interfaces, workloads, connections, and firewall rules. Graphically display asset workloads as well as connections detected on the endpoint.

  • Manage policy enforcement status on the asset endpoint.

  • Manage requests for the temporary access to the asset services in addition to the applied policies.

  • Query connections violation data from the assets in the monitoring state to evaluate the effect of policy enforcement.

Added initial support for the application deployment

  • Support for software deployments on Windows and Linux platforms.

  • Support for internal database deployed during the software installation.

  • Support for external RDBMS: Oracle, MS SQL Server, MySQL and PostgreSQL.

  • Manage multiple tenants with each tenant handled by unique URL and managing its data in the tenant-based backend database.

  • Manage mail server configuration including SMTP and IMAP protocols with Basic and oAuth authentication mechanisms. Manage out of the box email templates.

  • Manage deployment-level SSL certificate to terminate HTTPS traffic.

  • API support for external scripts and software to access each function provided by the application based on the permissions assigned to the access token. Support for API browser with the options to test API functions.

  • Manage software updates including main WEB application and 3rd party components for framework and WEB container.