Skip to content

Release Notes

Release notes for the update September 29, 2024

Update Version 4.1.202409271713

New Features

Added the option to require approvals of the user requests to access select application functions.

The Request Approval option is useful to implement dual control (four-eyes), peer review principles for critical functions or configuration options, fine grained security for field-, operation-, and time- based access, preventive yet flexible permissions mechanism, and strong auditing with reporting requests reasons.

The Request Approval option includes the following features:

  • Automatic or interactive approvals including multiple consecutive approval levels as well as a select number of alternative authorizers from a group. Selection of authorizers from various integrated user directories such as MS Active Directory, Entra ID, LDAP-based directory, or local directory)

  • Function restriction.

  • User or group based approval requirements for the principals from various integrated user directories.

  • Time of the day, day of the week or day of the month based approval requirements.

  • Alternative approval forms selection when submitting action requests for approval.

  • Inheritance of the approval requirements down the container hierarchy with the option to override or to enhance the parent-level configuration.

  • My Requests report to display action requests made by the current user. The screen allows request owners to review the requests including request approval process as well as to complete approved requests before their expiration time, and to delete active requests that are not yet approved by any authorizer.

  • Approver List report to display action requests the current user can approve. The screen allows authorizers to review the request including request approval process as well as to approve or to reject an active request while providing a reason for the rejection.

  • Action Request report to display all action requests made in the current space a space auditor can review. The screen allows auditors and administrators to review the request including request approval process as well as to complete approved requests before their expiration time.

Added the option to require approval process for the following space-level operations

  • Manage Space Permissions.

  • Manage Microsegmentation Policy.

Added the option to require approval process for the following asset-level operations

  • Request Service Access.

  • Manage Asset Permissions.

  • Manage Asset.

Security

  • Updated REST API browser GUI to the latest version 5.17.14

  • Updated CSV processor to the last version.

  • Updated client-side dependency components to the latest versions.

Bug Fixes

  • Fixed the issue with a user with a non-global role accessing asset database.

  • Fixed the issue with the locked installation directory during application update on Windows computers.

  • Fixed the issue with the red color of the error messages on the context help dialogue

  • Fixed the issue with the wrong position of the refresh button on the jobs report screen.

  • Fixed the issue with context help text description for the alias configuration management.

  • Fixed the issue with the color of a custom checkbox field on the edit asset screen.

Release notes for the update September 22, 2024

Update Version 4.1.202409202108

Security

  • Updated WEB container to the latest version 10.1.30

  • Updated Native Access component to the latest version.

  • Updated HTTP Communication component to the latest version.

  • Updated client-side dependency components to the latest versions.

Bug Fixes

  • Fixed the issue with asset view screen opened for the space root asset.

  • Fixed the issue with the updating space root container.

  • Added trace logging when collecting data from remote host.

Release notes for the update September 15, 2024

Update Version 4.1.202409131407

Extensions

  • Added support for displaying connections graph for summary connections.

Security

  • Updated WEB container to the latest version 10.1.29

  • Updated application logger component to the latest version.

  • Updated internal scripting Groovy library to the latest version.

  • Updated HTTP Communication component to the latest version.

Bug Fixes

  • Fixed the issue with loosing active connection status when aggregating connections.

  • Added debug trace information to troubleshoot connection aggregation.

  • Fixed the issue with the icon on the remove tagging condition button.

  • Fixed the issue with the incorrect label for reading on the mass delete buttons on several screens.

  • Added location information about application error messages in in the log file.

  • Added trace logging when collecting data from remote host.

Release notes for the update September 8, 2024

Update Version 4.1.202409061622

Extensions

  • Added support for the summary asset connection tabulated report that aggregates connections to the same port from multiple different high-numbered ports with the count of connections to simplify the view of the connections on the asset endpoint.

  • Added the option to regenerate Summary Connections report from the already collected raw connections data from the endpoint instead of accumulating the summary during new collections.

Bug Fixes

  • Fixed the issue with API Tokens management in the base tenants.

  • Fixed the issue with accessing OpenAPI GUI with the token generated for different user as the WEB GUI opened in the other tab of the same browser.

  • Fixed the issue with refresh token even if present intefering with the API token verification.

  • Fixed the issue with spelling RADIUS protocol in the application GUI.

  • Added debug trace information to troubleshoot rules generation and deletion.

  • Fixed the authentication issue when navigating to the asset tenant from the base tenant tenant list.

Release notes for the update September 1, 2024

Update Version 4.1.202408301921

New Features

Added the option to mass tag assets

The option to Mass Tag assets allows users to identify several assets on the asset list screen and assign multiple terms to the chosen taxonomy field of each selected asset.

The option also allows to mass enhance metadata of the selected assets by enabling Intelligent Tagging option on the mass tagging screen. The option generates new terms for each asset based on the individual asset metadata, field values or data collected from the asset endpoint based on the currently enabled Intelligent Tagging rules.

Mass Tagging

The option simplifies the process of assigning tags to the assets for the purpose of microsegmentation policy management.

Added the option to mass un-tag assets

The option to Mass Un-tag assets allows users to identify several assets on the asset list screen and remove multiple terms from the chosen taxonomy field of each selected asset.

Added the option to import assets from MS Active Directory.

The option to import assets from Microsoft Active Directory allows to query enabled and verified Active Directory connection for the domain computers to import into selected container in the asset database.

The option assigns Asset Type and Shadow Asset configured for the import process to each imported asset.

Import query is given in the LDAP Query Language and allows to select devices based on various fields from the MS Active Directory such as OS name, version, last use or host name.

AD Import

The option allows to quickly load assets including enhanced metadata, tags and connectivity option to the asset database from the well known source.

Added Intelligent Tagging support during asset import.

The option to use Intelligent Tagging during the import process allows to enhance asset taxonomy fields during the import process with the terms suggested by the Intelligent Tagging mechanizm based on the asset known metadata, field values and location in the asset database.

The option allows to mass load assets to the asset database ready to use by configured microsegmentation policies. The option is useful for the initial data load as much as for the addition of new assets into the configured and working system.

Security

  • Updated WEB page rendering infrastructure component to the latest version.

  • Updated IP Address utility module to the latest version.

  • Updated OpenAPI REST API documentation component to the latest version.

  • Updated string utilities component to the latest version.

Extensions

  • Added the option to Apply Policies from the asset list asset context menu.

  • Added support for the scripts executions to use connection parameters from the Shadow asset member when the defined task Run As asset does not include these parameters.

  • Added asset description to all asset selection controls (such as Member or Base Asset on the Asset Editing screen, Reference Asset on the Import from LDAP screen) to simplify identification of the similar named assets during selection.

Bug Fixes

  • Added debug trace information to troubleshoot asset policy enforcement enabling for the package com.otna.runner.handler.SwitchToPoliciesJobFlowHandler.

  • Fixed the issue with the Asset Viewer role for the container should be able to browse the container for the assets it has permissions to

  • Fixed the issue with missing menu items for Enforce Policies, Restore Original as well as Request Service in the asset list context menu for the asset.

  • Fixed the issue with the language translation of Complete status of the jobs on the Jobs Report.

  • Added the description for the options of the Source to the tagging rules context help menu.

  • Fixed the issue with formatting of the context help menu about member assets on the asset view screen.

  • Fixed the issue with Tagging Rule criteria predicate selection from different conditions interfered with each other.

  • Fixed the issue with failure to save the Tagging Rule invalidated the rule editing form.

  • Fixed the issue with navigating to the application using unterminated by slash URL directly to the valid tenant and space.

Release notes for the update August 25, 2024

Update Version 4.1.202408232020

New Features

Added Intelligent Tagging Option

Intelligent tagging is a process of either suggesting or assigning tags to an asset based on the asset characteristics. Intelligent tagging rule is a configuration that assigns terms to an asset based on the asset metadata, field values or data collected from the asset endpoint. Intelligent tagging is triggered at the various stages of the asset lifecycle such as asset creation, updating, bulk tagging or importing.

Intelligent tagging is a useful tool to automatically assign terms to assets based on the known data. Intelligent tagging rules could be created to follow naming conventions used in the organization, IP locations of the groups of endpoints, device vendor or version information.

Intelligent Tagging Rule

New terms suggestions are initiated from the screens to create or edit an asset using the Intelligent Tagging option located in front of the relevant Taxonomy field. Intelligent tagging action automatically populates the taxonomy field with the new term suggestions and pops up an information message referencing the intelligent tagging rules generating suggested terms.

Asset Intelligent Tagging

Security

  • Updated MS SQL and PostgreSQL drivers to the latest versions.

Extensions

  • Added API Manager, Intelligent Tagging Manager and Task Manager space level roles to granularly control access to the space actions.

  • Added version number on the policy history report.

  • Added the option to reconnect the import entry with the existing asset during the import process. When reconnecting, the import process updates the existing asset with the imported data and reuses the resulting asset in the further import.

  • Added default setting for the asset permissions screen.

  • Added asset path to the list of the asset permissions as well as to the create or edit asset permission screens.

Bug Fixes

  • Fixed the issue with the access to the asset actions for the user with the asset-level roles.

  • Fixed the issue with the access to the configuration, management and asset actions for the users with various space level roles.

  • Fixed the issue with deleting various configuration, management and asset objects from the system.

  • Fixed the issue with the group name to appear in the warning message about deleting a group.

  • Fixed the issue with the Add button available on the policy history screen.

  • Fixed the issue with space name on the policy history report.

  • Fixed the issue with deleting spaces.

  • Fixed the issue with saving new parser after specifying only parser name without any other field.

  • Improved troubleshooting errors about failure to apply policy job execution.

  • Updated test tenant database connection action icon.

  • Fixed the issue with the members user directory display on the local groups screen.

  • Fixed the issue with the container level asset or container creator implies the permission to view the container.

  • Fixed the issue with inheriting asset permissions from the root parent.

Release notes for the update August, 18 2024

Update Version 4.1.202408161841

New Features

Added the option to manage logger configuration

Logger is a system module that sends information about system events (such as creating an asset) to the external media in the Common Events Format (CEF).

The system supports the following loggers types:

  • Console - Console Logger prints events on the system console when the application is run from the command line. When the application is run on the Linux platforms the events printed on the console are captured in the catalina.out file in the $HOME/web/logs folders.

  • File - File logger prints events in the specified file. File logger supports log file archiving based on several conditions as well as deletion of the old archives.

  • Syslog - Syslog logger streams log records over the network to syslog servers using UDP or TCP protocols.

All loggers support event filtering by tenant or message search conditions.

Logger configuration allows to customize message patterns, metadata sent with the message, file naming pattern and file rotation schedule.

Typical uses of the logger configuration are outlined below:

  • Stream all system events (or events generated by certain tenants) to the external SIEM system.

  • Change location of the log file to the location outside of the installation $HOME directory.

  • Segregate events generated by certain tenants into separate files or separate syslog servers.

  • Enable debug or trace logging for certain modules of the system to troubleshoot certain functionality.

Added the option to deep delete an asset.

Deep delete operation deletes this container and all its child objects in a single operation.

When deep deleting the assets, the operation deletes this selected object and all its links to parent objects as well as the object itself in a single operation. The action cannot be undone.

Security

  • Updated the logging infrastructure, PDF generation, dynamic WEB page rendering, WEB GUI infrastructure, and database access modules to the latest version.

  • Updated the application framework (Windows, Linux on X64 and ARM architectures) to the latest version 21.0.4+7 LTS.

Extensions

  • Added a link to the view import entries screen from the import name of the list of the imports.

Bug Fixes

  • Fixed the issue with the file deletion pattern in the default logger configuration.

  • Fixed the issue with updating the application on Linux platforms in case the update includes updates of external libraries.

  • Fixed the word spelling on multiple context help popups.

  • Fixed the issue with missing chart on the asset workload report in certain conditions.

  • Fixed the issue with deleting the asset added using the import process.

  • Fixed the issue with creating the asset that includes a base asset.

  • Fixed the issue with creating the asset that includes a base account of the same type as the asset itself.

  • Fixed the issue with the link to the imported asset in the details view of the list of the import entries.

  • Fixed the issue with missing context help entries on the Container Import screen.

  • Fixed the issue with importing asset members.

  • Fixed the issue with pasting assets into the root container.

  • Fixed the issue with displaying the non-editable status for the MFA rules inherited from the parent spaces.

  • Fixed the issue with mass operations available for the MFA Rules inherited from the parent spaces.

  • Fixed the issue with asset viewer cannot open an asset for the view.

Release notes for the update August, 11 2024

Update Version 4.1.202408091846

New Features

Updated Cryptographic Module to Bouncy Castle FIPS 2.0.7

Cryptographic module performs encryption and hashing functions to secure both at-rest and in-motion data handled by the system. FIPS is a Federal Government Information Processing standard that mandates cryptography algorithms used by the system functions as well as the strength, the format and the storage requirements for the cryptographic keys generated and used by the system.

As of July, 29 2024, Bouncy Castle FIPS version 2 has been approved by the Federal Government for its latest version of FIPS 140-3 standard.

https://csrc.nist.gov/projects/cryptographic-module-validation-program/Certificate/4743

Cryptography module version is displayed on the My Profile / About screen.

FIPS2

Added the option to restore old asset version.

The Restore action is available for each historical version of the asset but the last one on the Asset History report. When executed, it adds a new version to the asset history with the field values and the asset metadata of the selected version.

Added the option to restore old segmentation policy version.

The Restore action is available for each historical version of the policy but the last one on the Policy History report. When executed, it adds a new version to the policy history with the policy parameters and metadata of the selected version.

Security

  • Updated WEB Container version to the last one 10.1.28

  • Updated REST API, SSH remote connectivity, part of the logging infrastructure, string processing modules to the latest version.

  • Updated MS SQL and Oracle drivers to the latest versions.

Extensions

  • Added the option to delete backed up firewall rules from the asset database.

  • Added the option to demote a last major version of the asset to the previous minor version.

  • Added the option to demote last promoted version of the segmentation policy back to its previous minor version.

  • Renamed Cryptographic Module label on the About screen.

  • Added keyboard shortcut to save local group.

Bug Fixes

  • Fixed the issue with duplicate publishing of backed up firewall rules when restoring asset to original state.

  • Fixed the issue with updating cached user email when modifying it on the Local User or My Profile editing screens.

  • Fixed the issue with failing a mass operation for one of the selected entries failed to complete the same operation for other entries.

  • Fixed the issue with displaying SMTP Servers on the Mail MFA list and editing form.

  • Removed IMAP configuration page for now from the navigation menu until the further use of IMAP in the system.

  • Fixed the issue with configuring and using Yubikey access.

  • Fixed the issue with interchanged OTP and HOTP indicators on the users report.

  • Fixed the issue with the action menu to reset MFA tokens on the Users report should only be available to the space administrators.

  • Fixed the issue with creating and editing local groups.

  • Fixed the issue with removing members from local groups.

  • Fixed the issue with broken event log message about adding a user from external directory to the local group.

  • Fixed the issue with transparent checkbox switch on Local User, API token, Type Field, Local Directory, Templates, Aliases, Duo Security, Radius MFA and TOTP MFA editin screens.

  • Fixed the issue with missing Add asset button in the subspaces.

  • Fixed the note wording on the first tenant creation screen after deployment.

  • Fixed the issue with error message displayed after failure to delete asset type.

  • Fixed the issue with renaming a space left access to the space with the old name until the application restart.

Release notes for the update August, 4 2024

Update Version 4.1.202408022057

New Features

Added service selection dialogue

Added the option to select a network service from the list of entries on policy editing and service request screens. Service selection screens visualizes services configured in the system to simplify the selection.

Note the alternative method to select services by typing service name or a port to the service field.

Service Selector

Added access protection check before enabling asset enforcement.

Added a check that allows management server to access the asset enabling enforcement of firewall rules. Management server access is a default out of the box policy that has to be published on the asset before enforcing the policies to allow management server to still access the asset for the further configuration.

When the management server access policy is not published to the asset, the job that enables the enforcement fails with the corresponding message in the job report.

Enable Aborted

Extensions

  • Added job status Failover (Delayed) to indicate that the job is delayed because some other job already runs on the endpoint.

  • Added asset level statuses report displaying infrastructure information collected from the selected endpoint.

Asset Status

  • Added navigation option to the asset from the asset path on the task editing screen

  • Added context help for the job exit code column.

  • Added the time of the next job execution to the details section of the jobs report.

Job Next Run

  • Added navigation link to the asset view screen from the asset path control of the asset level connection and workloads report.

  • Added refresh button to workloads, interfaces, connections, firewall, events, asset history, net statuses reports.

Bug Fixes

  • Fixed the issue with automatic publishing of newly generated rules to the affected endpoints after applying policies to the modified assets acting as sources for these endpoints.

  • Fixed the issue with Restore the Original action handler applying different logic to the endpoint as compare with Enabling Enforcement action.

  • Fixed the issue with language translations to the job statuses.

  • Fixed the issue with the Enable Enforcement and Restore Original actions applied to the Windows endpoints use the segmentation loginc through the action handler instead of the single script executed on the endpoint.

  • Fixed the issue with periodic scheduled task executions used the same original job record as a collector of job results as well as the record about the job execution. Added the logic that creates new job object for each consecutive execution of the periodic scheduled task.

  • Fixed the issue with defaulting seconds and minutes section of the newly created schedule in the schedule builder to the randomly selected second of a randomly selected minute of each hour.

  • Fixed the issue with enabling save button on the task editing form after modifying the schedule using schedule builder screen.

  • Fixed the issue with the empty message when deleting an API Token with no description.

  • Fixed the issue with re-ordering the list of displayed entities for many reports and lists in response to refresh action.

  • Fixed the issue with selection indicator position on the icon selection component as well as on the application customizer screen.

  • Improved failed jobs error message about connecting to the unreachable endpoints.

  • Fixed the issue with login to the system in the case of configured broken integration with external user directory.

  • Fixed the issue with authenticating to external LDAP directory during the login process.

  • Fixed the error message when accessing My Profile / Account page with the external user directory account.

  • Fixed the issue when host detected firewall rules were deleted even if enforce policy aborted during execution.

  • Fixed the visibility of the checkboxes on the LDAP, SAML, SMTP, and Entra ID editing screens.

  • Fixed the issue with generic error message in response to failed LDAP test.

  • Fixed the issue with occasional error during periodic internal cache clean up.

  • Fixed the issue with connecting to LDAP servers with SSL Certificates not including the ldap server name in their subjects using Linux deployments.

  • Improved troubleshooting message about errors running tenant maintenance process by indicating the name of the tenant.

  • Fixed the issue with inability to login with EntraID user or a user from LDAP or EntraID group after assigning permission to this principal

  • Fixed the issue with the context help for the Name field on the SAML editing screen.

  • Fixed the issue with the keyboard shortcut button to save SAML, SMTP and LDAP configurations.

  • Fixed the issue with creating new SAML configuration.

  • Fixed the issue with too frequent logout events in the event log.

  • Fixed the issue with creating second SAML configuration filled default values with the previous configuration.

  • Fixed the ${dynamic} issuer resolution to include tenant and root space to simplify SAML integrations.

  • Fixed the issue with an inappropriate error message after successful send of the test email on the SMTP configuration.

  • Improved the error message about sending Mail MFA notification.

  • Fixed the issue with the timestamp formatting for SSO requests generated from different environments.

Release notes for the update July, 28 2024

Update Version 4.1.202407262237

New Features

Added Reports button to the Asset View screen.

Asset Reports selection include Asset History, Events, Job reports as well as asset level Network Connections, Workloads and Firewall reports.

Asset View - Reports

The update also adds a link to the asset view screen from asset-related reports as a part of the screen breadcrumbs as well as the asset path.

Access to these reports on the asset level still accessible through the actions menu item in the list view.

Added Manage button to the Asset View screen.

Manage Asset selection include actions to edit, promote major, view task list, apply policieis, enforce policies, restore original and request service.

Access to these management actions on the asset level still accessible through the actions menu item in the list view.

Asset View - Manage

Added debug logging information about detection of connection violations

With enabled debug level the violation detection logic adds the internal data to the asset event log for the further review.

Violation Detection Debug

Extensions

  • Added the option to display jobs report for the selected asset.

  • Added asset level events report

  • Updated default filter for the asset connections report to Active connections

  • Added the option to the Asset Manage menu to apply all related policies to the selected asset without the need to create new asset version. This option might become a debugging tool available under the debug mode.

  • Added the option to navigate taxonomy and term hierarchy by clicking on the term or taxonomy name in the list.

Term Navigation

Bug Fixes

  • Fixed the Copyright vendor name in the application deployment scripts on Windows

  • Updated Copyright wording on the About page

  • Updated offline installer to remove QA related setup files

  • Fixed the issue with over-reporting field decryption event in the event log for the internal operations.

  • Fixed the issue with deleting an asset that has related service requests and jobs referencing firewall rules

  • Fixed the issue with missing asset header in the asset events report

  • Fixed asset level title for the jobs and events report

  • Fixed the issue with creating new user or new group kept add new form populated with the fields of the previously created user or group.

  • Fixed the issue with content part of the application disappeared under the left navigation sidebar after browser refresh.

  • Fixed the issue with applying policies to to the asset used as a source of the same asset that lead to the circular policy application after reading firewall rules on the asset.

  • Fixed the spelling mistake in the Linux Status script description

  • Fixed the issue with alphabetizing the tasks under the asset's Execute dropdown menu

  • Fixed the issue with too narrow dropdown menu for the tasks under the asset's Execute dropdown menu

  • Fixed the issue with navigating to a term on the term selection screen by clicking only to the term name to demonstrate the navigation path.

  • Fixed the issue with the term copy failed on Paste operation from the term actions menu.

  • Fixed the issue with missing row separators on the taxonomy term browser.

  • Fixed the issue with deleting policies that have collected connections and firewall rules.

  • Fixed the issue with deleting API tokens.

  • Fixed the issue with default token expiration date set in the past.

  • Fixed the issues with using MS SQL Server as a backend tenant database.

MS SQL Server

  • Fixed the issues with using MySQL as a backend tenant database.

MySQL

  • Fixed the issues with using PostgreSQL as a backend tenant database.

MySQL