• 6.6.9 Product Update 2020-03-18

    • New

      • We added a new Center for Internet Security (CIS) policy that provides coverage for MIT Kerberos.
      • We added a new Center for Internet Security (CIS) policy that provides coverage for Mozilla Firefox 24 ESR.
      • We added a new Defense Information Systems Agency (DISA) policy that provides a STIG benchmark for Microsoft Windows Server 2019.

      Improvements

      • Cloud Configuration Assessment now features enhanced remediation content. Navigate to the detail view of any finding to see improved proof information and any available remediation scripts.
      • Defense Information Systems Agency (DISA) Policy Content - We updated the following existing DISA benchmarks:
        • Microsoft Windows 2008 R2 MS STIG Benchmark - Ver 1, Rel 34
        • Red Hat Enterprise Linux 7 STIG Benchmark - Ver 2, Rel 6
        • Microsoft Windows 2008 DC STIG Benchmark - Ver 6, Rel 45
        • Microsoft Windows 2008 MS STIG Benchmark - Ver 6, Rel 45
        • Microsoft Windows 10 STIG Benchmark - Ver 1, Rel 17
        • Microsoft Windows Server 2016 STIG Benchmark - Ver 1, Rel 12

      Fixes

      • We fixed the reporting of discovery dates for vulnerabilities found on assets. This fix addresses vulnerability discovery date inaccuracies that could appear in the "Newly Discovered Vulnerabilities by Total Risk Score" dashboard card. Note that you must rescan or reassess affected assets before vulnerability discovery dates report correctly. In accordance with this fix, we also updated the Dimensional Data Warehouse model to report the correct vulnerability discovery date in the following tables:
        • fact_asset_vulnerability_instance
        • fact_asset_vulnerability_finding
        • fact_vulnerability
      • We fixed an issue affecting our ServiceNow Security Operations integration API where users were unable to import over 10,000 assets when the search query filtered results based on tags.
      • We fixed the description of the date column for the fact_asset_vulnerability_instance table in our Dimensional Data Warehouse documentation. This description now reads "The time at which the vulnerability instance was first found on the asset".
      • AWS Asset Sync discovery connections will no longer shut down when the connection cannot associate a private IP address with an EC2 instance included in the connection scope.
      • We fixed an issue with our Center for Internet Security (CIS) Oracle Solaris 11 policy that could produce a false positive for rule 2.8.
      • We fixed several false positives related to cumulative macOS Security Updates.