CloudPassage Halo — 1 November 2012 Release
New Features and Fixes
The 1 November 2012 Release of CloudPassage® Halo® is a minor release that introduces significant functionality changes to Halo API keys and API authentication, additions to the CloudPassage API, a new Support Resources page in the Halo Portal, and other user experience enhancements and functional improvements.
Token-Based API Authentication
The authentication process for calls made to the CloudPassage API with the new API keys has changed for enhanced security. When you access the API you no longer need to pass your API Key with every API call you make. Instead, do this for every session:
- Establish a connection to the CloudPassage API.
- Make a POST request to authenticate to the API. Supply your key ID and secret key value.
- Retrieve the access token returned to you by Halo. The token is valid for 15 min, after which it expires.
- Supply that token, rather than your API Key, with each call you make to the API.
This process minimizes the transmission of secret keys.
For details on using this new method, see Call Authentication in the CloudPassage API Programmer Guide.
Read-Only and User-Generated API Keys
The way that API keys work in Halo has changed significantly. In brief:
- A new kind of key, with read-only permissions on the API, is available. A read-only key can retrieve Halo information using the API, but it cannot make changes to any stored Halo data.
For example, applications that use the Halo Event Retrieval API (see New Event Retrieval API) should use a read-only key, since that key allows only GET requests from the API.
- Instead of CloudPassage assigning each account a single API key, an account initially has no API keys. Users that are site administrators for that account can generate API keys as needed.
For example, a site administrator might generate a separate API key for each application that accesses the API.
- Each account's current set of keys is displayed on the API Keystab of the Site Administration page in the Halo Portal.
- To create a new API key, click Add New Key, then enter a name for the key and specify its permission level (full-access or read-only). The key's 8-character ID and secret key value are generated by the system, and the key appears in the list on the API Keys tab.
Note: Every time a secret key is generated, the action is logged and the user who created the key is identified.
- To edit a key in the list, click its name. You can change the key's name and permission level (full-access or read-only), and you can activate or deactivate it.
- To view the secret key value, click Show on the Edit API Key popup window or in the key's line on the API Keystab.
You'll need to copy the key's secret value from this window and use it to obtain an API token, which allows you to access the CloudPassage API (see Token-Based API Authentication).
Note: Every time a secret key is viewed, the action is logged and the user who viewed the key is identified.
- On the API Keys tab, use the Actions drop-down menu for a given key to either edit or delete the key.
Note: Every time an API key is deleted, the action is logged and the user who deleted the key is identified.
Other notable changes to the API Keys tab:
- If you are an existing Halo customer, your original API Key still appears on this page, but in a separate section and labeled Legacy API Key. You can continue to use your legacy key during a transitional period that will end in December 2012.
CloudPassage recommends that you immediately start migrating your existing scripts and programs to the new process.
- The Daemon Registration Key that has appeared on the API Keys tab is now moved to a new Daemon Settings tab on the Site Administration page (see Daemon Settings tab added to Site Administration page).
New Event Retrieval API (Beta)
The CloudPassage API has been extended to support retrieval of event information for purposes of making Halo events available for reporting, SIEM, or GRC purposes. This new feature is currently in beta release, and does not require you to enable beta features in the Halo Portal.
Your script or application can request a list of events from Halo by making an HTTP GET request to the CloudPassage API. For example:
In the request, you can include one or two filters, defining the beginning ("since") and/or end ("until") of the time range of events to include. If you do not include a filter, Halo returns you all events. Your application might do this for the first request, and then, in each future request, include a "since" filter with the time of the previous request.
For details of the attributes returned with each type of supported event, see Events in the CloudPassage API Programmer Guide.
Pagination of results:
The results returned by the Event API are paginated, by default with 10 events per page. You can change the page size, and you can request pages in order until you have received all results. See Pagination in the CloudPassage API Programmer Guide for more details.
New Support Resources Page in Halo Portal
The Support Resources page in the Halo Portal has been completely redesigned and simplified for this release. It has also been converted from a Portal page into a popup window.
You can access the page by navigating to Support > Support Resources, or by clicking the Docs & Support link above the Portal menu bar. The popup opens over the current Portal page.
The popup shows two boxed areas, Documentation and Support Forums and New Support Request. (Customers with Basic subscriptions see only Documentation and Support Forums.)
Under Documentation and Support Forums, you can choose to either search or browse through Halo product documentation or other forums (such as "Frequently Asked Questions" and "Tips and Tricks") on the CloudPassage Customer Support site.
If you click one of the Browse... links, a Forums page opens in a separate window or tab. If you enter a search term and click Search, Halo looks for your term in all of the forums, then expands the Support Resources page downward to display the top results:
Click the title of one of the results to open that document in a separate window or tab. Click See all N resultsto open the CloudPassage Forums search results page in a separate window or tab, showing all results from your search.
For customers with a paid subscription, a New Support Request box appears to the right of Document and Support Forums. If you click the File a Support Request link, the New Support Request dialog box appears in place of the Support Resources popup.
Support for Windows Server 2012
Windows Server 2012 has been added to the set of platforms on which Halo is supported. To run Halo on Windows Server 2012, you must have Windows Halo Daemon version 2.5.6 installed.
Other Features and Fixes
Daemon Settings tab added to Site Administration page
The Site Administration page in the the Halo Portal now includes a tab entitled Daemon Settings. The tab brings together the following Daemon-related information previously displayed elsewhere in the Portal:
- Daemon Registration Key (previously displayed on the API Keys tab)
- Daemon Heartbeat setting (previously displayed on the Advanced Settings tab)
- Daemon Self-Verification Settings (previously displayed on its own page, accessed at
Settings > Daemon Self-Verification)
Note: The previous Daemon self-verification page included a list of Halo users that would receive alerts if the self-verification failed. That list does not appear on the Daemon Settings tab. The preferred process for specifying those users is to create a special-events policy that alerts on Daemon compromise; those alerts will go to users on the alert profiles assigned to the server groups that the special-events policy is assigned to.
All documentation now accessed through forums
The updated Support Resources page in the Portal no longer includes links to Halo documentation. All product documents and also the API Programmer Guide are available to the public from the Documentation forums on the CloudPassage Support site.
Daemon installation script now easier to copy-paste
On the Linux Daemon installation page in the Halo Portal, the installation script is now displayed whole in one large field, instead of broken up into individual lines in fields separated by on-screen instructions. This makes it more convenient for a user to copy the whole script and execute it at once.
Improved matching algorithm for Process Presence check
The Process Presence check uses a new matching algorithm that better identifies certain processes (such as
rsyslogd) on certain Linux platforms.