CloudPassage Halo — 29 July 2013 Release
New Features and Fixes
The 29 July 2013 Release of CloudPassage® Halo® is a minor release that marks the GA (General Availability) release of configuration security monitoring for Windows, adds enhancements to several areas of the CloudPassage API, improves the handling and display of file-integrity scans and baselines, and gives flexibility to the display of server names in the Portal.
General Availability of Windows CSM
Configuration security monitoring for Windows was introduced as a beta feature in the Late March 2013 release of CloudPassage Halo. Since that time, continuous improvements have been added to the feature, based on continued QA testing, customer field experience, and detailed feedback from our beta program participants. With this release, Windows configuration scanning is now a full-fledged GA feature of Halo.
As building blocks for your configuration policies, Halo provides Windows-specific configuration checks that you can use to create a wide range of policy rules for checking configuration settings, security-policy setting, user rights, and audit-policy settings. You can check for the presence of files and services, and you can verify the existence and configuration settings of any number of Windows registry keys.
Halo also provides policy templates (currently still in beta-testing) for both Windows Server 2008 and 2012 that you can use out-of-the-box to protect your Windows infrastructure, or customize to further tailor the protection to your specific cloud configurations.
API improvements for FIM, SCM, SVA, server info
The ongoing CloudPassage efforts to extend and enhance the API offerings for our developer customers has resulted in the following added or enhanced calls in this release:
- List baseline details. This newly documented call in the "File Integrity Baselines" endpoint returns additional information beyond what the Show a single baseline call returns. In particular, you can use it to obtain the signatures and permissions of all target objects processed in the baseline scan.
- List server configuration scan results. This newly documented call in the "Server Scans" endpoint returns all of the results (rule failures, indeterminates, and rule passes) from a server's most recent configuration scan.
- List server vulnerability scan results. This newly documented call in the "Server Scans" endpoint returns a complete list of the software packages analyzed during a server's most recent vulnerability scan, and lists for each vulnerable package the CVE's that it contains.
- Show a single server. This call in the "Servers" endpoint now returns additional information about the server operating system, including kernel name, platform, platform version, OS_version, and kernel_machine.
Note: The same O.S. information has also been added to the Server Summary page in the Halo Portal.
Clarified limits and improved visibility for FIM
This release includes the following changes to file integrity monitoring functionality and visibility:
- A baseline can contain up to 10,000 objects. As of this release, a baseline scan that would have returned more than 10,000 objects is invalidated and cannot be used for file integrity scans. To keep your baselines from exceeding this limit, you should reduce the effective number of target objects in your policy.
- A scan can examine up to 10,000 objects. A file-integrity scan that would have returned more than 10,000 objects on a server now fails, and no data is returned from the scan. To keep your scan results from exceeding this limit, you should reduce the effective number of target objects in your policy.
- Baselines display moved to top of page. In the Halo Portal, the Baselines portion of the File Integrity Policy page now displays above the Target(s) portion, reducing the need to scroll the page down to view your baselines.
Portal can display either host name or FQDN for servers
If you are a Halo site administrator, Halo now allows you to set a display preference for server names in the Portal. By default, the Portal displays a server's host name (node name) only; but you can choose to display the internal fully qualified domain name (FQDN) instead. In the Halo Portal, the Server Details page displays it as Reported FQDN.
To enable FQDN display, navigate to [Site administrator menu] > Site Administration > Advanced Settings > Display Preferences, and select the Show server's reported FQDN in dashboard checkbox.
Note: If a fully-qualified name is too long to fit in the available space, the Portal truncates it internally with ellipses.
Server search in Halo Portal is now case-insensitive
If you search for server "MyServer", Halo will return any server named "MyServer", "myserver", "mYsERVER", and so on.
The following issue is among those that remain unresolved as of this release. A suggested workaround is presented.
- Editing file integrity baseline expiration. If you want to change the expiration value when editing or re-baselining an existing baseline, the new expiration date is now calculated from the current date, rather than from the original baseline-creation date. However, if you keep the same setting (number of days) for the expiration value, the re-calculation does not occur and the expiration date remains based on the original creation date.
Workaround: Select a different expiration value and save the baseline. Then re-edit the baseline and specify your desired expiration value.