CloudPassage Halo — 7 August 2013 Release
New Features and Fixes
The 7 August 2013 Release of CloudPassage® Halo® is a minor release that includes expansion of several areas of the Cloudpassage API, plus minor changes in event generation and server-name display.
New "Delete a server" call
The "Servers" API endpoint now supports the Delete server call, which completely removes from Halo the record of the server specified by Halo server ID.
New "Delete a configuration policy" call
The "Configuration Policies" API endpoint now supports the Delete configuration policy call, which completely removes from Halo the record of the configuration policy specified by Halo policy ID.
Additional filtering parameters for "List servers..." calls
In the "Servers" API endpoint, the results returned from the calls List servers, List servers in a specific group, and List servers with a specific user account can be further filtered by server state—"active", "deactivated", and "missing". You can combine the state parameters in a single call. Specifying no state parameters is the same as specifying "active"—only active servers are returned.
Using these parameters allows you to, for example, generate a list of all missing or deactivated servers, in preparation for deleting them with the Delete server call.
Additional filtering parameters for "List events" call
In the "Events" API endpoint, the results returned from the List Events call can now be filtered to include only:
- events of specific event types:
- events occurring within a specific server group:
- events occurring on a specific server:
- events occurring on a certain platform family:
- events having a given criticality:
As before, the results can also be filtered by date range and can be paginated.
Audit event occurs when an account is linked to a master account
When a Halo account is linked to a Halo master account, an audit event is now created and can be searched on the Security Events History page (event type = "Master account linked"). The event is classified as critical and an alert is sent to the account's site administrators.
Audit event occurs when a master account logs into or out of a sub-account
When a master account user logs into, or logs out of, one of the master account's sub-accounts, an audit event is now created and can be searched on the Security Events History page.
The login event is of type "Halo login success"; the logout event is of type "Halo logout". Both events are classified as non-critical and do not trigger an alert. The event text specifies that the user who logged in or out is a master account user.
FQDN used in more places in the Portal and in the API
Several places in the Halo Portal and in the CloudPassage API can now display the internal fully qualified domain name of a server:
- Depending on the setting of the Display Preferences checkbox (under Advanced Settings on the Site Administration page), event messages may identify a server by FQDN instead of host name.
- On the Security Events History page, the Server column in the list of events will display, for events that involve a server, either the server's FQDN or its host name, depending on the setting of the Display Preferences checkbox.
- In the CloudPassage API, the JSON results returned from the List events call now includes, for events that involve a server, the field
reported_fqdn, which displays the fully qualified domain name of the server.
The following issue is among those that remain unresolved as of this release. A suggested workaround is presented.
- Editing file integrity baseline expiration. If you want to change the expiration value when editing or re-baselining an existing baseline, the new expiration date is now calculated from the current date, rather than from the original baseline-creation date. However, if you keep the same setting (number of days) for the expiration value, the re-calculation does not occur and the expiration date remains based on the original creation date.
Workaround: Select a different expiration value and save the baseline. Then re-edit the baseline and specify your desired expiration value.