CloudPassage Halo — 6 February 2014 Release
New Features and Fixes
The 6 February 2014 Release of CloudPassage® Halo® is a minor release that delivers a beta version of Halo software vulnerability scanning on Windows platforms.
Software vulnerability scanning now available on Windows platforms
With this release, Halo's software vulnerability assessment feature—previously available only on Linux platforms—has been extended to Windows. You can now conduct vulnerability scans of servers running Windows Server 2012 or 2008 R2 that have installed Halo Daemons (v. 2.8.2 or greater).
The Halo Portal interface for software vulnerability assessment is now updated to accommodate vulnerability scanning on Windows:
- The "Software" Dashboard page indicates the platform (Windows or Linux) for each listed server.
- The vulnerability scan results page for a Windows server is similar to that for a Linux server, with the addition of a CPE field, which displays the Common Platform Enumeration name for each package, as well as all of its CVEs (Common Vulnerabilities and Exposures).
- Use the Add Exception buttons to create exceptions for any of the reported vulnerable packages, to hide them from future scan results.
- From links at the top of the table, you can generate a PDF report, and you can also manually launch a vulnerability scan.
- Through the View Security Updates link at the top of the table, you can access a page that lists an inventory of all the security updates (patches) that have been applied to the server. For each update, the table lists
- Its "kb" number (kbxxxxxx), the unique ID of the Microsoft Knowledge Base article that describes the update.
- Its installation date (if known).
- A list of the CVEs that the update addresses.
The reported vulnerabilities for Windows servers are based on information provided by the National Institute of Standards and Technology (NIST). Note also that
- Halo updates its working copy of the NIST database on a daily basis.
- Halo minimizes the reporting of false positives by further filtering the NIST results using proprietary information gathered by CloudPassage researchers.
New security event for vulnerabilities
On both Linux and Windows platforms, software vulnerabilities reported in scan results are now also logged as security events. They can be viewed on the Security Events History page of the Halo Portal, using the event type filter "Vulnerable software package found". In the CloudPassage API, the equivalent filter for selecting these events is
This event is classified as a special event, because it is not policy-based and not directly associated with any server group. Therefore, to see these events on the Security Events History page (or to retrieve them though the API), the "Vulnerable software package found" checkbox must be selected in the special events policy assigned to one or more server groups..