CloudPassage Halo — 5 May 2015 Release
The 5 May 2015 Release of CloudPassage® Halo® includes increased capacity for file integrity scans and baselines, improvements to the Process Presence configuration check, improved processing of IP zones with many addresses, and other minor improvements and fixes.
New Features and Improvements
File Integrity Monitoring
FIM supports scans and baselines of up to 20,000 objects
File Integrity Monitoring now has the capacity to analyze up to 20,000 target objects per server per scan. This means also that you can create file integrity baselines that contain up to 20,000 object signatures with their associated metadata.
In the case of a catastrophic scan in which very large numbers of files fail, Halo will return a maximum of 10,000 failed objects, even if more than 10,000 target objects have failed.
Ability to unretire FIM policies restored
In recent Halo releases, it has not been possible to unretire a file integrity policy through the Halo portal; the "Unretire" action has been missing from the Actions drop-down for individual policies listed on the Retired File Integrity Policies page.
As of this release, the "Unretire" action has been restored and is functional.
Improved process-name handling for Process Presence check
In Configuration Security Monitoring, the Process Presence rule check now accepts process names that start with a number.
Corrected handling of Windows IP zones with large numbers of addresses
Previously on Windows platforms, IP zones that contained several thousand IP addresses were not processed correctly by Halo - this release fixes this issue. Additionally, Halo no longer includes a list of all the IP addresses and CIDR blocks that an IP zone contains when it displays the zone's name.
Please note that the following features may soon be removed from Halo. Please plan to modify any code or procedures that depend on them.
- FIM option to generate a separate event for every changed object. On the Edit File Integrity Policy page of the Halo portal, the checkbox allowing this (unrecommended) option will be removed. Scans will always group all changes to a given policy-defined target on a given server into a single event.
Expected removal date: Q2 2015.
The following issues are among those that remain unresolved as of this release. Any known workarounds are described.
- Editing file integrity baseline expiration. If you want to change the expiration value when editing or re-baselining an existing baseline, the new expiration date is now calculated from the current date, rather than from the original baseline-creation date. However, if you keep the same setting (number of days) for the expiration value, the re-calculation does not occur and the expiration date remains based on the original creation date.
Workaround: Select a different expiration value and save the baseline. Then re-edit the baseline and specify your desired expiration value.