CloudPassage Halo — 18 May 2015 Release
The 18 May 2015 Release of CloudPassage® Halo® includes the addition of CVSS scores to vulnerability scan results and events; improved workflow for assigning file integrity policies and baselines; and other enhancements and fixes.
New Features and Improvements
Software Vulnerability Assessment
CVSS score now included in vulnerability findings and events
- In the Server Scans endpoint of the Halo REST API, the
cve_entriesarray of the "vulnerability scan findings" object now contains another subfield:
cvss_score. That subfield holds the NIST-assigned CVSS score for each CVE specified in
cvss_scorevalue can appear in results returned from the List server vulnerability scan results method of the Server Scans endpoint, the List server issues method of the Servers endpoint, and the Get scan details method of the Scan History endpoint.
- The event message for the "vullnerable_package_found" event (defined in the Events endpoint of the Halo REST API) now also includes the
Note: Vulnerabilities for which NIST has not defined a CVSS score are assigned a score of 10.0, per the NIST convention.
File Integrity Monitoring
File Integrity Monitoring supports assigning baselines after assigning a policy
Previously, if you assigned a file integrity policy to a server group before assigning any baselines to the policy, scans for that group would fail to run, even if you later created and assigned baselines. You would have to re-assign the policy before Halo would recognize its baselines.
The issue has been fixed, and you can now assign policies and baselines in either order.
"Enable Beta Features" removed from site administration
On the Halo portal's Site Administration page, The Enable Halo Beta Features option has been removed from the Advanced Settings tab. The setting is not needed because there are currently no hidden beta features that can be enabled in this manner.
Updated warning on Windows firewall policy editor
In creating or editing a Windows firewall policy, it has been possible for a user to inadvertently block all outgoing connections, which would prevent the Halo agent from contacting the Halo analytics engine.
To prevent that occurrence, a warning is displayed when a user attempts to create a rule that blocks outbound HTTP or DNS connections to "any" location. Furthermore, the user cannot save the policy without first changing or removing that rule.
Please note that the following features may soon be removed from Halo. Please plan to modify any code or procedures that depend on them.
- FIM option to generate a separate event for every changed object. On the Edit File Integrity Policy page of the Halo portal, the checkbox allowing this (unrecommended) option will be removed. Scans will always group all changes to a given policy-defined target on a given server into a single event.
Expected removal date: Q2 2015.
The following issues are among those that remain unresolved as of this release. Any known workarounds are described.
- Editing file integrity baseline expiration. If you want to change the expiration value when editing or re-baselining an existing baseline, the new expiration date is now calculated from the current date, rather than from the original baseline-creation date. However, if you keep the same setting (number of days) for the expiration value, the re-calculation does not occur and the expiration date remains based on the original creation date.
Workaround: Select a different expiration value and save the baseline. Then re-edit the baseline and specify your desired expiration value.