CloudPassage Halo — 5 August 2015 Release
The 5 August 2015 Release of CloudPassage® Halo® includes additional server information retrievable through the Halo API, corrected reporting of vulnerabilities and IP addresses in certain circumstances, plus other minor improvements and corrections.
New Features and Improvements
Halo REST API
State-change field added to Server object
On the Servers API endpoint, the server object now contains the additional field
last_state_change. The field contains the time stamp (in ISO 8601 format) of when this server went into its current state (active, deactivated, missing, retired). For example, for a deactivated server the field shows the date-time at which the server was deactivated.
last_state_change attribute is searchable, meaning that you can search the endpoint for all servers that, for example, have been activated since a certain time in the past:
Software Vulnerability Assessment
Corrected processes for reporting vulnerabilities
Previously, in certain situations Halo could report a vulnerable Internet Explorer v9 package on a server, when the package did not actually exist on that server. The issue has been corrected.
Corrected IP address reporting for containers
Corrected a problem in which multiple OpenVZ containers cloned from a single template image were all reported as being the same server, instead of different servers.
Please note that the following features have been or may soon be removed from Halo. Please plan to modify any code or procedures that depend on them.
- FIM option to generate a separate event for every changed object. The checkbox allowing this option has been removed from the Scanner Settings tab on the Site Administration page of the Halo portal.
Scans now always group all changes to a given policy-defined target on a given server into a single event of type "File integrity change detected" (or
fim_target_integrity_changedin the Halo AP). To display details of which specific objects within the scanned target passed or failed, and why, click a link in the event text (or, in the Halo API
eventobject, use the
finding_idfields to access the scan finding for that event'.) .
As a consequence of this removal, the previously defined FIM events "File integrity object added", "File integrity object missing", and "File integrity object signature changed" are deprecated and are no longer generated.
The following issues are among those that remain unresolved as of this release. Any known workarounds are described.
- Editing file integrity baseline expiration. If you want to change the expiration value when editing or re-baselining an existing baseline, the new expiration date is now calculated from the current date, rather than from the original baseline-creation date. However, if you keep the same setting (number of days) for the expiration value, the re-calculation does not occur and the expiration date remains based on the original creation date.
Workaround: Select a different expiration value and save the baseline. Then re-edit the baseline and specify your desired expiration value.