CloudPassage Halo — 24 August 2015 Release
The 24 August 2015 Release of CloudPassage® Halo® includes a new ability to update CSM policies through the API, new audit events and event triggers in site administration, new capabilities for the Windows Advanced Audit Policy Setting check, and other features and fixes.
New Features and Improvements
Additional finding counts added to scan results
ok_findings_count have been added to the scan results object of the Server Scans API endpoint. These result counts, as well as
non_critical_findings_count, are displayed in JSON scan results retrieved from the Halo API.
Audit event when agent key is regenerated
This release enables a site administrator to specify, on the Audit Events tab of the portal's Site Administration page, whether an audit event should be created whenever the agent key is regenerated, what the event's criticality should be, and whether it should also trigger an alert.
Configuration Security Monitoring
Now possible to modify a CSM policy through the API
With this release, you can incrementally update a configuration policy using the API. Take these steps:
- Use the search capability in the Halo portal, or a GET request to the API, to locate the desired policy. Either way, search for the policy by name; partial name matches are supported.
- Export the policy (from the portal UI) or copy the correct returned policy (from the API). Modify the policy JSON as desired.
- Use a PUT request to the API to upload the updated JSON object.
IMPORTANT: Unlike with some PUT requests to the Halo API, you must include the entire policy JSON when you make this call.
Subcategories added to Advanced Audit Policy Setting check
The Windows Advanced Audit Policy check has been enhanced to support additional parameters. The following subcategories have been added:
- Central Policy Staging (under the Object Access heading)
- Removable Storage (under the Object Access heading)
- User Device Claims (under the Logon/Logoff heading)
Performance and Scalability
"Server firewall modified" alerts
Previously, when the internal Halo firewall queue was backed up, the result was numerous "Server firewall modified"events and alerts. This issue has been corrected.
The following issues are among those that remain unresolved as of this release. Any known workarounds are described.
- Editing file integrity baseline expiration. If you want to change the expiration value when editing or re-baselining an existing baseline, the new expiration date is now calculated from the current date, rather than from the original baseline-creation date. However, if you keep the same setting (number of days) for the expiration value, the re-calculation does not occur and the expiration date remains based on the original creation date.
Workaround: Select a different expiration value and save the baseline. Then re-edit the baseline and specify your desired expiration value.