CloudPassage Halo — 5 November 2015 Release
The 5 November 2015 Release of CloudPassage® Halo® includes a new version (3.6.6) of the Halo agent for both Linux and Windows, improved SSO support, validation of firewall rules created through the API, and other enhancements and fixes.
New Features and Improvements
New Halo agent available
With this release, Halo agent version 3.6.6 is available for both Linux and Windows platforms. See the Halo Agent Release Notes for details.
Configuration Security Monitoring
Corrected handling of "Mark indeterminate as failed" setting
Recent configuration scans have been identifying indeterminate scan results as "indeterminate", regardless of the state of the "Mark indeterminate as failed" checkbox in the Site Administration scanner settings. The issue has been corrected and indeterminate results are now marked as "failed" when that checkbox is set.
Workload Firewall Management
Additional rule validation for firewall creation through API
When you create a firewall policy rule through the API, Halo now validates that you have included appropriate parameters for the rule's direction (inbound or outbound). Specifically, outbound rules can have
firewall_target parameters, but any submitted
firewall_source parameters will be stripped from the request JSON. Likewise, any
firewall_target parameters will be stripped from submitted inbound rules.
Halo Logging and Alerting
Corrected filtering for Security Events History page
Recently, the "Windows" OS filter on the Security Events History page malfunctioned, meaning that you could not restrict your search results to events on Windows servers only. That issue has been corrected and the filter now functions as expected.
Support for custom logout landing page restored
Previously, Halo customers who have integrated Halo into their SAML-based single sign-on solution were not able to specify a custom landing page to display to users that log out of Halo. That issue has been corrected.
Halo now supports XML namespace inheritance
Updates to the Halo libraries have allowed Halo to support XML namespace inheritance, meaning that it can provide improved support for SAML-based SSO solutions.
Please note that the following features have been or may soon be removed from Halo. Please plan to modify any code or procedures that depend on them.
- The use of
daemon-keyas a Halo agent startup parameter is now deprecated. In your Linux and Windows Halo installation scripts, please replace all instances of
The following issues are among those that remain unresolved as of this release. Any known workarounds are described.
- Editing file integrity baseline expiration. If you want to change the expiration value when editing or re-baselining an existing baseline, the new expiration date is now calculated from the current date, rather than from the original baseline-creation date. However, if you keep the same setting (number of days) for the expiration value, the re-calculation does not occur and the expiration date remains based on the original creation date.
Workaround: Select a different expiration value and save the baseline. Then re-edit the baseline and specify your desired expiration value.