CloudPassage Halo — 14 December 2015 Release
The 14 December 2015 Release of CloudPassage® Halo® includes two new API endpoints (CVE Details and Firewall Change Logs), improved security for Halo-supplied installation scripts, corrections to the process for logging into the preview Halo portal interface, and other new features and enhancements.
New Features and Improvements
Halo REST API
New CVE Details API endpoint
The API now includes a CVE Details endpoint, which allows you to retrieve common vulnerability and exposure information programmatically. The basic command for retrieving the vulnerability data for a given CVE is this:
Fields added to 'Daemon compromised' event
The "Daemon compromised" special event now includes the field
reasons. That field provides information on what attribute value changes caused the verification to fail, and what the expected values were.
Firewall change logs available from the Servers API endpoint
firewall_logs API endpoint beneath the Servers endpoint has been implemented. It allows you to retrieve a server's firewall logs, which contain records of any firewall changes made outside of Halo. The basic command for retrieving the log data is this:
Configuration Security Monitoring
CSM policy update process adjusted to improve performance
The process that Halo uses to update configuration policies has been made more efficient, so that now updates to large policies assigned to multiple server groups can complete without timing out.
Install / startup scripts communicate securely
The installation and startup scripts available for download from the Halo portal now use secure HTTPS communication to download the agent software that they install on Halo customers' servers.
Note: Some older distributions may require HTTP for this communication. In that case, you can substitute HTTP for HTTPS in your downloaded script.
Corrected handling of login to Halo preview UI
On some virtual private grids, customers wishing to log into the preview of the new Halo portal interface have been instead redirected to the legacy interface. The issue has been corrected so that users supplying the preview URL extension are now properly directed to the preview interface.
Please note that the following features have been or may soon be removed from Halo. Please plan to modify any code or procedures that depend on them.
- The use of
daemon-keyas a Halo agent startup parameter is now deprecated. In your Linux and Windows Halo installation scripts, please replace all instances of
The following issues are among those that remain unresolved as of this release. Any known workarounds are described.
- Editing file integrity baseline expiration. If you want to change the expiration value when editing or re-baselining an existing baseline, the new expiration date is now calculated from the current date, rather than from the original baseline-creation date. However, if you keep the same setting (number of days) for the expiration value, the re-calculation does not occur and the expiration date remains based on the original creation date.
Workaround: Select a different expiration value and save the baseline. Then re-edit the baseline and specify your desired expiration value.