Release Notes
- Added eMASS control summary tables to CRA
- Family control rollup on control rating spreadsheet now uses all controls, not base controls
- Correctly pass connection security status to Django in both HTTP and HTTPS modes
- Reverted WinXP powershell commands to wmic.
- For HTTP_ONLY servers, ensure all cookies are sent without the Secure attribute. Should fix CSRF issues.
Small release. We have RMF rev 5 STIGs imported, but still not included in this release while we test the swap from Rev4 to Rev5.
- Work on Solaris 10 SPARC and Oracle 11.2g
- Revised MS Windows 10 and One Drive STIG names
- Several configuration items have been added:
- Added ability to control session termination at browser close, commit without CCI changes
- Added session ID to logs when available
- Added session length configuration settings and documentation
- Added basic DoD-style banner to Xylok, see configuration documentation for details
- Show device type on machine page
- Added a Risk Assessment helper, intended for helping update Control risks within eMASS directly (rather than only through the POAM)
- Add POAM Helpers at CCI and control level
- Added eMASS count helper for quick comparisons to eMASS’s control status
- Connection header won’t be logged any more
- Corrected docs about updating
- Use correct redirect code for some items
- Hid dashboard and new client checklist
- Corrected display of Cat Is vs Cat IIIs on CCI rater related data and similar locations
- Skip adding blank mitigations to controls
- Updated SOLARIS 10 SPARC
- Warning: CentOS 7 is now EOM and RHEL 7 has only ELS available. We will stop intentionally supporting them soon. (https://www.redhat.com/en/technologies/linux-platforms/enterprise-linux/rhel-7-end-of-maintenance)
- Moved to a true executable wrapper around installer, rather than the BASH+tar wrapper. This setup seems to avoid the NIPR block that was preventing downloads of the installer before, plus allows for better command line parsing and easier changes in the future.
- Added “POA&M Helper” worksheet to SAR that should make it easier to update risk ratings within eMASS.
- Added “ALLOWED_DOMAINS” setting to configuration to allow users to restrict the domains the server may be accessed via. See Server Admin-Configuration docs for details.
- Added “HTTP_ONLY” setting to configuration to allow users to make Xylok listen only via HTTP. Primarily intended for use behind a reverse proxy which is already terminating HTTPS. See Server Admin-Configuration docs for details.
- Overlays now mark removed controls as N/A, rather than fully tailoring them out of the baseline.
- CRA now correctly reports number of inherited controls based on realized inheritance, rather than just the count of “possible” inherited CCIs.
- Send all download files with the proper filename. Fixes issue with CKL files being given an XML extension
- Corrected diagram width error in reports
- Re-enabled installation tests for Rocky 8, Rocky 9, Fedora 40, and various LTS Ubuntus
- Blocked known crawler user agents by returning no content and a 403 error code
- Handle Podman warnings better in Xylok manager, skipping warning lines when attempting to parse JSON output.
- Added commands for Windows Server 2022 DNS
- Corrected related PP on Windows 11 STIG.
- Updated IE 11 check DTBI9999-IE11 to check for IE disabling.
- Updates to RHEL 8 and 9 benchmarks
- Handle Podman read-only file system changes changes. Fixes issues with Podman 4.7+, closes #97
- Allow IP address certificates and increased header logging for requests. Progress on #96 for TLS issues to provide more debugging information
- Allow certificate generation for any domain, not just one with ‘xylok’ in it
- Fixed some classification markings on report
- Fixed document usage in reports
- Sorted related data for CCI ratings to put Cat Is on top
- Fixed several bugs with CCI rater updating
- The server now features ACME (Let’s Encrypt) support, allowing the server to automatically generate certificates. In addition, for servers with no Internet connection, automatic certificates can be generated for any domain used to access the server.
- For users, if you have trusted the Xylok CA certificate in your browser(s) in the past you will need to repeat that process. Download your local CA from your local /docs/ page.
- If you want to use Let’s Encrypt, see the updated documentation on the HTTPS.
- Corrected loading features from core server
- Updated documentation to reflect that Docker is preferred on RHEL/CentOS 7
- Stop generating local certs using the script
- Changed Docker healthcheck to not break with new TLS provider
- Always use CertMagic-based server
- Spread context-based logging throughout tools
- Added more logging around failing post-processing format requests
- Use ‘mark results as’ setting for report overall markings, not ‘is classified’ checkbox. Fixes #5
- Only say SUT one time in the reporting tools section of the report. Fixes #24
- Allow scan page to work with numeric impact levels, displaying them correctly. Fixes #45
- Show the control title on the control detail page, closes #28
- If there are no overlays for a control, don’t display an empty row in the table
- Allow downloads are marked as downloads now. Closes #38
- Added documentation for advanced collector encryption of passwords
- Upgraded Go version
- Return error when internal proxy requests fail
- Updated PP on Windows 11 Checks Closes #84 Closes #85
- RHEL 9 Bug Fixes and STIG Updates
- Updated matching software and OS tags on Adobe Acrobat Pro XI STIG.
- Tombstoned Adobe Acrobat Pro DC STIG (v1r0.1-draft).
- Fixed OS tags for Adobe Acrobat Pro DC Continuous STIG.
- Updated matching software list for Adobe Acrobat Pro DC Classic STIG.
- Updated matching software list for Adobe Acrobat Reader DC Classic Track STIG.
- Corrected OS tags on Adobe Acrobat Reader DC Continuous Track STIG.
- Added PP to Apache Server 2.4 UNIX Server STIG v2r7.
- Updated Cisco IOS XE Switch NDM STIG v2r9.
- Updated Cisco IOS Switch NDM STIG v2r9.
- Updated Trellix ENS 10.x STIG v2r14.
- Updated VMware vSphere 7.0 vCenter Appliance Photon OS STIG v1r3.
- Updated Active Directory Domain STIG v3r4.
- Updated Microsoft Office System 2016 STIG v2r3.
- Updated Microsoft Excel 2016 STIG v2r1.
- Updated Microsoft SQL Server 2016 Database STIG v2r9.
- FMC Custom STIG
- Updated Microsoft Office 365 ProPlus STIG v2r12.
- Updated Microsoft DotNet Framework 4.0 STIG v2r4.
- Updated Microsoft Edge STIG v1r8.
- Updated Microsoft SQL Server 2016 Instance STIG v2r12.
- Updated Microsoft Windows Server 2016 STIG v2r8.
- Updated Microsoft Windows Server 2019 STIG v2r9.
- Updated Microsoft Windows Server 2022 STIG v1r5.
- Updated Microsoft Windows 10 STIG v2r9 Updated Microsoft Windows 11 STIG v1r6
- Imported DISA STIG updates from early May 2024.
- Updated benchmark ms_windows_server_2022_stig, added version v1r5
- Updated benchmark bind_9-x_stig, added version v2r3
- Updated benchmark microsoft_windows_11_stig, added version v1r6
- Updated benchmark ms_windows_10_stig, added version v2r9
- Updated benchmark dns_srg, added version v3r2
- Updated benchmark microsoft_windows_2012_server_domain_name_system_stig, added version v2r6
- Updated benchmark windows_server_2016_stig, added version v2r8
- Updated benchmark active_directory_domain, added version v3r4
- Updated benchmark windows_server_2019_stig, added version v2r9
- Imported DISA STIG updates from Apr 2024, including CUI STIGs.
- Updated benchmark mcafee_ens_10-x_stig, added version v2r14
- Updated benchmark zos_webspheremq_for_tss_stig, updated version v6r4
- Updated benchmark zos_websphere_application_server_for_tss_stig, updated version v6r1
- Updated benchmark zos_tdmf_for_tss_stig, updated version v6r4
- Updated benchmark zos_tadz_for_tss_stig, updated version v6r7
- Updated benchmark zos_srraudit_for_tss_stig, updated version v6r5
- Updated benchmark zos_roscoe_for_tss_stig, updated version v6r8
- Updated benchmark zos_quest_nc-pass_for_tss_stig, updated version v6r3
- Updated benchmark zos_netview_for_tss_stig, updated version v6r9
- Updated benchmark zos_ibm_system_display_and_search_facility_for_tss_stig, updated version v6r10
- Updated benchmark zos_ibm_health_checker_for_tss, updated version v6r3
- Updated benchmark zos_ibm_cics_transaction_server_for_tss, updated version v6r9
- Updated benchmark zos_hcd_for_tss_stig, updated version v6r4
- Updated benchmark zos_fep_for_tss, updated version v6r1
- Updated benchmark zos_fdr_for_tss_stig, updated version v6r2
- Updated benchmark zos_cssmtp_for_tss_stig, updated version v6r6
- Updated benchmark zos_compuware_abend-aid_for_tss, updated version v6r7
- Updated benchmark zos_clsupersession_for_tss_stig, added version v6r13
- Updated benchmark zos_catalog_solutions_for_tss_stig, updated version v6r5
- Updated benchmark zos_ca_1_tape_management_for_tss_stig, updated version v6r10
- Updated benchmark zos_ca_vtape_for_tss_stig, updated version v6r5
- Updated benchmark zos_ca_mim_for_tss_stig, updated version v6r4
- Updated benchmark zos_ca_mics_for_tss_stig, updated version v6r5
- Updated benchmark zos_ca_common_services_for_tss_stig, updated version v6r2
- Updated benchmark zos_ca_auditor_for_tss_stig, updated version v6r4
- Updated benchmark zos_bmc_mainview_for_zos_for_tss_stig, updated version v6r8
- Updated benchmark zos_bmc_ioa_for_tss_stig, updated version v6r8
- Updated benchmark zos_bmc_control-o_for_tss_stig, updated version v6r8
- Updated benchmark zos_bmc_control-m_restart_for_tss_stig, updated version v6r6
- Updated benchmark zos_bmc_control-m_for_tss_stig, updated version v6r10
- Updated benchmark zos_bmc_control-d_for_tss_stig, updated version v6r8
- Updated benchmark zos_webspheremq_for_racf_stig, updated version v6r4
- Updated benchmark zos_websphere_application_server_for_racf_stig, updated version v6r1
- Updated benchmark zos_vss_for_racf_stig, updated version v6r8
- Updated benchmark zos_tdmf_for_racf_stig, updated version v6r4
- Updated benchmark zos_tadz_for_racf_stig, updated version v6r7
- Updated benchmark zos_srraudit_for_racf_stig, updated version v6r5
- Updated benchmark zos_roscoe_for_racf_stig, updated version v6r8
- Updated benchmark zos_quest_nc-pass_for_racf_stig, updated version v6r3
- Updated benchmark zos_netview_for_racf_stig, updated version v6r9
- Updated benchmark zos_ibm_system_display_and_search_facility_for_racf_stig, updated version v6r10
- Updated benchmark zos_ibm_health_checker_for_racf, updated version v6r3
- Updated benchmark zos_ibm_cics_transaction_server_for_racf, updated version v6r9
- Updated benchmark zos_hcd_for_racf_stig, updated version v6r4
- Updated benchmark zos_fep_for_racf_stig, updated version v6r1
- Updated benchmark zos_fdr_for_racf_stig, updated version v6r2
- Updated benchmark zos_cssmtp_for_racf_stig, updated version v6r6
- Updated benchmark zos_compuware_abend-aid_for_racf, updated version v6r7
- Updated benchmark zos_clsupersession_for_racf_stig, added version v6r13
- Updated benchmark zos_catalog_solutions_for_racf_stig, updated version v6r5
- Updated benchmark zos_ca_1_tape_management_for_racf_stig, updated version v6r10
- Updated benchmark zos_ca_vtape_for_racf_stig, updated version v6r5
- Updated benchmark zos_ca_mim_for_racf_stig, updated version v6r4
- Updated benchmark zos_ca_mics_for_racf_stig, updated version v6r5
- Updated benchmark zos_ca_common_services_for_racf_stig, updated version v6r3
- Updated benchmark zos_ca_auditor_for_racf_stig, updated version v6r4
- Updated benchmark zos_bmc_mainview_for_zos_for_racf_stig, updated version v6r8
- Updated benchmark zos_bmc_ioa_for_racf_stig, updated version v6r8
- Updated benchmark zos_bmc_control-o_for_racf_stig, updated version v6r8
- Updated benchmark zos_bmc_control-m_restart_for_racf_stig, updated version v6r6
- Updated benchmark zos_bmc_control-m_for_racf_stig, updated version v6r10
- Updated benchmark zos_bmc_control-d_for_racf_stig, updated version v6r8
- Updated benchmark zos_webspheremq_for_acf2_stig, updated version v6r4
- Updated benchmark zos_websphere_application_server_for_acf2_stig, updated version v6r1
- Updated benchmark zos_tdmf_for_acf2_stig, updated version v6r4
- Updated benchmark zos_tadz_for_acf2_stig, updated version v6r7
- Updated benchmark zos_srraudit_for_acf2_stig, updated version v6r5
- Updated benchmark zos_roscoe_for_acf2_stig, updated version v6r9
- Updated benchmark zos_quest_nc-pass_for_acf2_stig, updated version v6r3
- Updated benchmark zos_netview_for_acf2_stig, updated version v6r9
- Updated benchmark zos_ibm_system_display_and_search_facility_for_acf2_stig, updated version v6r11
- Updated benchmark zos_ibm_health_checker_for_acf2, updated version v6r3
- Updated benchmark zos_ibm_cics_transaction_server_for_acf2, updated version v6r8
- Updated benchmark zos_hcd_for_acf2_stig, updated version v6r4
- Updated benchmark zos_fep_for_acf2_stig, updated version v6r1
- Updated benchmark zos_fdr_for_acf2_stig, updated version v6r2
- Updated benchmark zos_cssmtp_for_acf2_stig, updated version v6r6
- Updated benchmark zos_compuware_abend-aid_for_acf2, updated version v6r7
- Updated benchmark zos_clsupersession_for_acf2_stig, added version v6r13
- Updated benchmark zos_catalog_solutions_for_acf2_stig, updated version v6r4
- Updated benchmark zos_ca_1_tape_management_for_acf2_stig, updated version v6r10
- Updated benchmark zos_ca_vtape_for_acf2_stig, updated version v6r5
- Updated benchmark zos_ca_mim_for_acf2_stig, updated version v6r4
- Updated benchmark zos_ca_mics_for_acf2_stig, updated version v6r5
- Updated benchmark zos_ca_common_services_for_acf2_stig, updated version v6r2
- Updated benchmark zos_ca_auditor_for_acf2_stig, updated version v6r4
- Updated benchmark zos_bmc_mainview_for_zos_for_acf2_stig, updated version v6r10
- Updated benchmark zos_bmc_ioa_for_acf2_stig, updated version v6r8
- Updated benchmark zos_bmc_control-o_for_acf2_stig, updated version v6r8
- Updated benchmark zos_bmc_control-m_restart_for_acf2_stig, updated version v6r6
- Updated benchmark zos_bmc_control-m_for_acf2_stig, updated version v6r10
- Updated benchmark zos_bmc_control-d_for_acf2_stig, updated version v6r8
- Added benchmark ss_android_14_mdfpp_3-3_byoad_stig, added version v1r1
- Added benchmark ss_android_14_byoad_stig, added version v1r1
- Updated benchmark ss_android_os_14_kpe_3-x_cope_stig, added version v1r2
- Updated benchmark ss_android_os_14_kpe_3-x_cobo_stig, added version v1r2
- Added benchmark google_android_14_mdf_pp_3-3_byoad_stig, added version v1r1
- Added benchmark google_android_14_byoad_stig, added version v1r1
- Updated benchmark rhel_9_stig, added version v1r3
- Added benchmark evvm_session_management_srg, added version v1r1
- Added benchmark evvm_policy_srg, added version v1r1
- Added benchmark evvm_endpoint_srg, added version v1r1
- Added benchmark apple_ios_ipados_17_mdfpp_3-3_byoad_stig, added version v1r1
- Added benchmark apple_ios-ipados_17_byoad_stig, added version v1r1
- Updated benchmark oracle_linux_8_stig, added version v1r10
- Updated benchmark google_android_13_mdf_pp_3-3_byoad_stig, updated version v1r1
- Updated benchmark google_android_13_byoad_stig, added version v1r2
- Updated benchmark ms_edge_stig, added version v1r8
- Updated benchmark cisco_ios_switch_rtr_stig, updated version v2r5
- Updated benchmark cisco_ios_switch_ndm_stig, added version v2r9
- Updated benchmark cisco_ios_switch_l2s_stig, updated version v2r4
- Updated benchmark solaris_11_x86_stig, added version v2r10
- Updated benchmark rhel_8_stig, added version v1r14
- Updated benchmark apple_macos_13_stig, added version v1r4
- Updated benchmark ibm_zos_tss_stig, added version v8r13
- Updated benchmark ibm_zos_racf_stig, added version v8r14
- Updated benchmark ibm_zos_acf2_stig, added version v8r15
- Updated benchmark apache_server_2-4_unix_site_stig, updated version v2r4
- Updated benchmark apache_server_2-4_unix_server_stig, added version v2r7
- Updated benchmark f5_big-ip_local_traffic_manager_11-x_stig, added version v2r3
- Updated benchmark f5_big-ip_device_management_11-x_stig, added version v2r3
- Added benchmark f5_big-ip_application_security_manager_11-x_stig, added version v2r1
- Added benchmark f5_big-ip_advanced_firewall_manager_11-x_stig, added version v2r1
- Updated benchmark f5_big-ip_access_policy_manager_11-x_stig, added version v2r3
- Updated benchmark apple_macos_14_stig, added version v1r2
- Updated benchmark cisco_ios_xe_switch_rtr_stig, updated version v2r5
- Updated benchmark cisco_ios_xe_switch_ndm_stig, added version v2r9
- Updated benchmark cisco_ios_xe_switch_l2s_stig, updated version v2r5
- Updated benchmark canonical_ubuntu_20-04_lts_stig, added version v1r12
- Updated benchmark solaris_11_sparc_stig, added version v2r10
- Updated benchmark apple_ios-ipados_15_stig, added version v1r4
- Updated benchmark rh_ansible_automation_controller_web_server_stig, added version v1r2
- Updated benchmark rh_ansible_automation_controller_app_server_stig, updated version v1r2
- Added benchmark can_ubuntu_22-04_lts_stig, added version v1r1
- Updated benchmark cisco_nx-os_switch_rtr_stig, updated version v2r3
- Updated benchmark cisco_nx-os_switch_ndm_stig, added version v2r8
- Updated benchmark cisco_nx-os_switch_l2s_stig, updated version v2r3
- Updated benchmark ms_office_365_proplus_stig, added version v2r12
- Updated benchmark web_server_srg, added version v3r3
- Added benchmark ibm_zsecure_suite_stig, added version v1r1
- Updated benchmark ms_sql_server_2016_instance_stig, added version v2r12
- Updated benchmark ms_sql_server_2016_database_stig, added version v2r9
- Updated benchmark jboss_eap_6-3_stig, added version v2r4
- Added benchmark mirantis_kubernetes_engine_stig, added version v1r1
- Updated benchmark sles_15_stig, added version v1r13
- Updated benchmark router_srg, added version v4r3
- Updated benchmark can_ubuntu_18-04_stig, added version v2r14
- Updated benchmark netapp_ontap_dsc_9-x_stig, added version v1r4
- Updated benchmark microsoft_excel_2016, added version v2r1
- Updated benchmark rgs_rke2_stig, added version v1r5
- Updated benchmark vpn, added version v2r6
- Updated benchmark vmware_horizon_7-13_connection_server_stig, added version v1r2
- Updated benchmark vmware_horizon_7-13_client_stig, updated version v1r1
- Updated benchmark vmware_horizon_7-13_agent_stig, updated version v1r1
- Updated benchmark ms_dot_net_framework, added version v2r4
- Updated benchmark rhel_9_stig, updated version v1r2
- Updated benchmark microsoft_office_system_2016, added version v2r3
- Minor updates to McAfee STIGs.
- Created new Powershell utility function.
- Upgraded Go version, removing two vulnerabilities
- Log all HTTP requests by default
- Allow access to API liveness/readiness without auth
- No longer try to compress any data, it was causing issues with downloads
- Fix: Handle benchmarks with question but no answer choices (#32)
- Changelog/doc link fixes (#30)
- Correctly import all the changes listed in v2024.05.1, the question issue above was cancelling the import.
- Control rater now de-duplicates default control comments
- File portal now offers a ‘proxied’ download which runs through the portal server. Depending on your network, this may avoid network blocks.
- Nginx has been removed in favor of a new primary process that handles both the proxying to the backend and a new GraphQL server. This change should be transparent to the user.
- Installer will now automatically apply FAPolicy for the xylok-manager.py script and ensures the scripts it installs are readable, fixing an issue with some new installs.
- GraphQL server running within primary server now
- Upgraded GraphQL to new release of gqlgen
- GraphQL can handle dates in the CCI rater now. Closes #26
- GraphQL report updates can take booleans now
- Feature list fully loading through graphql
- Report listing loads over graphql
- Updated report working through graphql
- Nessus importing now correctly creates all missing plugin checks
- Handle lodash paths like a.0.c.3 as if the numbers are also array indexes
- Filter out empty documents from report list
- Moved Latex packages into repo, avoiding download issues
- Correctly report the error and fail to build installer if latex libraries fail to install
- Fix control rater modal not working, closes #2
- Made table 4.2 in report use a long table and be much shorter, in case there are a lot of the ‘highest rated’ controls
- CORS fix for tRPC->core again
- Download portal has a simple cache now, making it faster
- Removed link to tRPC docs, tRPC is going to be removed soon
- Fixed small bugs with automatically created interview questions
- Imported DISA STIG updates from early May 2024.
- Updated benchmark ms_windows_server_2022_stig, added version v1r5
- Updated benchmark bind_9-x_stig, added version v2r3
- Updated benchmark microsoft_windows_11_stig, added version v1r6
- Updated benchmark ms_windows_10_stig, added version v2r9
- Updated benchmark dns_srg, added version v3r2
- Updated benchmark microsoft_windows_2012_server_domain_name_system_stig, added version v2r6
- Updated benchmark windows_server_2016_stig, added version v2r8
- Updated benchmark active_directory_domain, added version v3r4
- Updated benchmark windows_server_2019_stig, added version v2r9
- Imported DISA STIG updates from Apr 2024, including CUI STIGs.
- Updated benchmark mcafee_ens_10-x_stig, added version v2r14
- Updated benchmark zos_webspheremq_for_tss_stig, updated version v6r4
- Updated benchmark zos_websphere_application_server_for_tss_stig, updated version v6r1
- Updated benchmark zos_tdmf_for_tss_stig, updated version v6r4
- Updated benchmark zos_tadz_for_tss_stig, updated version v6r7
- Updated benchmark zos_srraudit_for_tss_stig, updated version v6r5
- Updated benchmark zos_roscoe_for_tss_stig, updated version v6r8
- Updated benchmark zos_quest_nc-pass_for_tss_stig, updated version v6r3
- Updated benchmark zos_netview_for_tss_stig, updated version v6r9
- Updated benchmark zos_ibm_system_display_and_search_facility_for_tss_stig, updated version v6r10
- Updated benchmark zos_ibm_health_checker_for_tss, updated version v6r3
- Updated benchmark zos_ibm_cics_transaction_server_for_tss, updated version v6r9
- Updated benchmark zos_hcd_for_tss_stig, updated version v6r4
- Updated benchmark zos_fep_for_tss, updated version v6r1
- Updated benchmark zos_fdr_for_tss_stig, updated version v6r2
- Updated benchmark zos_cssmtp_for_tss_stig, updated version v6r6
- Updated benchmark zos_compuware_abend-aid_for_tss, updated version v6r7
- Updated benchmark zos_clsupersession_for_tss_stig, added version v6r13
- Updated benchmark zos_catalog_solutions_for_tss_stig, updated version v6r5
- Updated benchmark zos_ca_1_tape_management_for_tss_stig, updated version v6r10
- Updated benchmark zos_ca_vtape_for_tss_stig, updated version v6r5
- Updated benchmark zos_ca_mim_for_tss_stig, updated version v6r4
- Updated benchmark zos_ca_mics_for_tss_stig, updated version v6r5
- Updated benchmark zos_ca_common_services_for_tss_stig, updated version v6r2
- Updated benchmark zos_ca_auditor_for_tss_stig, updated version v6r4
- Updated benchmark zos_bmc_mainview_for_zos_for_tss_stig, updated version v6r8
- Updated benchmark zos_bmc_ioa_for_tss_stig, updated version v6r8
- Updated benchmark zos_bmc_control-o_for_tss_stig, updated version v6r8
- Updated benchmark zos_bmc_control-m_restart_for_tss_stig, updated version v6r6
- Updated benchmark zos_bmc_control-m_for_tss_stig, updated version v6r10
- Updated benchmark zos_bmc_control-d_for_tss_stig, updated version v6r8
- Updated benchmark zos_webspheremq_for_racf_stig, updated version v6r4
- Updated benchmark zos_websphere_application_server_for_racf_stig, updated version v6r1
- Updated benchmark zos_vss_for_racf_stig, updated version v6r8
- Updated benchmark zos_tdmf_for_racf_stig, updated version v6r4
- Updated benchmark zos_tadz_for_racf_stig, updated version v6r7
- Updated benchmark zos_srraudit_for_racf_stig, updated version v6r5
- Updated benchmark zos_roscoe_for_racf_stig, updated version v6r8
- Updated benchmark zos_quest_nc-pass_for_racf_stig, updated version v6r3
- Updated benchmark zos_netview_for_racf_stig, updated version v6r9
- Updated benchmark zos_ibm_system_display_and_search_facility_for_racf_stig, updated version v6r10
- Updated benchmark zos_ibm_health_checker_for_racf, updated version v6r3
- Updated benchmark zos_ibm_cics_transaction_server_for_racf, updated version v6r9
- Updated benchmark zos_hcd_for_racf_stig, updated version v6r4
- Updated benchmark zos_fep_for_racf_stig, updated version v6r1
- Updated benchmark zos_fdr_for_racf_stig, updated version v6r2
- Updated benchmark zos_cssmtp_for_racf_stig, updated version v6r6
- Updated benchmark zos_compuware_abend-aid_for_racf, updated version v6r7
- Updated benchmark zos_clsupersession_for_racf_stig, added version v6r13
- Updated benchmark zos_catalog_solutions_for_racf_stig, updated version v6r5
- Updated benchmark zos_ca_1_tape_management_for_racf_stig, updated version v6r10
- Updated benchmark zos_ca_vtape_for_racf_stig, updated version v6r5
- Updated benchmark zos_ca_mim_for_racf_stig, updated version v6r4
- Updated benchmark zos_ca_mics_for_racf_stig, updated version v6r5
- Updated benchmark zos_ca_common_services_for_racf_stig, updated version v6r3
- Updated benchmark zos_ca_auditor_for_racf_stig, updated version v6r4
- Updated benchmark zos_bmc_mainview_for_zos_for_racf_stig, updated version v6r8
- Updated benchmark zos_bmc_ioa_for_racf_stig, updated version v6r8
- Updated benchmark zos_bmc_control-o_for_racf_stig, updated version v6r8
- Updated benchmark zos_bmc_control-m_restart_for_racf_stig, updated version v6r6
- Updated benchmark zos_bmc_control-m_for_racf_stig, updated version v6r10
- Updated benchmark zos_bmc_control-d_for_racf_stig, updated version v6r8
- Updated benchmark zos_webspheremq_for_acf2_stig, updated version v6r4
- Updated benchmark zos_websphere_application_server_for_acf2_stig, updated version v6r1
- Updated benchmark zos_tdmf_for_acf2_stig, updated version v6r4
- Updated benchmark zos_tadz_for_acf2_stig, updated version v6r7
- Updated benchmark zos_srraudit_for_acf2_stig, updated version v6r5
- Updated benchmark zos_roscoe_for_acf2_stig, updated version v6r9
- Updated benchmark zos_quest_nc-pass_for_acf2_stig, updated version v6r3
- Updated benchmark zos_netview_for_acf2_stig, updated version v6r9
- Updated benchmark zos_ibm_system_display_and_search_facility_for_acf2_stig, updated version v6r11
- Updated benchmark zos_ibm_health_checker_for_acf2, updated version v6r3
- Updated benchmark zos_ibm_cics_transaction_server_for_acf2, updated version v6r8
- Updated benchmark zos_hcd_for_acf2_stig, updated version v6r4
- Updated benchmark zos_fep_for_acf2_stig, updated version v6r1
- Updated benchmark zos_fdr_for_acf2_stig, updated version v6r2
- Updated benchmark zos_cssmtp_for_acf2_stig, updated version v6r6
- Updated benchmark zos_compuware_abend-aid_for_acf2, updated version v6r7
- Updated benchmark zos_clsupersession_for_acf2_stig, added version v6r13
- Updated benchmark zos_catalog_solutions_for_acf2_stig, updated version v6r4
- Updated benchmark zos_ca_1_tape_management_for_acf2_stig, updated version v6r10
- Updated benchmark zos_ca_vtape_for_acf2_stig, updated version v6r5
- Updated benchmark zos_ca_mim_for_acf2_stig, updated version v6r4
- Updated benchmark zos_ca_mics_for_acf2_stig, updated version v6r5
- Updated benchmark zos_ca_common_services_for_acf2_stig, updated version v6r2
- Updated benchmark zos_ca_auditor_for_acf2_stig, updated version v6r4
- Updated benchmark zos_bmc_mainview_for_zos_for_acf2_stig, updated version v6r10
- Updated benchmark zos_bmc_ioa_for_acf2_stig, updated version v6r8
- Updated benchmark zos_bmc_control-o_for_acf2_stig, updated version v6r8
- Updated benchmark zos_bmc_control-m_restart_for_acf2_stig, updated version v6r6
- Updated benchmark zos_bmc_control-m_for_acf2_stig, updated version v6r10
- Updated benchmark zos_bmc_control-d_for_acf2_stig, updated version v6r8
- Added benchmark ss_android_14_mdfpp_3-3_byoad_stig, added version v1r1
- Added benchmark ss_android_14_byoad_stig, added version v1r1
- Updated benchmark ss_android_os_14_kpe_3-x_cope_stig, added version v1r2
- Updated benchmark ss_android_os_14_kpe_3-x_cobo_stig, added version v1r2
- Added benchmark google_android_14_mdf_pp_3-3_byoad_stig, added version v1r1
- Added benchmark google_android_14_byoad_stig, added version v1r1
- Updated benchmark rhel_9_stig, added version v1r3
- Added benchmark evvm_session_management_srg, added version v1r1
- Added benchmark evvm_policy_srg, added version v1r1
- Added benchmark evvm_endpoint_srg, added version v1r1
- Added benchmark apple_ios_ipados_17_mdfpp_3-3_byoad_stig, added version v1r1
- Added benchmark apple_ios-ipados_17_byoad_stig, added version v1r1
- Updated benchmark oracle_linux_8_stig, added version v1r10
- Updated benchmark google_android_13_mdf_pp_3-3_byoad_stig, updated version v1r1
- Updated benchmark google_android_13_byoad_stig, added version v1r2
- Updated benchmark ms_edge_stig, added version v1r8
- Updated benchmark cisco_ios_switch_rtr_stig, updated version v2r5
- Updated benchmark cisco_ios_switch_ndm_stig, added version v2r9
- Updated benchmark cisco_ios_switch_l2s_stig, updated version v2r4
- Updated benchmark solaris_11_x86_stig, added version v2r10
- Updated benchmark rhel_8_stig, added version v1r14
- Updated benchmark apple_macos_13_stig, added version v1r4
- Updated benchmark ibm_zos_tss_stig, added version v8r13
- Updated benchmark ibm_zos_racf_stig, added version v8r14
- Updated benchmark ibm_zos_acf2_stig, added version v8r15
- Updated benchmark apache_server_2-4_unix_site_stig, updated version v2r4
- Updated benchmark apache_server_2-4_unix_server_stig, added version v2r7
- Updated benchmark f5_big-ip_local_traffic_manager_11-x_stig, added version v2r3
- Updated benchmark f5_big-ip_device_management_11-x_stig, added version v2r3
- Added benchmark f5_big-ip_application_security_manager_11-x_stig, added version v2r1
- Added benchmark f5_big-ip_advanced_firewall_manager_11-x_stig, added version v2r1
- Updated benchmark f5_big-ip_access_policy_manager_11-x_stig, added version v2r3
- Updated benchmark apple_macos_14_stig, added version v1r2
- Updated benchmark cisco_ios_xe_switch_rtr_stig, updated version v2r5
- Updated benchmark cisco_ios_xe_switch_ndm_stig, added version v2r9
- Updated benchmark cisco_ios_xe_switch_l2s_stig, updated version v2r5
- Updated benchmark canonical_ubuntu_20-04_lts_stig, added version v1r12
- Updated benchmark solaris_11_sparc_stig, added version v2r10
- Updated benchmark apple_ios-ipados_15_stig, added version v1r4
- Updated benchmark rh_ansible_automation_controller_web_server_stig, added version v1r2
- Updated benchmark rh_ansible_automation_controller_app_server_stig, updated version v1r2
- Added benchmark can_ubuntu_22-04_lts_stig, added version v1r1
- Updated benchmark cisco_nx-os_switch_rtr_stig, updated version v2r3
- Updated benchmark cisco_nx-os_switch_ndm_stig, added version v2r8
- Updated benchmark cisco_nx-os_switch_l2s_stig, updated version v2r3
- Updated benchmark ms_office_365_proplus_stig, added version v2r12
- Updated benchmark web_server_srg, added version v3r3
- Added benchmark ibm_zsecure_suite_stig, added version v1r1
- Updated benchmark ms_sql_server_2016_instance_stig, added version v2r12
- Updated benchmark ms_sql_server_2016_database_stig, added version v2r9
- Updated benchmark jboss_eap_6-3_stig, added version v2r4
- Added benchmark mirantis_kubernetes_engine_stig, added version v1r1
- Updated benchmark sles_15_stig, added version v1r13
- Updated benchmark router_srg, added version v4r3
- Updated benchmark can_ubuntu_18-04_stig, added version v2r14
- Updated benchmark netapp_ontap_dsc_9-x_stig, added version v1r4
- Updated benchmark microsoft_excel_2016, added version v2r1
- Updated benchmark rgs_rke2_stig, added version v1r5
- Updated benchmark vpn, added version v2r6
- Updated benchmark vmware_horizon_7-13_connection_server_stig, added version v1r2
- Updated benchmark vmware_horizon_7-13_client_stig, updated version v1r1
- Updated benchmark vmware_horizon_7-13_agent_stig, updated version v1r1
- Updated benchmark ms_dot_net_framework, added version v2r4
- Updated benchmark rhel_9_stig, updated version v1r2
- Updated benchmark microsoft_office_system_2016, added version v2r3
- Updated Apache Server 2.4 UNIX Site STIG v2r4 and marked ready.
- Updated Apache Server 2.4 UNIX Server STIG v2r6 and marked ready.
- Minor updates to McAfee STIGs.
- Updated Apache Server 2.4 UNIX Server STIG, v2r6.
- Cleaned up implicit memory warning in advanced collector lint
- Benchmarks now figure out if they have users directly from the license file
- Added interview questions to VMM SRG and marked it ready for customer usage (interview only)
- Cisco FMC data collection changes, notably virtually all top-level “Get all” type API queries are made, ensuring we have almost all useful data
- Added image tests to ensure collectors are built and bundled into image correctly
- Added Nginx redirect to fix the documentation links to the collector data not always working
- Benchmark editor now always add a command runner key and sanity checks confirms this
- Hashes are built during installer upload, rather than as a separate step, limiting the chance they are out of sync
- Corrected commands there were missing runners
- Fixed one collector lint warning
-
We’ve begun work on an “advanced collector” which will be more intelligent about which benchmarks to run, how they get executed, how errors get handled, and have other capabilities.
- This collector is packaged as a binary executable, rather than the existing human-readable scripts we use
- We’re interested in learning what you would need to get approval for the use of this new tool on your network, please let us know what you would need!
- Currently, it works with the Cisco FMC API, but the goal is to allow it to run all of our existing benchmarks. If you’re interested in looking at it, the initial documentation is at https://app.xylok.io/docs/detailed/build/docs/data-collection/advanced-collector
-
Changed to having interview answers be blank by default, rather than ‘Not yet answered’
- Added Cisco FMC as an OS options
- Added SBOM and static analysis reports to Xylok. Currently, this only covers the new collector but we’ll likely expand this for other parts of Xylok.
- Inherited count in CRA says ‘CCIs’ now instead of ‘controls,’ which was a little inaccurate
- RHEL 7, 8, and 9 updates
- RHEL 8 v1r13 marked as customer ready
- Added winserver-powershell OS tag, and applied to AD Domain and Forest STIGs
- Corrected very old, bad Firewall SRG version (v1r01) with an incorrect date to make it not appear as “newest”
- Readied latest Firewall SRG to allow it to work with new collector
- Updated Google Chrome Current Windows STIG v2r9 and marked ready.
- Updated VMware vSphere 7.0 vCenter STIG v1r3 and marked ready.
- Updated VMware vSphere 7.0 Virtual Machine STIG v1r3 and marked ready.
- Updated ESS Trellix Agent STIG v5r10 and marked ready.
- Updated ESS Policy Auditor STIG v5r1 and marked ready.
- Updated ESS Staging Server STIG v5r1 and marked ready.
- Updated ESS Agent Handler STIG v2r3 and marked ready.
- Updated ESS ePO 5.x STIG v2r13 and marked ready.
- Updated ESS Policy Auditor STIG v5r1.
- Updated ESS Staging Server STIG v5r1.
- Updated ESS Agent Handler STIG v2r3.
- Updated ESS ePO 5.x STIG v2r13.
- Updated Trellix ENS 10.x STIG v2r13 and marked ready.
- Updated Trellix Application Control 8.x STIG v2r2 and marked ready.
- Updated ESS Trellix Agent STIG v5r10.
- Removed typesense completely and started integration of new graphql server
- Updated OSes to include RHEL 9
- Added a lock around rebuilding most control rating sets to prevent issues with two rebuilds running simultaneously
- Removed PP chunk size to avoid lambda request size limits
- Added some more debugging/exception handling to the PP testing endpoint
- Allow PP formatting requests to be downloaded successfully
- Fixed CRA total numbers not adding up correctly
- Lots of work on RHEL 9 to bring out in this release. v1r1 is customer ready, v1r2 will be shortly as well.
- Added PP to VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v1r1. Updated audit_helper utility.
- Marked v1r1 of RHEL 9 customer ready
- Updated Cisco IOS Router NDM STIG v2r8.
- Updated Cisco IOS Switch NDM STIG v2r8.
- Updated Cisco IOS-XR Router NDM STIG v2r5.
- Updated Cisco IOS-XE Switch NDM STIG v2r8.
- Updated Cisco ISE NAC STIG v1r5.
- Updated Cisco ISE NDM STIG v1r6.
- Updated Cisco IOS-XE Router NDM STIG v2r9.
- Updated Cisco NX-OS Switch NDM STIG v2r7.
- Updated Cisco NX-OS Switch L2S STIG v2r3.
- Updated MS SQL Server 2016 Database STIG v2r8.
- Updated MS SQL Server 2016 Instance STIG v2r11.
- Updated Microsoft Internet Explorer 11 STIG v2r5.
- Updated Microsoft DotNet Framework 4.0 STIG v2r3.
- Apache 2.4 Fix
- Added PP to VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v1r1.
- Added PP to VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v1r1.
- Added PP to VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v1r1.
- Added PP to VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v1r1.
- Added PP to VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v1r1.
- Added PP to VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v1r1.
- Added PP to VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v1r1.
- Added PP to VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v1r1.
- Added PP to VMware vSphere 8.0 vCenter Appliance User Interface (UI) STIG v1r1.
- Added PP to VMware vSphere 8.0 vCenter Appliance Secure Token Service (STS) STIG v1r1.
- Added PP to VMware vSphere 8.0 vCenter Appliance PostgreSQL STIG v1r1.
- Added PP to VMware vSphere 8.0 vCenter Appliance PostgreSQL STIG v1r1.
- Added PP to VMware vSphere 8.0 vCenter Appliance PostgreSQL STIG v1r1.
- Added PP to VMWare vSphere 8.0 vCenter Appliance PostgreSQL STIG v1r1.
- Scraped DISA STIGs as of 28 Jan 2024.
- Scraper: Updated benchmark trend_micro_deep_security_9-x_stig, added version v2r1
- Scraper: Updated benchmark toss_4_stig, added version v1r3
- Scraper: Updated benchmark hw_android_9-x_cobo_stig, added version v1r2
- Scraper: Updated benchmark hw_android_9-x_cope_stig, added version v1r2
- Scraper: Updated benchmark edb_postgres_advanced_server_stig, added version v2r3
- Scraper: Updated benchmark google_chrome_current_windows, added version v2r9
- Scraper: Updated benchmark solaris_11_sparc_stig, added version v2r9
- Scraper: Updated benchmark oracle_database_11-2g_stig, added version v2r4
- Scraper: Updated benchmark edb_postgres_advanced_server_v11_on_windows_stig, added version v2r3
- Scraper: Updated benchmark apple_ios-ipados_16_cobo-cope_stig, added version v1r3
- Scraper: Updated benchmark mcafee_application_control_8-x_stig, added version v2r2
- Scraper: Updated benchmark ess_epo_5-3_5-9_stig, added version v2r13
- Scraper: Updated benchmark hbss_-_remote_console, added version v5r2
- Scraper: Updated benchmark general_purpose_operating_system, added version v2r7
- Scraper: Updated benchmark f5_big-ip_access_policy_manager_11-x_stig, updated version v2r2
- Scraper: Updated benchmark f5_big-ip_device_management_11-x_stig, updated version v2r2
- Scraper: Updated benchmark f5_big-ip_local_traffic_manager_11-x_stig, updated version v2r2
- Scraper: Updated benchmark sles_15_stig, added version v1r12
- Scraper: Updated benchmark hbss_policyauditor, added version v5r1
- Scraper: Updated benchmark mongodb_3-x_stig, added version v2r2
- Scraper: Updated benchmark container_platform_srg, added version v1r5
- Scraper: Updated benchmark ms_windows_server_2022_dns_stig, added version v1r1
- Scraper: Added benchmark hpe_nimble_storage_array_ndm_stig, added version v1r2
- Scraper: Updated benchmark mcafee_ens_10-x_local_client_stig, added version v1r6
- Scraper: Updated benchmark ess_mcafee_agent_stig, added version v5r10
- Scraper: Updated benchmark can_ubuntu_18-04_stig, added version v2r13
- Scraper: Updated benchmark cisco_ios_router_ndm_stig, added version v2r8
- Scraper: Updated benchmark apple_macos_13_stig, updated version v1r1
- Scraper: Updated benchmark rhel_9_stig, added version v1r2
- Scraper: Updated benchmark cisco_ios_switch_ndm_stig, added version v2r8
- Scraper: Updated benchmark postgresql_9-x_stig, added version v2r4
- Scraper: Updated benchmark palo_alto_networks_alg_stig, added version v2r4
- Scraper: Added benchmark apple_macos_14_stig, added version v1r1
- Scraper: Updated benchmark oracle_database_12c_stig, added version v2r9
- Scraper: Updated benchmark mongodb_enterprise_advanced_4-x_stig, added version v1r3
- Scraper: Updated benchmark apple_macos_13_stig, updated version v1r3
- Scraper: Updated benchmark redis_enterprise_6-x_stig, added version v1r3
- Scraper: Updated benchmark mariadb_enterprise_10-x_stig, added version v1r3
- Scraper: Updated benchmark database_generic, added version v3r4
- Scraper: Updated benchmark apache_server_2-4_unix_server_stig, added version v2r6
- Scraper: Updated benchmark ms_sql_server_2016_database_stig, added version v2r8
- Scraper: Updated benchmark ms_sql_server_2016_instance_stig, added version v2r11
- Scraper: Added benchmark ms_exchange_2019_mailbox_server_stig, added version v1r1
- Scraper: Added benchmark ms_exchange_2019_edge_server_stig, added version v1r1
- Scraper: Updated benchmark ibm_zos_tss_stig, added version v8r12
- Scraper: Updated benchmark ibm_zos_racf_stig, added version v8r13
- Scraper: Updated benchmark ibm_zos_acf2_stig, added version v8r14
- Scraper: Updated benchmark traditional_security_checklist, added version v2r5
- Scraper: Updated benchmark hbss_rogue_sensor, added version v5r2
- Scraper: Updated benchmark mcafee_tie-dxl_stig, added version v2r3
- Scraper: Updated benchmark cisco_ios-xr_router_ndm_stig, added version v2r5
- Scraper: Added benchmark epas_stig, added version v1r1
- Scraper: Updated benchmark juniper_ex_ndm_stig, added version v1r5
- Scraper: Updated benchmark oracle_linux_8_stig, added version v1r9
- Scraper: Updated benchmark cisco_ios_xe_switch_ndm_stig, added version v2r8
- Scraper: Updated benchmark crunchy_data_postgresql_stig, added version v2r2
- Scraper: Updated benchmark oracle_mysql_8.0_stig, added version v1r5
- Scraper: Updated benchmark cisco_ise_nac_stig, added version v1r5
- Scraper: Updated benchmark cisco_ise_ndm_stig, added version v1r6
- Scraper: Updated benchmark rhel_7_stig, added version v3r14
- Scraper: Updated benchmark vmw_vsphere_7-0_vcenter_stig, added version v1r3
- Scraper: Updated benchmark vmw_vsphere_7-0_vca_photon_os_stig, added version v1r3
- Scraper: Updated benchmark vmw_vsphere_7-0_virtual_machine_stig, added version v1r3
- Scraper: Updated benchmark rgs_rke2_stig, added version v1r4
- Scraper: Updated benchmark hbss_staging_server, added version v5r1
- Scraper: Updated benchmark cisco_ios-xe_router_ndm_stig, added version v2r9
- Scraper: Updated benchmark mcafee_ens_10-x_stig, added version v2r13
- Scraper: Updated benchmark tomcat_application_server_9_stig, added version v2r7
- Scraper: Updated benchmark hbss_agent_handler, added version v2r3
- Scraper: Updated benchmark bb_cylanceprotect_mobile_for_uem_stig, added version v1r2
- Scraper: Updated benchmark hpe_3par_storeserv_3.3.x_stig, added version v1r2
- Scraper: Updated benchmark rhel_8_stig, added version v1r13
- Scraper: Updated benchmark solaris_11_x86_stig, added version v2r9
- Scraper: Updated benchmark cisco_nx-os_switch_ndm_stig, added version v2r7
- Scraper: Updated benchmark cisco_nx-os_switch_l2s_stig, added version v2r3
- Scraper: Updated benchmark ie_11_stig, added version v2r5
- Scraper: Updated benchmark ms_dot_net_framework, added version v2r3
- Scraper: Updated benchmark oracle_linux_7_stig, added version v2r14
- Scraper: Updated benchmark sles_12_stig, added version v2r13
- Scraper: Updated benchmark ms_exchange_2016_mailbox_server_stig, added version v2r6
- Scraper: Updated benchmark ms_exchange_2016_edge_transport_server_stig, added version v2r5
- Scraper: Updated benchmark marklogic_server_v9_stig, added version v2r2
- Scraper: Updated benchmark canonical_ubuntu_20-04_lts_stig, added version v1r11
- Fix CSRF/CORS error when using tRPC calls from the browser
- N/As at the CCI level no longer override an inherited control’s status
- CCI Ratings builds now use MAD risk as a starting point for raw technical risk. There’s also a limit to prevent you from raising the mitigated risk over the raw
- If the MAD doesn’t contain a raw risk (but the row does exist), assign it a default risk of Low
- CCI rater displays related control/AP number at top of page
- CCI rater mitigations are smarter about showing valid likelihood choices
- Disable copying of technical liklihood when using ‘copy’ button on CCI rater
-
CCI rater (and other forms) with non-searchable selections now works correctly
-
Updated PowerCLI
-
Added timestamp to mx logs
-
Numerous CRA fixes/improvements:
- More CRA fixes, including correctly showing CIA level
- Moved document listing to CRA report manager, rather than pulling from DB document listing
- Small boilerplate grammar fixes
- No longer say there were no high/mod findings if notable controls aren’t manually set for a report
- Report editor now sends targeted updates to server, rather than entire report. This allows for multiple users to edit the document at the same time.
- Initial commands/PP for VMWare 8 STIGs
- Added PP module docs we were missing
- Updated Splunk Enterprise 8 STIG v1r5.
- Updated McAfee and ENS STIGs with updates from October 2023.
- Updated Cisco STIGs with October 2023 updates.
- Updated Microsoft IIS 8.5 and 10.0 STIGs with Oct 2023 changes.
- Updated MS SQL Server 2016 Database STIG v2r7.
- Updated Microsoft Office 365 ProPlus STIG v2r11.
- Updated Windows PAW STIG v2r3.
- Updated Microsoft Windows Defender Firewall with Advanced Security STIG, v2r2.
- Updated Windows Server 2016, 2019, and 2022 STIGs with November changes.
- Updated Windows Server 2012 DC and MS STIGs, v3r7.
- Updated Windows 10 and Windows 11 STIGs.
- Updated IOS XE Switch L2S STIG to include show vtp password
- Scraped DISA STIGs 13 Dec 23.
- Scraper: Added benchmark ss_android_os_14_kpe_3-x_cope_stig, added version v1r1
- Scraper: Added benchmark ss_android_os_14_kpe_3-x_cobo_stig, added version v1r1
- Scraper: Updated benchmark network_infrastructure_policy_stig, updated version v10r6
- Scraper: Updated benchmark apple_macos_13_stig, updated version v1r1
- Scraper: Added benchmark vmw_vsphere_8-0_vcsa_lookup_svc_stig, added version v1r1
- Scraper: Added benchmark vmw_vsphere_8-0_vcsa_photon_os_4-0_stig, added version v1r1
- Scraper: Added benchmark vmw_vsphere_8-0_vcsa_vami_stig, added version v1r1
- Scraper: Added benchmark vmw_vsphere_8.0_virtual_machine_stig, added version v1r1
- Scraper: Added benchmark vmw_vsphere_8-0_vcsa_envoy_stig, added version v1r1
- Scraper: Added benchmark vmw_vsphere_8-0_esxi_stig, added version v1r1
- Scraper: Added benchmark vmw_vsphere_8-0_vcsa_sts_stig, added version v1r1
- Scraper: Added benchmark vmw_vsphere_8-0_vcsa_perfcharts_stig, added version v1r1
- Scraper: Added benchmark vmw_vsphere_8-0_vcsa_ui_stig, added version v1r1
- Scraper: Added benchmark vmw_vsphere_8-0_vcsa_postgresql_stig, added version v1r1
- Scraper: Added benchmark vmw_vsphere_8-0_vcenter_stig, added version v1r1
- Scraper: Added benchmark vmw_vsphere_8-0_vcsa_eam_stig, added version v1r1
- Scraper: Updated benchmark f5_big-ip_local_traffic_manager_11-x_stig, updated version v2r1
- Scraper: Updated benchmark f5_big-ip_device_management_11-x_stig, updated version v2r1
- Scraper: Updated benchmark f5_big-ip_access_policy_manager_11-x_stig, updated version v2r1
- Scraper: Added benchmark ivanti_connect_secure_vpn_stig, added version v1r1
- Scraper: Added benchmark ivanti_connect_secure_ndm_stig, added version v1r1
- Scraper: Updated benchmark f5_big-ip_access_policy_manager_11-x_stig, added version v2r2
- Scraper: Updated benchmark f5_big-ip_device_management_11-x_stig, added version v2r2
- Scraper: Updated benchmark f5_big-ip_local_traffic_manager_11-x_stig, added version v2r2
- Added API endpoint for creating manual scans
- Updated ‘all’ tag for OSes
- Oracle MySQL 8.0 - Initial Release
- Added interview questions for Nutanix AOS App STIG
- Scraped DISA STIGs 1 NOV 2023.
- Scraper: Updated benchmark mcafee_ens_10-x_stig, added version v2r12
- Scraper: Updated benchmark ess_mcafee_agent_stig, added version v5r9
- Scraper: Updated benchmark ess_epo_5-3_5-9_stig, added version v2r12
- Scraper: Updated benchmark zebra_android_11_cobo_stig, added version v1r3
- Scraper: Updated benchmark web_server_srg, added version v3r2
- Scraper: Added benchmark vmw_vrealize_ops_mgr_cassandra_stig, added version v1r2
- Scraper: Updated benchmark vmw_vrealize_operations_manager_6-x_postgresql_stig, added version v1r2
- Scraper: Updated benchmark vmw_vrealize_operations_manager_6-x_sles_stig, added version v2r2
- Scraper: Updated benchmark vmw_vrealize_operations_manager_6-x_tcserver_stig, added version v1r2
- Scraper: Updated benchmark vmw_vrealize_operations_manager_6-x_application_stig, added version v1r2
- Scraper: Updated benchmark vmw_vrealize_automation_7-x_postgresql_stig, added version v1r2
- Scraper: Updated benchmark vmw_vrealize_automation_7-x_vidm_stig, added version v1r2
- Scraper: Updated benchmark vmw_vrealize_automation_7-x_ha_proxy_stig, added version v1r2
- Scraper: Updated benchmark vmw_vrealize_automation_7-x_tcserver_stig, added version v2r3
- Scraper: Updated benchmark vmw_vrealize_automation_7-x_lighttpd_stig, added version v1r2
- Scraper: Updated benchmark vmw_vrealize_automation_7-x_vami_stig, added version v1r2
- Scraper: Updated benchmark vmw_vrealize_automation_7-x_sles_stig, added version v2r2
- Scraper: Updated benchmark vmw_vrealize_automation_7-x_application_stig, added version v1r2
- Scraper: Added benchmark vmm, added version v1r3
- Scraper: Added benchmark uc_endpoint_srg, added version v1r0.1
- Scraper: Added benchmark uc_session_management_srg, added version v1r0.1
- Scraper: Updated benchmark splunk_enterprise_8-x_for_linux_stig, added version v1r5
- Scraper: Updated benchmark sles_15_stig, added version v1r11
- Scraper: Updated benchmark sles_12_stig, added version v2r12
- Scraper: Updated benchmark rhel_8_stig, added version v1r12
- Scraper: Updated benchmark rhel_7_stig, added version v3r13
- Scraper: Added benchmark rh_openshift_container_platform_4-12_stig, added version v1r1
- Scraper: Updated benchmark rh_ansible_automation_controller_app_server_stig, added version v1r2
- Scraper: Updated benchmark oracle_linux_8_stig, added version v1r8
- Scraper: Updated benchmark oracle_linux_7_stig, added version v2r13
- Scraper: Updated benchmark network_wlan_ap-ig_mgmt_stig, added version v7r2
- Scraper: Updated benchmark network_wlan_ap-nipr_mgmt_stig, added version v7r2
- Scraper: Updated benchmark network_wlan_bridge_mgmt_stig, added version v7r2
- Scraper: Updated benchmark network_wlan_controller_mgmt_stig, added version v7r2
- Scraper: Updated benchmark ms_windows_server_2022_stig, added version v1r4
- Scraper: Updated benchmark windows_server_2019_stig, added version v2r8
- Scraper: Updated benchmark windows_server_2016_stig, added version v2r7
- Scraper: Updated benchmark windows_paw_stig, added version v2r3
- Scraper: Updated benchmark windows_firewall_with_advanced_security, added version v2r2
- Scraper: Updated benchmark windows_2012_ms_stig, added version v3r7
- Scraper: Updated benchmark windows_2012_dc_stig, added version v3r7
- Scraper: Updated benchmark microsoft_windows_11_stig, added version v1r5
- Scraper: Updated benchmark ms_windows_10_stig, added version v2r8
- Scraper: Updated benchmark ms_sql_server_2016_database_stig, added version v2r7
- Scraper: Updated benchmark ms_office_365_proplus_stig, added version v2r11
- Scraper: Updated benchmark iis_8-5_site_stig, added version v2r9
- Scraper: Updated benchmark iis_8-5_server_stig, added version v2r7
- Scraper: Updated benchmark iis_10-0_site_stig, added version v2r9
- Scraper: Updated benchmark iis_10-0_server_stig, added version v2r10
- Scraper: Updated benchmark ms_exchange_2016_mailbox_server_stig, added version v2r5
- Scraper: Updated benchmark kubernetes_stig, added version v1r11
- Scraper: Updated benchmark ibm_zos_tss_stig, added version v8r11
- Scraper: Updated benchmark ibm_zos_acf2_stig, added version v8r13
- Scraper: Updated benchmark ibm_aix_7-x_stig, added version v2r9
- Scraper: Added benchmark google_android_14_cope_stig, added version v1r1
- Scraper: Added benchmark google_android_14_cobo_stig, added version v1r1
- Scraper: Added benchmark google_android_13_mdf_pp_3-3_byoad_stig, added version v1r1
- Scraper: Added benchmark google_android_13_byoad_stig, added version v1r1
- Scraper: Updated benchmark cisco_nx-os_switch_ndm_stig, added version v2r6
- Scraper: Updated benchmark cisco_ios-xr_router_ndm_stig, added version v2r4
- Scraper: Updated benchmark cisco_ios-xr_router_rtr_stig, added version v2r4
- Scraper: Updated benchmark cisco_ios_xe_switch_rtr_stig, added version v2r5
- Scraper: Updated benchmark cisco_ios_xe_switch_ndm_stig, added version v2r7
- Scraper: Updated benchmark cisco_ios_xe_switch_l2s_stig, added version v2r5
- Scraper: Updated benchmark cisco_ios-xe_router_rtr_stig, added version v2r9
- Scraper: Updated benchmark cisco_ios-xe_router_ndm_stig, added version v2r8
- Scraper: Updated benchmark cisco_ios_switch_ndm_stig, added version v2r7
- Scraper: Updated benchmark cisco_ios_switch_l2s_stig, added version v2r4
- Scraper: Updated benchmark cisco_ios_switch_rtr_stig, added version v2r5
- Scraper: Updated benchmark cisco_ios_router_ndm_stig, added version v2r7
- Scraper: Updated benchmark cisco_ios_router_rtr_stig, added version v2r6
- Scraper: Updated benchmark cisco_asa_vpn_stig, added version v1r3
- Scraper: Updated benchmark cisco_asa_ndm_stig, added version v1r6
- Scraper: Updated benchmark canonical_ubuntu_20-04_lts_stig, added version v1r10
- Scraper: Updated benchmark can_ubuntu_18-04_stig, added version v2r12
- Scraper: Updated benchmark apple_macos_13_stig, added version v1r3
- Scraper: Updated benchmark apple_macos_12_stig, added version v1r8
- Scraper: Updated benchmark apple_macos_11_stig, added version v1r8
- Scraper: Added benchmark apple_ios-ipados_17_stig, added version v1r1
- Scraper: Added benchmark apple_ios-ipados_16_mdfpp_3-3_byoad_stig, added version v1r1
- Scraper: Added benchmark apple_ios-ipados_16_byoad_stig, added version v1r1
- Scraper: Updated benchmark tomcat_application_server_9_stig, added version v2r6
- Scraper: Added benchmark rhel_9_stig, added version v1r1
- Updated MAD for S6 March 2023 version
- Corrected privileged port permission check for Podman
- Removed Podman communicating via host. Regression appears to be fixed in whatever combination of kernel and Podman version is relatively current
- Increase delay during setup before declaring Xylok dead
- Control table in report now correctly allows moves and deletes
- Added Nutanix AOS option to operating systems
- Updated some deployment instructions
- Added commands for NUTANIX AOS 5.20.x OS STIG
- Fixed command error in VMware vSphere 7.0 vCenter Appliance STS STIG.
- Fixed several errors in Windows Server 2022 post-processing.
- Updated several DotNet 4.0 Framework commands with ‘powershell’ OS tag.
- Updated Windows Server data at rest checks to manual review for bitlocker alternatives.
- Added commands to JRE 6 for UNIX STIG, due to overwhelming demand.
- Updated MS SQL Server 2016 Instance check SQL6-D0-009900 command to resolve import/analysis/export issue.
- Updated several SRG changes from July 2023.
- Updated MS Office 365 ProPlus STIG v2r10.
- Fixed command in IIS 10 Server STIG to filter for local accounts.
- Fixed IE11 check.
- Updated Windows 11 STIG v1r4.
- CCI Rater now has a filter for ’technical’ ccis
- Added ability to use an older version of a CCI Rating for the compare view
- Added script to change machine IDs in the database
- Fixed a bug where deleting AA machine data was incorrectly deleting additional information
- Fixed ability to remove benchmarks from a Scan only, without removing the benchmark from the machine as well
- Prevent unauthenticated users from accessing generated files
- VMware:
- Updated several VMware STIGs with updates from Jul 2023.
- Added commands to VMWare vSphere 7.0 vCenter STIG.
- Completed VMWare vSphere 7.0 Virtual Machine STIG
- Completed VMWare ESXi 7.0 STIG, v1r1.
- VMware vSphere 7.0 vCenter Applicance UI STIG
- VMware vSphere 7.0 vCenter Appliance PostgreSQL STIG
- VMware vSphere 7.0 vCenter Appliance STS STIG
- VMware 7 RhttpProxy STIG commands
- VMware 7 VAMI STIG commands
- VMware 7 Perfcharts commands
- VMware 7 - Photon OS STIG commands
- VMware PP status fix.
- RHEL:
- RHEL 8 Updates Added: Command update Post Processing
- RHEL 8 Interactive users updated to include ‘/bin/false’, ‘/bin/true’, ‘/usr/sbin/nologin’
- RHEL 8 v1r11 Updated commands that were modified from v1r10 Added PP for new commands Added PP for old commands
- RHEL 7 Interactive User Checks update Added shells to exclude of ‘/bin/false’, ‘/bin/true’, ‘/usr/sbin/nologin’
- RHEL 7 v3r12 Updates New commands and PP
- Apache Command Bug: Replaced https -V with correct httpd -V in multiple cmd.sh files
- Updated IE 11 STIG v2r4.
- Updated Splunk 7 and 8 STIGs, v2r4 and v1r4, respectively.
- Updated Mozilla Firefox STIG v6r5.
- Updated several Cisco STIGs with Jul 2023 updates.
- Updated MS SQL Server 2016 Instance STIG v2r10.
- Scraped DISA STIG site on 20230728 and added CUI STIGs.
- Scraped DISA for out of cycle updates since July.
- Scraper: Updated benchmark network_infrastructure_policy_stig, updated version v10r5
- Scraper: Updated benchmark windows_2012_ms_stig, updated version v3r6
- Scraper: Updated benchmark windows_server_2016_stig, updated version v2r6
- Scraper: Updated benchmark windows_2012_dc_stig, updated version v3r6
- Scraper: Added benchmark ms_windows_server_2022_dns_stig, added version v1r0.1
- Scraper: Updated benchmark ms_office_365_proplus_stig, added version v2r10
- Scraper: Updated benchmark mcafee_ens_10-x_local_client_stig, added version v1r5
- Scraper: Updated benchmark joint_regional_security_stack_stig, added version v2r3
- Scraper: Updated benchmark vmw_vsphere_7-0_vca_lookup_svc_stig, added version v1r2
- Scraper: Updated benchmark vmw_vsphere_7-0_esxi_stig, added version v1r2
- Scraper: Updated benchmark vmw_vsphere_7-0_vca_photon_os_stig, added version v1r2
- Scraper: Updated benchmark vmw_vsphere_7-0_vca_eam_stig, added version v1r2
- Scraper: Updated benchmark vmw_vsphere_7-0_vca_postgresql_stig, added version v1r2
- Scraper: Updated benchmark vmw_vsphere_7-0_vca_sts_stig, added version v1r2
- Scraper: Updated benchmark vmw_vsphere_7-0_vami_stig, added version v1r2
- Scraper: Updated benchmark vmw_vsphere_7-0_virtual_machine_stig, added version v1r2
- Scraper: Updated benchmark vmw_vsphere_7-0_vcenter_stig, added version v1r2
- Scraper: Updated benchmark vmw_vsphere_7-0_vca_ui_stig, added version v1r2
- Scraper: Updated benchmark vmw_vsphere_6-7_postgresql_stig, added version v1r2
- Scraper: Updated benchmark vmw_vsphere_6-7_ui_tomcat_stig, added version v1r3
- Scraper: Updated benchmark vmw_vsphere_6-7_eam_tomcat_stig, added version v1r4
- Scraper: Updated benchmark vmw_vsphere_6-7_vcenter_stig, added version v1r4
- Scraper: Updated benchmark vmw_vsphere_6-7_vami-lighttpd_stig, added version v1r3
- Scraper: Updated benchmark vmw_vsphere_6-7_esxi_stig, added version v1r3
- Scraper: Updated benchmark vmw_vsphere_6-7_photon_os_stig, added version v1r6
- Scraper: Updated benchmark vmw_vsphere_6-7_rhttpproxy_stig, added version v1r3
- Scraper: Updated benchmark vmw_vsphere_6-7_sts_tomcat_stig, added version v1r3
- Scraper: Updated benchmark vmw_vsphere_6-7_virtual_machine_stig, added version v1r3
- Scraper: Updated benchmark vmw_vsphere_6-7_perfcharts_tomcat_stig, added version v1r3
- Scraper: Updated benchmark vmw_vsphere_6-7_virgo-client_stig, added version v1r2
- Scraper: Updated benchmark vmware_vsphere_6-5_vcenter_server_for_windows_stig, added version v2r3
- Scraper: Updated benchmark vmware_vsphere_6-5_esxi_stig, added version v2r4
- Scraper: Updated benchmark vmware_vsphere_6-5_virtual_machine_stig, added version v2r2
- Scraper: Updated benchmark vmware_nsx-t_distributed_fw_stig, added version v1r3
- Scraper: Updated benchmark vmw_nsx-t_manager_ndm_stig, added version v1r3
- Scraper: Updated benchmark vmw_nsx-t_t-0_gateway_fw_stig, added version v1r3
- Scraper: Updated benchmark vmw_nsx-t_t1_gateway_fw_stig, added version v1r3
- Scraper: Updated benchmark traditional_security_checklist, added version v2r4
- Scraper: Updated benchmark samsung_android_10_knox_3-x_stig, added version v2r1
- Scraper: Updated benchmark splunk_enterprise_8-x_for_linux_stig, added version v1r4
- Scraper: Updated benchmark splunk_enterprise_7-x_for_windows_stig, added version v2r4
- Scraper: Updated benchmark solaris_11_x86_stig, added version v2r8
- Scraper: Updated benchmark solaris_11_sparc_stig, added version v2r8
- Scraper: Updated benchmark sles_12_stig, added version v2r11
- Scraper: Updated benchmark rhel_8_stig, added version v1r11
- Scraper: Updated benchmark rhel_7_stig, added version v3r12
- Scraper: Updated benchmark rgs_rke2_stig, added version v1r3
- Scraper: Updated benchmark rancher_mcm_stig, added version v1r3
- Scraper: Updated benchmark pan_prisma_cloud_compute_stig, added version v1r3
- Scraper: Updated benchmark oracle_mysql_8.0_stig, added version v1r4
- Scraper: Updated benchmark oracle_linux_8_stig, added version v1r7
- Scraper: Updated benchmark oracle_linux_7_stig, added version v2r12
- Scraper: Updated benchmark oracle_database_12c_stig, added version v2r8
- Scraper: Updated benchmark ms_sql_server_2016_instance_stig, added version v2r10
- Scraper: Updated benchmark microsoft_onedrive, added version v2r3
- Scraper: Updated benchmark ms_edge_stig, added version v1r7
- Scraper: Updated benchmark ms_azure_sql_db_stig, added version v1r2
- Scraper: Updated benchmark moz_firefox_stig, added version v6r5
- Scraper: Updated benchmark kubernetes_stig, added version v1r10
- Scraper: Updated benchmark juniper_ex_ndm_stig, added version v1r4
- Scraper: Updated benchmark jamf_pro_v10-x_emm_stig, added version v2r1
- Scraper: Updated benchmark ibm_zos_acf2_stig, added version v8r12
- Scraper: Updated benchmark ibm_zos_racf_stig, added version v8r12
- Scraper: Updated benchmark ibm_db2_v10-5_luw_stig, added version v2r1
- Scraper: Updated benchmark ibm_aix_7-x_stig, added version v2r8
- Scraper: Updated benchmark hpe_3par_ssmc_ws_stig, added version v1r2
- Scraper: Updated benchmark general_purpose_operating_system, added version v2r6
- Scraper: Updated benchmark fs_nac_stig, added version v1r4
- Scraper: Updated benchmark fn_fortigate_firewall_ndm_stig, added version v1r4
- Scraper: Updated benchmark dns_srg, added version v3r1
- Scraper: Updated benchmark container_platform_srg, added version v1r4
- Scraper: Updated benchmark cisco_nx-os_switch_l2s_stig, added version v2r2
- Scraper: Updated benchmark cisco_nx-os_switch_rtr_stig, added version v2r3
- Scraper: Updated benchmark cisco_ios-xr_router_rtr_stig, added version v2r3
- Scraper: Updated benchmark cisco_ios_xe_switch_l2s_stig, added version v2r4
- Scraper: Updated benchmark cisco_ios_xe_switch_rtr_stig, added version v2r4
- Scraper: Updated benchmark cisco_ios-xe_router_rtr_stig, added version v2r8
- Scraper: Updated benchmark cisco_ios_switch_rtr_stig, added version v2r4
- Scraper: Updated benchmark cisco_ios_router_rtr_stig, added version v2r5
- Scraper: Updated benchmark canonical_ubuntu_20-04_lts_stig, added version v1r9
- Scraper: Updated benchmark bems_3-x_stig, added version v1r2
- Scraper: Added benchmark bb_cylanceprotect_mobile_for_uem_stig, added version v1r1
- Scraper: Updated benchmark application_security_development_stig, added version v5r3
- Scraper: Added benchmark arcgis_server_10-3_stig, added version v2r1
- Scraper: Updated benchmark application_server_srg, added version v3r4
- Scraper: Updated benchmark apple_macos_13_stig, added version v1r2
- Scraper: Updated benchmark apple_macos_12_stig, added version v1r7
- Scraper: Updated benchmark tomcat_application_server_9_stig, added version v2r5
- Scraper: Updated benchmark apache_server_2-4_unix_server_stig, added version v2r5
- Scraper: Updated benchmark apache_server_2-4_unix_site_stig, added version v2r4
- Improved Nessus scan importing. Status, when available, will be pulled in, along with matching up to STIGs if applicable.
- Auto-fixing of CCI rating duplicates doesn’t accidentally overwrite the requested client
- More small CRA fixes. You can read the yellow-on-white text now.
- RHEL7 Bug Fix Command: Updated RHEL-07-010063 changed from CKL runner to direct CLI
- RHEL7 PP bug fixes
- Fixed some commands in Windows Server 2016, 2019, and 2022.
-
Moved full-text search to Postgres from Typesense. This should result in more reliable timings for searches, far less memory usage, and smaller installer sizes.
- Automatic CCI searching has also been tuned as a part of this, searching for phrases within the CCI rather than permutations of words
-
Added CLI management command to import eMASS TRs as Xylok CCI ratings
-
Added a tool for more easily tracking CCI “completion” status, based on your personal workflow. See the little gear icon on the side table of the CCI rater.
- CCI Rater will clean itself of duplicates.
- CCI Rater compare view correctly fetches clients to compare.
- CRA Reports now hide sections with no data (typically) and the yellow moderate text always uses a background instead of being unreadable
- CRA dates are processed correctly in templates
- Increase CRA report generation timeout to 5 minutes
- Document references in reports now use a numbered list, in case you have more than 26.
- Updated db deletion script to include latest tables
- Editing an answer on a scan now updates the PP and raw values at the same time
- Numerous fixes or additions to RHEL 7 and 8 PP. Still not 100%, but it should be better!
- Updated IIS 10.0 Site STIG, v2r8.
- Updated IIS 10.0 Server STIG, v2r9.
- Updated IIS 8.5 Server and Site STIGs, v2r6 and v2r8, respectively.
- Updated MS SQL Server 2016 Instance STIG, v2r9.
- Updated MS SQL Server 2016 Database STIG, v2r6.
- Updated MS Office 365 ProPlus STIG, v2r9. (Covers Office 365, Office 2019, Office 2021 and Microsoft 365)
- Added paged task API to tRPC and v2 REST API
- Removed error boundary which caused errors in JS pages to take over the whole page and put in a temporary work around to allow slow Typesense CCIs to still be editable
- Reduced memory usage of post-processing by eliminating parallel processing
- Upgraded to Node 20
- Upgraded other dependencies
- Updated Active Directory Domain STIG, v3r3.
- Updated ESS ePO 5.x STIG, v2r11 Updated ESS McAfee Agent STIG, v5r8 Updated McAfee ENS 10.x STIG, v2r11
- Corrected two FreeBSD commands
- Updated Windows Server 2012 DC STIG v3r6.
- Updated Windows Server 2012 MS STIG v3r6.
- Updated Windows Server 2016 STIG v2r6.
- Updated Windows Server 2019 STIG v2r6 and v2r7.
- Updated Windows Server 2022 STIG v1r2 and v1r3.
- Switch to redis appendonly file for more robustness
- Users can flag Documents to be included in CCI Rater auto-search or not
- Clean typesense search periodically to ensure consistency with disk data
- Added ability to copy reports between Clients
- Added ability to get enabled features from API
- Report Manager reports are now included in Client Export/Import
- Added the ability to retag existing Xylok install with the latest Xylok image, allowing for easy recovery if an installation is failing to start
- Handle when no license is present correctly (ie, no installs)
- Corrected systemctl unit file Alias, fixing error discussed in https://bugzilla.redhat.com/show_bug.cgi?id=2123927
- Archive formats without document include_in_search info will import correctly
- Removed deprecated typing.io import
- allow machines to be nullable for trpc
- Xylok images have benchmarks embeded inside again
- CCI ratings with no review date no longer crash search
- CCI rating and scan item bulk editing should correctly handle filters when selecting ‘Select All’ option
- No longer error out on license display page if the license is not valid
- Report writer row movement works again
- No longer display CRA spreadsheet button on CCI rater
- CRA no longer needs mitigating factors table to succeed
- CRA spreadsheet view no longer overrides PDF
- CKL and ACAS import fix, avoid returning duplicate checkCommands from simultaneous imports
- Do not fail if using license with issued_to_poc present
- RHEL 8 v1r10 updates
- Addeded new PP
- Added -mount to finds that started at ‘/’
- Modified ’ls’ commands to use stat to minimize changes from scan to scan
- Updated several Cisco STIGs:
- Cisco ASA FW v1r4
- Cisco ASA NDM v1r4, v1r5
- Cisco IOS XE Router NDM v2r7
- Cisco IOS XE Router RTR v2r7
- Cisco IOS XR Router NDM v2r3
- Cisco IOS XR Router RTR v2r2
- Cisco IOS Router NDM v2r5, v2r6
- Cisco IOS Router RTR v2r4
- Cisco IOS Switch NDM v2r5, v2r6
- Cisco IOS Switch RTR v2r3
- Cisco IOS XE Switch NDM v2r5, v2r6
- Cisco IOS XE Switch RTR v2r3
- Cisco ISE NAC v1r4
- Cisco ISE NDM v1r5
- Cisco NX OS Switch L2S v2r1
- Cisco NX OS Switch NDM v2r5
- Cisco NX OS Switch RTR v2r2
- Updated Microsoft Windows 10 STIG v2r6 and v2r7, and marked ready.
- RHEL 7: PP updates -mount added to all find commands that started at the top level
- Added cmds to Solaris 10 SPARC and x86 STIGs, both v2r4.
- Updated cmds for Solaris 11 SPARC and x86 STIGs, both v2r7.
- Added questions to network infrastructure policy STIG
- Added cmds and PP to Windows Server 2022 STIG v1r1 and marked ready.
- RHEL 7 v3r10 updates to commands: RHEL 7 added -mount to all / finds
- Updated JRE 8 Windows STIG v2r1 to account for 32-bit JRE installations.
- Updated cmds and PP for MS SQL Server 2016 Instance and Database STIGs, v2r8 and v2r5.
- Scraped out-of-cycle STIG updates on 18 May 23.
- Scraper: Updated benchmark vpn, added version v2r5
- Scraper: Updated benchmark network_infrastructure_policy_stig, added version v10r6
- Scraper: Updated benchmark network_device_management_srg, added version v4r3
- Scraper: Updated benchmark ms_windows_server_2022_stig, added version v1r3
- Scraper: Updated benchmark windows_server_2019_stig, added version v2r7
- Scraper: Updated benchmark microsoft_windows_11_stig, added version v1r4
- Scraper: Updated benchmark ms_windows_10_stig, added version v2r7
- Scraper: Updated benchmark juniper_router_ndm_stig, added version v2r3
- Scraper: Updated benchmark cisco_nx-os_switch_ndm_stig, added version v2r5
- Scraper: Updated benchmark cisco_ise_ndm_stig, added version v1r5
- Scraper: Updated benchmark cisco_ios-xr_router_ndm_stig, added version v2r3
- Scraper: Updated benchmark cisco_ios_xe_switch_ndm_stig, added version v2r6
- Scraper: Updated benchmark cisco_ios-xe_router_ndm_stig, added version v2r7
- Scraper: Updated benchmark cisco_ios_switch_ndm_stig, added version v2r6
- Scraper: Updated benchmark cisco_ios_router_ndm_stig, added version v2r6
- Scraper: Updated benchmark cisco_asa_ndm_stig, added version v1r5
- Scraper: Updated benchmark cisco_asa_vpn_stig, added version v1r2
- Scraped DISA and added CUI benchmark updates from Apr 2023.
- Scraper: Updated benchmark toss_4_stig, added version v1r2
- Scraper: Updated benchmark mcafee_ens_10-x_local_client_stig, added version v1r4
- Scraper: Updated benchmark ess_epo_5-3_5-9_stig, added version v2r11
- Scraper: Updated benchmark mcafee_ens_10-x_stig, added version v2r11
- Scraper: Updated benchmark joint_regional_security_stack_stig, added version v2r2
- Scraper: Updated benchmark ess_mcafee_agent_stig, added version v5r8
- Scraper: Updated benchmark ms_windows_server_2022_stig, updated version v1r1
- Scraper: Updated benchmark zos_ibm_cics_transaction_server_for_acf2, added version v6r8
- Scraper: Updated benchmark microsoft_windows_11_stig, updated version v1r2
- Scraper: Updated benchmark windows_server_2016_stig, updated version v2r5
- Scraper: Updated benchmark windows_2012_dc_stig, updated version v3r5
- Scraper: Updated benchmark zos_ibm_cics_transaction_server_for_racf, added version v6r9
- Scraper: Updated benchmark ms_windows_10_stig, updated version v2r5
- Scraper: Updated benchmark windows_2012_ms_stig, updated version v3r5
- Scraper: Updated benchmark uem_server_srg, added version v1r2
- Scraper: Updated benchmark zos_ibm_cics_transaction_server_for_tss, added version v6r9
- Scraper: Updated benchmark windows_server_2019_stig, updated version v2r5
- Scraper: Updated benchmark sles_15_stig, added version v1r10
- Scraper: Updated benchmark sles_12_stig, added version v2r10
- Scraper: Updated benchmark rhel_8_stig, added version v1r10
- Scraper: Updated benchmark rhel_7_stig, added version v3r11
- Scraper: Added benchmark rh_ansible_automation_controller_app_server_stig, added version v1r1
- Scraper: Added benchmark rh_ansible_automation_controller_web_server_stig, added version v1r1
- Scraper: Updated benchmark rgs_rke2_stig, added version v1r2
- Scraper: Updated benchmark oracle_linux_8_stig, added version v1r6
- Scraper: Updated benchmark oracle_linux_7_stig, added version v2r11
- Scraper: Updated benchmark oracle_database_12c_stig, added version v2r7
- Scraper: Updated benchmark network_wlan_ap-ig_platform_stig, added version v7r3
- Scraper: Updated benchmark network_wlan_ap-nipr_platform_stig, added version v7r3
- Scraper: Updated benchmark network_wlan_bridge_platform_stig, added version v7r2
- Scraper: Updated benchmark network_wlan_controller_platform_stig, added version v7r3
- Scraper: Updated benchmark network_infrastructure_policy_stig, added version v10r5
- Scraper: Updated benchmark network_device_management_srg, added version v4r2
- Scraper: Updated benchmark ms_windows_server_2022_stig, added version v1r2
- Scraper: Updated benchmark windows_server_2019_stig, added version v2r6
- Scraper: Updated benchmark windows_server_2016_stig, added version v2r6
- Scraper: Updated benchmark windows_2012_ms_stig, added version v3r6
- Scraper: Updated benchmark windows_2012_dc_stig, added version v3r6
- Scraper: Updated benchmark microsoft_windows_11_stig, added version v1r3
- Scraper: Updated benchmark ms_windows_10_stig, added version v2r6
- Scraper: Updated benchmark ms_sql_server_2016_instance_stig, added version v2r9
- Scraper: Updated benchmark ms_sql_server_2016_database_stig, added version v2r6
- Scraper: Updated benchmark ms_office_365_proplus_stig, added version v2r9
- Scraper: Updated benchmark iis_8-5_site_stig, added version v2r8
- Scraper: Updated benchmark iis_8-5_server_stig, added version v2r6
- Scraper: Updated benchmark iis_10-0_server_stig, added version v2r9
- Scraper: Updated benchmark iis_10-0_site_stig, added version v2r8
- Scraper: Updated benchmark ie_11_stig, added version v2r4
- Scraper: Updated benchmark kubernetes_stig, added version v1r9
- Scraper: Updated benchmark juniper_ex_ndm_stig, added version v1r3
- Scraper: Updated benchmark juniper_ex_rtr_stig, added version v1r3
- Scraper: Updated benchmark ibm_zos_racf_stig, added version v8r11
- Scraper: Updated benchmark ibm_zos_tss_stig, added version v8r10
- Scraper: Updated benchmark ibm_zos_acf2_stig, added version v8r11
- Scraper: Updated benchmark ibm_hardware_management_console_policies, added version v2r1
- Scraper: Updated benchmark ibm_aix_7-x_stig, added version v2r7
- Scraper: Updated benchmark cisco_nx-os_switch_rtr_stig, added version v2r2
- Scraper: Updated benchmark cisco_nx-os_switch_l2s_stig, added version v2r1
- Scraper: Updated benchmark cisco_nx-os_switch_ndm_stig, added version v2r4
- Scraper: Updated benchmark cisco_ios-xr_router_rtr_stig, added version v2r2
- Scraper: Updated benchmark cisco_ios_xe_switch_rtr_stig, added version v2r3
- Scraper: Updated benchmark cisco_ios_xe_switch_ndm_stig, added version v2r5
- Scraper: Updated benchmark cisco_ios-xe_router_rtr_stig, added version v2r7
- Scraper: Updated benchmark cisco_ios-xe_router_ndm_stig, added version v2r6
- Scraper: Updated benchmark cisco_ios_switch_rtr_stig, added version v2r3
- Scraper: Updated benchmark cisco_ios_switch_ndm_stig, added version v2r5
- Scraper: Updated benchmark cisco_ios_router_rtr_stig, added version v2r4
- Scraper: Updated benchmark cisco_ios_router_ndm_stig, added version v2r5
- Scraper: Updated benchmark cisco_asa_fw_stig, added version v1r4
- Scraper: Updated benchmark cisco_asa_ndm_stig, added version v1r4
- Scraper: Updated benchmark canonical_ubuntu_20-04_lts_stig, added version v1r8
- Scraper: Updated benchmark can_ubuntu_18-04_stig, added version v2r11
- Scraper: Added benchmark apple_macos_13_stig, added version v1r1
- Scraper: Updated benchmark apple_macos_12_stig, added version v1r6
- Scraper: Added benchmark apple_ios-ipados_16_cobo-cope_stig, added version v1r2
- Scraper: Updated benchmark active_directory_domain, added version v3r3
- Viewing a scan item that does not match the current scan item filter no longer causes the display to crash
- Corrected links to some xylok-ca.crt and other items from docs
Emergency release because we broke scan filtering. Sorry.
- Scan item filtering working again
- CCI Rater has full integration with Document search utility
- Document search algorithm improvements, copy text/download buttons added to document search results
- Added an option to restrict Client access based on User Groups. See docs for more details.
- CCI rater now lets a control be marked as “inherited”, which impacts the eMASS TR export and CRA export
- If all CCIs for a control are inherited, the control is also considered inherited
- Inherited CCIs will not appear in eMASS TR export
- CCI rater now has a Compare View, which allows CCI ratings to be copied from other clients.
- Xylok version number now appears at the top of stack traces
- QoL changes in the CCI rater.
- Added license-based feature control, allowing us to block off experimental or dangerous features more easily
- On license page, include details about enabled features
- Started introducing a new version of the API, available in both REST style with new OpenAPI documentation and via tRPC
- This is currently experimental: we are expanding and changing options, migrating is not recommended yet
- If you’d be interested in using tRPC, we could explore exposing the underlying Typescript definitions. Contact us for more information.
- tRPC/v2 API now returns numerical offset info for next/previous/current limit/current offset, rather than links.
- Added S6-based CRA report generator (their new ATO report template).
- This is still experimental–we’ll start doing assessments with it in the next month or two and refine from there.
- Currently hidden behind a license lock currently, contact us if you’re interested in this functionality.
- Added document paragraphs API. Refined document search for auto-search based on CCI definition.
- Client filtering by name__icontains and any tombstone value in API calls.
- Allow specifying client ID during uploads, for items which require it (ie, CKLs). This was actually in the last release, but we forgot the note.
- Prevented machine scripts API downloads from being displayed for all users. Sorry API users! If there are other API calls still doing this, let us know.
- Clearing a set answer for a question now works properly
- Updated underlying libraries
- Fixed some links and formatting within documentation
- eMASS TR includes extra columns that appear in a real TR export. It still imported fine, but this fix makes it visually match.
- Docker health checks include API server now
- In the CCI rater, disabled technical rating when Non-technical rating is Inherited or NA
- Small cleanups on CLK import
- Updated Windows 11 STIG and marked ready. Added tags to allow Win11 (and Win Server 2022) collection with Xylok OS Baseline. Added Win Server 2022 OS to permit future work.
- Removed RHEL5 SCAP-only version that was showing as newer than the actual manual STIG
- Added interview questions to all HPE Nimble Storage Array checks
- Updated PP and some commands for Adobe Acrobat Pro/Reader DC Classic/Continuous (4 STIGs), all v2r1.
- Updated cmds and PP for MS .NET Framework 4 STIG, primarily to improve PP for older Windows OS versions.
- Updated cmds and PP for Windows DNS STIG v2r5.
- Scraped benchmark updates from DISA on 20 Mar 23.
- Scraper: Added benchmark vmw_vsphere_7-0_virtual_machine_stig, added version v1r1
- Scraper: Added benchmark vmw_vsphere_7-0_vca_photon_os_stig, added version v1r1
- Scraper: Added benchmark vmw_vsphere_7-0_esxi_stig, added version v1r1
- Scraper: Added benchmark vmw_vsphere_7-0_vca_postgresql_stig, added version v1r1
- Scraper: Added benchmark vmw_vsphere_7-0_vca_ui_stig, added version v1r1
- Scraper: Added benchmark vmw_vsphere_7-0_vca_rhttpproxy_stig, added version v1r1
- Scraper: Added benchmark vmw_vsphere_7-0_vca_perfcharts_stig, added version v1r1
- Scraper: Added benchmark vmw_vsphere_7-0_vami_stig, added version v1r1
- Scraper: Added benchmark vmw_vsphere_7-0_vcenter_stig, added version v1r1
- Scraper: Added benchmark vmw_vsphere_7-0_vca_lookup_svc_stig, added version v1r1
- Scraper: Added benchmark vmw_vsphere_7-0_vca_sts_stig, added version v1r1
- Scraper: Added benchmark vmw_vsphere_7-0_vca_eam_stig, added version v1r1
- Scraper: Added benchmark rb_netprofiler_stig, added version v1r1
- Scraper: Added benchmark nutanix_aos_5-20-x_application_stig, added version v1r1
- Scraper: Added benchmark nutanix_aos_5-20-x_os_stig, added version v1r1
- Scraper: Added benchmark arista_mls_eos_4-2x_l2s_stig, added version v1r1
- Scraper: Added benchmark arista_mls_eos_4-2x_ndm_stig, added version v1r1
- Scraper: Added benchmark arista_mls_eos_4-2x_router_stig, added version v1r1
- Scraper: Updated benchmark microsoft_windows_11_stig, updated version v1r2
- Scraper: Updated benchmark windows_server_2016_stig, updated version v2r5
- Scraper: Updated benchmark windows_2012_dc_stig, updated version v3r5
- Scraper: Updated benchmark windows_2012_ms_stig, updated version v3r5
- Scraper: Updated benchmark active_directory_domain, updated version v3r2
- Scraper: Updated benchmark windows_server_2019_stig, updated version v2r5
-
New CCI rater is in place!
- Should be much faster and smoother
- Given the amount of information displayed, the design works best for 1080p+ screens
- New features are planned for it, including integration with the document search and comparison across clients
-
CCIs can now be marked as inherited
- Currently this has minimal impact on Xylok–inherited will be treated the same as Compliant
- If all CCIs under a control are inherited, that control will also appear as inherited
- Inheritance overriddes technical non-compliance
- The next step will be to have inheritance impact exports–not having those CCIs appear on TRs, in particular
- Inherited CCIs can be set using the Settings link from the CCI rater
-
Added API for Controls list
-
Allow user to change how group claims are mapped to Django
- Machine, Location, and Client APIs show tombstoned items now
- Allow updating machine info without specifying benchmark IDs
- Updated Active Directory documentation
- Added logging for AD sign in debugging, fixed Azure group claims default argument
- Fixed multiple errors in McAfee VirusScan Enterprise 8.8 STIGs related to 32-bit OS’s.
- Updated ESS ePO 5.x STIG v2r10, ESS McAfee Agent STIG v5r7, and McAfee ENS 10.x STIG v2r10, and marked all ready.
- Updated MS Office 365 ProPlus STIG v2r8, and marked ready.
- Updated IIS 10.0 Server STIG v2r8, IIS 8.5 Site STIG v2r7, IIS 8.5 Server STIG v2r5, and marked ready.
- Updated Google Chrome STIG v2r8, and marked ready.
- Updated Cisco ASA NDM STIG v1r3, Cisco IOS Router RTR STIG v2r3, and Cisco IOS-XE Router RTR STIG v2r6, and marked all ready.
- Updated VMWare vSphere 6.7 vCenter STIG v1r3 and marked ready.
- Updated Windows 10 STIG v2r5 and marked ready.
- Updated IE 11 v2r3, again.
- Updated Windows Server 2012 MS and DC STIGs, both v3r5, and marked ready.
- Scraped STIG updates and added 3 CUI updates from Jan 2023.
- Scraper: Updated benchmark mcafee_ens_10-x_stig, added version v2r10
- Scraper: Updated benchmark ess_mcafee_agent_stig, added version v5r7
- Scraper: Updated benchmark ess_epo_5-3_5-9_stig, added version v2r10
- Scraper: Updated benchmark ss_android_os_13_kpe_3-x_cope_stig, added version v1r2
- Scraper: Updated benchmark ss_android_os_13_kpe_3-x_cobo_stig, added version v1r2
- Scraper: Updated benchmark solaris_11_x86_stig, added version v2r7
- Scraper: Updated benchmark solaris_11_sparc_stig, added version v2r7
- Scraper: Updated benchmark solaris_10_x86, added version v2r4
- Scraper: Updated benchmark solaris_10_sparc_stig, added version v2r4
- Scraper: Updated benchmark sles_15_stig, added version v1r9
- Scraper: Updated benchmark sles_12_stig, added version v2r9
- Scraper: Updated benchmark rhel_8_stig, added version v1r9
- Scraper: Updated benchmark rhel_7_stig, added version v3r10
- Scraper: Updated benchmark oracle_linux_8_stig, added version v1r5
- Scraper: Updated benchmark oracle_linux_7_stig, added version v2r10
- Scraper: Updated benchmark oracle_linux_6_stig, added version v2r7
- Scraper: Updated benchmark oracle_http_server_12-1-3_stig, added version v2r2
- Scraper: Updated benchmark oracle_database_12c_stig, added version v2r6
- Scraper: Updated benchmark network_infrastructure_policy_stig, added version v10r4
- Scraper: Updated benchmark netapp_ontap_dsc_9-x_stig, added version v1r3
- Scraper: Updated benchmark ms_office_365_proplus_stig, added version v2r8
- Scraper: Updated benchmark iis_8-5_server_stig, added version v2r5
- Scraper: Updated benchmark iis_8-5_site_stig, added version v2r7
- Scraper: Updated benchmark iis_10-0_server_stig, added version v2r8
- Scraper: Updated benchmark kubernetes_stig, added version v1r8
- Scraper: Updated benchmark ibm_zos_racf_stig, added version v8r10
- Scraper: Updated benchmark ibm_zos_tss_stig, added version v8r9
- Scraper: Updated benchmark ibm_zos_acf2_stig, added version v8r10
- Scraper: Updated benchmark general_purpose_operating_system, added version v2r5
- Scraper: Updated benchmark google_chrome_current_windows, added version v2r8
- Scraper: Updated benchmark google_android_11_cope_stig, added version v2r1
- Scraper: Updated benchmark google_android_11_cobo_stig, added version v2r1
- Scraper: Updated benchmark google_android_10-x_stig, added version v2r1
- Scraper: Updated benchmark cisco_ios-xe_router_rtr_stig, added version v2r6
- Scraper: Updated benchmark cisco_ios_router_rtr_stig, added version v2r3
- Scraper: Updated benchmark cisco_asa_ndm_stig, added version v1r3
- Scraper: Updated benchmark canonical_ubuntu_20-04_lts_stig, added version v1r7
- Scraper: Updated benchmark can_ubuntu_18-04_stig, added version v2r10
- Scraper: Updated benchmark apple_os_x_10-15_stig, added version v1r10
- Scraper: Updated benchmark apple_macos_12_stig, added version v1r5
- Scraper: Updated benchmark apple_macos_11_stig, added version v1r7
- Scraper: Updated benchmark apache_server_2-4_windows_server_stig, added version v2r3
- Scraper: Updated benchmark apache_server_2-4_unix_server_stig, updated version v2r4
- Scraper: Updated benchmark apache_server_2-4_unix_site_stig, added version v2r3
- Added ability to defined staff and superusers when using AD authentication. See the Xylok Active Directory documentation for more information
- Hardware spreadsheet production no longer throws an exception
- API for adding/removing/updating machines now available
- All commands are now given default PP that marks the command as needing manual review (if there isn’t other PP)
- Health check for docker now checks the proxy status as well
- Handle ACAS scans missing some data
- ‘Previous item’ link in scans actually does something
- Show loading indicator while scan item values are loading
- Small documentation fixes
- Fixed a redirect issue in docs. Existing doc links may be broken as a result, so try going to /docs/ and searching from there if needed.
- Fixed API yaml tags to be a bit more consistent
- During server install, we wait for the background tasks to finish if it’s a clean install (ie, benchmarks are installing)
- Excel documents with date cells can be imported correctly into document storage
- Fixed issue with downloads not working in all circumstances by fully confirming job metadata by asking redis again
- Handle if the benchmark archive in the cache was the empty file
- Allow PP tests using client to still work, even if client isn’t available
- Added tool to fix deprecated badly escaped strings -> Fixed all badly escaped strings in PP
- Updated OS-BL-000007 Powershell command to reduce errors.
- Fixed typo in MS Edge STIG, EDGE-00-000001. Thanks, Thomas!
- Merged HBSS-titled McAfee Agent and ePO STIGs into ESS-titled STIGs, and marked the ESS versions ‘protected’.
- Updated RHEL 8 STIG
- Updated Windows Server 2019 STIG v2r5 and marked ready.
- Updated Windows Server 2016 STIG v2r5 and marked ready.
- Updated Active Directory Domain STIG v3r2 and marked ready.
- Updated some cmds and PP for Active Directory Forest STIG.
- Updated some cmds and PP for Windows 10 STIG.
- Updated some cmds and PP for Windows Server 2016 & 2019 STIGs.
- Updated some cmds and PP for Windows 7 STIG.
- Updated Splunk Enterprise 8.x for Linux STIG v1r3 and marked ready.
- Updated Cisco ASA STIGs and marked ready.
- Updated Palo Alto Network STIGs.
- Updated Cisco IOS Switch and Router STIGs.
- Updated Cisco IOS XE Router and Switch STIGs.
- Updated Cisco ISE NDM STIG v1r4 and marked ready.
- Updated Mozilla Firefox STIG v6r4 and marked ready.
- Updated Microsoft DotNet Framework 4.0 STIG v2r2 and marked ready.
- Updated Microsoft Edge STIG v1r6 and marked ready.
- Updated Internet Explorer 11 STIG v2r3 and marked ready.
- Updated IIS 10.0 Site and Server STIGs, both v2r7, and marked ready.
- Updated MS Office 365 ProPlus STIG v2r7 and marked ready.
- Updated MS SQL Server 2016 Database (v2r5) and Instance (v2r8) and marked ready.
- Updated ESS ePO 5.x STIG v2r9 and marked ready.
- Updated ESS McAfee Agent STIG v5r6 and marked ready.
- Updated McAfee ENS 10.x v2r9 and marked ready.
- Scraper: Updated benchmark zos_ca_1_tape_management_for_tss_stig, added version v6r10
- Scraper: Updated benchmark zos_clsupersession_for_tss_stig, added version v6r12
- Scraper: Updated benchmark zos_ibm_system_display_and_search_facility_for_tss_stig, added version v6r10
- Scraper: Updated benchmark zos_cssmtp_for_tss_stig, added version v6r6
- Scraper: Updated benchmark zos_netview_for_tss_stig, added version v6r9
- Scraper: Updated benchmark zos_roscoe_for_tss_stig, added version v6r8
- Scraper: Updated benchmark zos_hcd_for_tss_stig, added version v6r4
- Scraper: Updated benchmark zos_bmc_ioa_for_tss_stig, added version v6r8
- Scraper: Updated benchmark zos_bmc_control-m_restart_for_tss_stig, added version v6r6
- Scraper: Updated benchmark zos_compuware_abend-aid_for_tss, added version v6r7
- Scraper: Updated benchmark zos_bmc_mainview_for_zos_for_tss_stig, added version v6r8
- Scraper: Updated benchmark zos_ca_mim_for_tss_stig, added version v6r4
- Scraper: Updated benchmark zos_ca_vtape_for_tss_stig, added version v6r5
- Scraper: Updated benchmark zos_bmc_control-d_for_tss_stig, added version v6r8
- Scraper: Updated benchmark zos_srraudit_for_tss_stig, added version v6r5
- Scraper: Updated benchmark zos_bmc_control-o_for_tss_stig, added version v6r8
- Scraper: Updated benchmark zos_webspheremq_for_tss_stig, added version v6r4
- Scraper: Updated benchmark zos_ca_auditor_for_tss_stig, added version v6r4
- Scraper: Updated benchmark zos_tadz_for_tss_stig, added version v6r7
- Scraper: Updated benchmark zos_ibm_cics_transaction_server_for_tss, added version v6r8
- Scraper: Updated benchmark zos_catalog_solutions_for_tss_stig, added version v6r5
- Scraper: Updated benchmark zos_bmc_control-m_for_tss_stig, added version v6r10
- Scraper: Updated benchmark zos_quest_nc-pass_for_tss_stig, added version v6r3
- Scraper: Updated benchmark zos_ca_mics_for_tss_stig, added version v6r5
- Scraper: Updated benchmark zos_ibm_health_checker_for_tss, added version v6r3
- Scraper: Updated benchmark zos_ca_common_services_for_racf_stig, added version v6r3
- Scraper: Updated benchmark zos_ca_mics_for_racf_stig, added version v6r5
- Scraper: Updated benchmark zos_quest_nc-pass_for_racf_stig, added version v6r3
- Scraper: Updated benchmark zos_vss_for_racf_stig, added version v6r8
- Scraper: Updated benchmark zos_bmc_control-m_restart_for_racf_stig, added version v6r6
- Scraper: Updated benchmark zos_ca_vtape_for_racf_stig, added version v6r5
- Scraper: Updated benchmark zos_ca_1_tape_management_for_racf_stig, added version v6r10
- Scraper: Updated benchmark zos_compuware_abend-aid_for_racf, added version v6r7
- Scraper: Updated benchmark zos_ibm_system_display_and_search_facility_for_racf_stig, added version v6r10
- Scraper: Updated benchmark zos_webspheremq_for_racf_stig, added version v6r4
- Scraper: Updated benchmark zos_tadz_for_racf_stig, added version v6r7
- Scraper: Updated benchmark zos_hcd_for_racf_stig, added version v6r4
- Scraper: Updated benchmark zos_catalog_solutions_for_racf_stig, added version v6r5
- Scraper: Updated benchmark zos_ibm_health_checker_for_racf, added version v6r3
- Scraper: Updated benchmark zos_cssmtp_for_racf_stig, added version v6r6
- Scraper: Updated benchmark zos_bmc_control-m_for_racf_stig, added version v6r10
- Scraper: Updated benchmark zos_clsupersession_for_racf_stig, added version v6r12
- Scraper: Updated benchmark zos_bmc_mainview_for_zos_for_racf_stig, added version v6r8
- Scraper: Updated benchmark zos_ca_mim_for_racf_stig, added version v6r4
- Scraper: Updated benchmark zos_netview_for_racf_stig, added version v6r9
- Scraper: Updated benchmark zos_ca_auditor_for_racf_stig, added version v6r4
- Scraper: Updated benchmark zos_roscoe_for_racf_stig, added version v6r8
- Scraper: Updated benchmark zos_srraudit_for_racf_stig, added version v6r5
- Scraper: Updated benchmark zos_ibm_cics_transaction_server_for_racf, added version v6r8
- Scraper: Updated benchmark zos_bmc_control-o_for_racf_stig, added version v6r8
- Scraper: Updated benchmark zos_bmc_ioa_for_racf_stig, added version v6r8
- Scraper: Updated benchmark zos_bmc_control-d_for_racf_stig, added version v6r8
- Scraper: Updated benchmark zos_bmc_control-m_for_acf2_stig, added version v6r10
- Scraper: Updated benchmark zos_ca_mim_for_acf2_stig, added version v6r4
- Scraper: Updated benchmark zos_ibm_health_checker_for_acf2, added version v6r3
- Scraper: Updated benchmark zos_cssmtp_for_acf2_stig, added version v6r6
- Scraper: Updated benchmark zos_netview_for_acf2_stig, added version v6r9
- Scraper: Updated benchmark zos_bmc_mainview_for_zos_for_acf2_stig, added version v6r10
- Scraper: Updated benchmark zos_tadz_for_acf2_stig, added version v6r7
- Scraper: Updated benchmark zos_webspheremq_for_acf2_stig, added version v6r4
- Scraper: Updated benchmark zos_roscoe_for_acf2_stig, added version v6r9
- Scraper: Updated benchmark zos_ca_1_tape_management_for_acf2_stig, added version v6r10
- Scraper: Updated benchmark zos_clsupersession_for_acf2_stig, added version v6r12
- Scraper: Updated benchmark zos_catalog_solutions_for_acf2_stig, updated version v6r4
- Scraper: Updated benchmark zos_ca_auditor_for_acf2_stig, added version v6r4
- Scraper: Updated benchmark zos_srraudit_for_acf2_stig, added version v6r5
- Scraper: Updated benchmark zos_ca_vtape_for_acf2_stig, added version v6r5
- Scraper: Updated benchmark zos_bmc_control-d_for_acf2_stig, added version v6r8
- Scraper: Updated benchmark zos_quest_nc-pass_for_acf2_stig, added version v6r3
- Scraper: Updated benchmark zos_ibm_system_display_and_search_facility_for_acf2_stig, added version v6r11
- Scraper: Updated benchmark zos_ca_mics_for_acf2_stig, added version v6r5
- Scraper: Updated benchmark zos_compuware_abend-aid_for_acf2, added version v6r7
- Scraper: Updated benchmark zos_bmc_control-m_restart_for_acf2_stig, added version v6r6
- Scraper: Updated benchmark zos_ibm_cics_transaction_server_for_acf2, added version v6r7
- Scraper: Updated benchmark zos_bmc_control-o_for_acf2_stig, added version v6r8
- Scraper: Updated benchmark zos_hcd_for_acf2_stig, added version v6r4
- Scraper: Updated benchmark zos_bmc_ioa_for_acf2_stig, added version v6r8
- Scraper: Added benchmark tanium_7-x_os_tanos_stig, added version v1r1
- Scraper: Added benchmark tanium_7-x_application_tanos_stig, added version v1r1
- Scraper: Added benchmark ss_android_os_13_kpe_3-x_cope_stig, added version v1r1
- Scraper: Added benchmark ss_android_os_13_kpe_3-x_cobo_stig, added version v1r1
- Scraper: Updated benchmark marklogic_server_v9_stig, updated version v2r1
- Scraper: Updated benchmark mot_solutions_android_11_cobo_stig, updated version v1r2
- Scraper: Updated benchmark cisco_ise_ndm_stig, updated version v1r4
- Scraper: Updated benchmark cisco_ise_nac_stig, updated version v1r4
- Scraper: Updated benchmark oracle_linux_8_stig, updated version v1r4
- Scraper: Updated benchmark ms_office_365_proplus_stig, updated version v2r7
- Scraper: Updated benchmark cisco_ios-xe_router_rtr_stig, updated version v2r5
- Scraper: Updated benchmark cisco_ios-xe_router_ndm_stig, updated version v2r5
- Scraper: Updated benchmark apple_macos_12_stig, updated version v1r4
- Scraper: Updated benchmark moz_firefox_stig, updated version v6r4
- Scraper: Updated benchmark juniper_srx_sg_vpn_stig, updated version v2r2
- Scraper: Updated benchmark oracle_linux_7_stig, updated version v2r9
- Scraper: Updated benchmark cisco_ios_xe_switch_l2s_stig, updated version v2r3
- Scraper: Updated benchmark cisco_ios_xe_switch_rtr_stig, updated version v2r2
- Scraper: Updated benchmark cisco_ios_xe_switch_ndm_stig, updated version v2r4
- Scraper: Updated benchmark ie_11_stig, updated version v2r3
- Scraper: Updated benchmark solaris_10_x86, updated version v2r3
- Scraper: Updated benchmark sles_15_stig, updated version v1r8
- Scraper: Updated benchmark ms_dot_net_framework, updated version v2r2
- Scraper: Updated benchmark ms_edge_stig, updated version v1r6
- Scraper: Updated benchmark iis_10-0_server_stig, updated version v2r7
- Scraper: Updated benchmark iis_10-0_site_stig, updated version v2r7
- Scraper: Updated benchmark kubernetes_stig, updated version v1r7
- Scraper: Updated benchmark application_security_development_stig, updated version v5r2
- Scraper: Updated benchmark network_infrastructure_policy_stig, updated version v10r3
- Scraper: Updated benchmark canonical_ubuntu_20-04_lts_stig, updated version v1r6
- Scraper: Updated benchmark juniper_router_ndm_stig, updated version v2r2
- Scraper: Updated benchmark active_directory_domain, updated version v3r1
- Scraper: Updated benchmark application_server_srg, updated version v3r3
- Scraper: Updated benchmark redis_enterprise_6-x_stig, updated version v1r2
- Scraper: Updated benchmark ca_idms_stig, updated version v1r2
- Scraper: Updated benchmark web_server_srg, added version v3r1
- Scraper: Updated benchmark ibm_zvm_ca_vmsecure_stig, updated version v2r2
- Scraper: Updated benchmark windows_2012_ms_stig, updated version v3r4
- Scraper: Updated benchmark network_wlan_ap-nipr_platform_stig, updated version v7r2
- Scraper: Updated benchmark ms_sql_server_2014_instance_stig, updated version v2r3
- Scraper: Updated benchmark ibm_zos_racf_stig, updated version v8r8
- Scraper: Updated benchmark ibm_zos_tss_stig, updated version v8r7
- Scraper: Updated benchmark ibm_zos_acf2_stig, updated version v8r8
- Scraper: Updated benchmark mainframe_product_srg, updated version v2r1
- Scraper: Updated benchmark sles_12_stig, updated version v2r8
- Scraper: Updated benchmark cisco_asa_ndm_stig, updated version v1r2
- Scraper: Updated benchmark cisco_asa_fw_stig, updated version v1r3
- Scraper: Updated benchmark firewall_srg, updated version v2r3
- Scraper: Updated benchmark ms_windows_10_stig, updated version v2r4
- Scraper: Updated benchmark windows_server_2016_stig, updated version v2r4
- Scraper: Updated benchmark windows_server_2019_stig, updated version v2r4
- Scraper: Updated benchmark cisco_ios_router_rtr_stig, updated version v2r2
- Scraper: Updated benchmark solaris_10_sparc_stig, updated version v2r3
- Scraper: Updated benchmark rhel_7_stig, updated version v3r9
- Scraper: Updated benchmark ms_sql_server_2016_instance_stig, updated version v2r8
- Scraper: Updated benchmark ms_sql_server_2016_database_stig, updated version v2r5
- Scraper: Updated benchmark ibm_aspera_platform_4-2_stig, updated version v1r2
- Scraper: Updated benchmark palo_alto_networks_idps_stig, updated version v2r3
- Scraper: Updated benchmark palo_alto_networks_ndm_stig, updated version v2r2
- Scraper: Updated benchmark palo_alto_networks_alg_stig, updated version v2r3
- Scraper: Updated benchmark central_log_server_srg, updated version v2r2
- Scraper: Updated benchmark cisco_ios_switch_l2s_stig, updated version v2r3
- Scraper: Updated benchmark cisco_ios_switch_rtr_stig, updated version v2r2
- Scraper: Updated benchmark windows_2012_dc_stig, updated version v3r4
- Scraper: Updated benchmark oracle_mysql_8.0_stig, updated version v1r3
- Scraper: Updated benchmark ibm_websphere_liberty_server_stig, updated version v1r2
- Scraper: Updated benchmark google_chrome_current_windows, updated version v2r7
- Scraper: Updated benchmark rhel_8_stig, updated version v1r8
- Scraper: Updated benchmark mongodb_enterprise_advanced_4-x_stig, updated version v1r2
- Scraper: Updated benchmark microsoft_windows_11_stig, updated version v1r1
- Scraper: Updated benchmark fn_fortigate_firewall_ndm_stig, updated version v1r3
- Scraper: Updated benchmark fn_fortigate_firewall_stig, updated version v1r3
- Scraper: Added benchmark rgs_rke2_stig, added version v1r1
- Scraper: Updated benchmark windows_server_2019_stig, added version v2r5
- Scraper: Updated benchmark windows_server_2016_stig, added version v2r5
- Scraper: Updated benchmark windows_2012_ms_stig, added version v3r5
- Scraper: Updated benchmark windows_2012_dc_stig, added version v3r5
- Scraper: Updated benchmark microsoft_windows_11_stig, added version v1r2
- Scraper: Updated benchmark ms_windows_10_stig, added version v2r5
- Scraper: Added benchmark ms_azure_sql_db_stig, added version v1r1
- Scraper: Added benchmark ms_android_11_cobo_stig, added version v1r1
- Scraper: Added benchmark ms_android_11_cope_stig, added version v1r1
- Scraper: Updated benchmark ibm_zos_tss_stig, added version v8r8
- Scraper: Updated benchmark ibm_zos_racf_stig, added version v8r9
- Scraper: Updated benchmark ibm_zos_acf2_stig, added version v8r9
- Scraper: Added benchmark hpe_3par_ssmc_ws_stig, added version v1r1
- Scraper: Added benchmark hpe_3par_storeserv_3.3.x_stig, added version v1r1
- Scraper: Added benchmark hpe_3par_ssmc_gpos_stig, added version v1r1
- Scraper: Added benchmark google_android_13_cobo_stig, added version v1r1
- Scraper: Added benchmark google_android_13_cope_stig, added version v1r1
- Scraper: Updated benchmark cloud_computing_mission_owner_srg, updated version v1r0.1
- Scraper: Added benchmark bems_3-x_stig, added version v1r1
- Scraper: Updated benchmark active_directory_domain, added version v3r2
- Scraper: Updated benchmark mcafee_ens_10-x_stig, added version v2r9
- Scraper: Updated benchmark mcafee_ens_10-x_local_client_stig, added version v1r3
- Scraper: Added benchmark ess_mcafee_agent_stig, added version v5r6
- Scraper: Added benchmark ess_epo_5-3_5-9_stig, added version v2r9
- Scraper: Updated benchmark zebra_android_11_cobo_stig, added version v1r2
- Scraper: Updated benchmark zebra_android_10_cobo_stig, added version v1r2
- Scraper: Updated benchmark zebra_android_10_cope_stig, added version v1r2
- Scraper: Updated benchmark web_server_srg, added version v2r4
- Scraper: Updated benchmark vmw_vsphere_6-7_vcenter_stig, added version v1r3
- Scraper: Updated benchmark vmw_vsphere_6-7_photon_os_stig, added version v1r5
- Scraper: Updated benchmark vmware_nsx-t_distributed_fw_stig, added version v1r2
- Scraper: Updated benchmark vmw_nsx-t_t-0_rtr_stig, added version v1r2
- Scraper: Updated benchmark vmw_nsx-t_t1_gateway_fw_stig, added version v1r2
- Scraper: Updated benchmark vmw_nsx-t_t-0_gateway_fw_stig, added version v1r2
- Scraper: Updated benchmark vmw_nsx-t_manager_ndm_stig, added version v1r2
- Scraper: Updated benchmark traditional_security_checklist, added version v2r3
- Scraper: Updated benchmark tanium_7-x_stig, added version v1r2
- Scraper: Updated benchmark cisco_ise_ndm_stig, updated version v1r3
- Scraper: Updated benchmark cisco_ise_nac_stig, updated version v1r3
- Scraper: Updated benchmark iis_10-0_site_stig, updated version v2r6
- Scraper: Updated benchmark iis_10-0_server_stig, updated version v2r6
- Scraper: Updated benchmark central_log_server_srg, updated version v2r1
- Scraper: Updated benchmark apple_ios_12_stig, updated version v1r2
- Scraper: Updated benchmark ibm_zvm_ca_vmsecure_stig, updated version v2r1
- Scraper: Updated benchmark ms_sql_server_2016_instance_stig, updated version v2r7
- Scraper: Updated benchmark ms_sql_server_2016_database_stig, updated version v2r4
- Scraper: Updated benchmark cisco_ios-xe_router_ndm_stig, updated version v2r4
- Scraper: Updated benchmark cisco_ios-xe_router_rtr_stig, updated version v2r4
- Scraper: Updated benchmark google_chrome_current_windows, updated version v2r6
- Scraper: Updated benchmark kubernetes_stig, updated version v1r6
- Scraper: Updated benchmark sles_15_stig, updated version v1r7
- Scraper: Updated benchmark solaris_10_sparc_stig, updated version v2r2
- Scraper: Updated benchmark marklogic_server_v9_stig, updated version v1r1
- Scraper: Updated benchmark mot_solutions_android_11_cobo_stig, updated version v1r1
- Scraper: Updated benchmark rhel_8_stig, updated version v1r7
- Scraper: Updated benchmark mainframe_product_srg, updated version v1r4
- Scraper: Updated benchmark ca_idms_stig, updated version v1r1
- Scraper: Updated benchmark cisco_ios_switch_l2s_stig, updated version v2r2
- Scraper: Updated benchmark cisco_ios_switch_rtr_stig, updated version v2r1
- Scraper: Updated benchmark sles_12_stig, updated version v2r7
- Scraper: Updated benchmark rhel_7_stig, updated version v3r8
- Scraper: Updated benchmark ms_sql_server_2014_instance_stig, updated version v2r2
- Scraper: Updated benchmark application_server_srg, updated version v3r2
- Scraper: Updated benchmark firewall_srg, updated version v2r2
- Scraper: Updated benchmark cisco_ios_router_rtr_stig, updated version v2r1
- Scraper: Updated benchmark juniper_srx_sg_vpn_stig, updated version v2r1
- Scraper: Updated benchmark application_security_development_stig, updated version v5r1
- Scraper: Updated benchmark mongodb_enterprise_advanced_4-x_stig, updated version v1r1
- Scraper: Updated benchmark google_android_9-x_stig, updated version v1r1
- Scraper: Updated benchmark ms_edge_stig, updated version v1r5
- Scraper: Updated benchmark oracle_linux_8_stig, updated version v1r3
- Scraper: Updated benchmark apple_macos_12_stig, updated version v1r3
- Scraper: Updated benchmark palo_alto_networks_alg_stig, updated version v2r2
- Scraper: Updated benchmark palo_alto_networks_ndm_stig, updated version v2r1
- Scraper: Updated benchmark palo_alto_networks_idps_stig, updated version v2r2
- Scraper: Updated benchmark oracle_mysql_8.0_stig, updated version v1r2
- Scraper: Updated benchmark ibm_zos_racf_stig, updated version v8r7
- Scraper: Updated benchmark ibm_zos_tss_stig, updated version v8r6
- Scraper: Updated benchmark ibm_zos_acf2_stig, updated version v8r7
- Scraper: Updated benchmark ms_dot_net_framework, updated version v2r1
- Scraper: Updated benchmark fn_fortigate_firewall_ndm_stig, updated version v1r2
- Scraper: Updated benchmark fn_fortigate_firewall_stig, updated version v1r2
- Scraper: Updated benchmark cisco_ios_xe_switch_l2s_stig, updated version v2r2
- Scraper: Updated benchmark cisco_ios_xe_switch_ndm_stig, updated version v2r3
- Scraper: Updated benchmark cisco_ios_xe_switch_rtr_stig, updated version v2r1
- Scraper: Updated benchmark ms_office_365_proplus_stig, updated version v2r6
- Scraper: Updated benchmark moz_firefox_stig, updated version v6r3
- Scraper: Updated benchmark canonical_ubuntu_20-04_lts_stig, updated version v1r5
- Scraper: Updated benchmark juniper_router_ndm_stig, updated version v2r1
- Scraper: Updated benchmark solaris_10_x86, updated version v2r2
- Scraper: Updated benchmark mot_android_9-x_cope_stig, updated version v1r1
- Scraper: Updated benchmark mot_android_9-x_cobo_stig, updated version v1r1
- Scraper: Updated benchmark redis_enterprise_6-x_stig, updated version v1r1
- Scraper: Updated benchmark apple_ios_ipados_14_stig, updated version v1r2
- Scraper: Updated benchmark oracle_linux_7_stig, updated version v2r8
- Scraper: Updated benchmark cisco_asa_fw_stig, updated version v1r2
- Scraper: Updated benchmark cisco_asa_ndm_stig, updated version v1r1
- Scraper: Updated benchmark ibm_websphere_liberty_server_stig, updated version v1r1
- Scraper: Added benchmark spec_innovations_innoslate_4.x_stig, added version v1r1
- Scraper: Updated benchmark solaris_10_x86, added version v2r3
- Scraper: Updated benchmark solaris_10_sparc_stig, added version v2r3
- Scraper: Updated benchmark sles_15_stig, added version v1r8
- Scraper: Updated benchmark sles_12_stig, added version v2r8
- Scraper: Updated benchmark rhel_8_stig, added version v1r8
- Scraper: Updated benchmark rhel_8_stig, updated version v1r7
- Scraper: Updated benchmark rhel_7_stig, added version v3r9
- Scraper: Updated benchmark rancher_mcm_stig, added version v1r2
- Scraper: Updated benchmark redis_enterprise_6-x_stig, added version v1r2
- Scraper: Updated benchmark palo_alto_networks_idps_stig, added version v2r3
- Scraper: Updated benchmark palo_alto_networks_ndm_stig, added version v2r2
- Scraper: Updated benchmark palo_alto_networks_alg_stig, added version v2r3
- Scraper: Updated benchmark pan_prisma_cloud_compute_stig, added version v1r2
- Scraper: Updated benchmark oracle_mysql_8.0_stig, added version v1r3
- Scraper: Updated benchmark oracle_linux_8_stig, added version v1r4
- Scraper: Updated benchmark oracle_linux_7_stig, added version v2r9
- Scraper: Added benchmark ms_windows_server_2022_stig, added version v1r1
- Scraper: Updated benchmark ms_sql_server_2016_instance_stig, added version v2r8
- Scraper: Updated benchmark ms_sql_server_2016_database_stig, added version v2r5
- Scraper: Updated benchmark ms_sql_server_2014_instance_stig, added version v2r3
- Scraper: Updated benchmark ms_office_365_proplus_stig, added version v2r7
- Scraper: Updated benchmark iis_10-0_server_stig, added version v2r7
- Scraper: Updated benchmark iis_10-0_site_stig, added version v2r7
- Scraper: Updated benchmark ie_11_stig, added version v2r3
- Scraper: Updated benchmark ms_edge_stig, added version v1r6
- Scraper: Updated benchmark ms_dot_net_framework, added version v2r2
- Scraper: Updated benchmark moz_firefox_stig, added version v6r4
- Scraper: Updated benchmark mot_solutions_android_11_cobo_stig, added version v1r2
- Scraper: Updated benchmark mot_android_9-x_cope_stig, added version v1r2
- Scraper: Updated benchmark mot_android_9-x_cobo_stig, added version v1r2
- Scraper: Updated benchmark mongodb_enterprise_advanced_4-x_stig, added version v1r2
- Scraper: Updated benchmark marklogic_server_v9_stig, added version v2r1
- Scraper: Updated benchmark mainframe_product_srg, added version v2r1
- Scraper: Updated benchmark kubernetes_stig, added version v1r7
- Scraper: Updated benchmark juniper_srx_sg_vpn_stig, added version v2r2
- Scraper: Updated benchmark juniper_router_ndm_stig, added version v2r2
- Scraper: Updated benchmark juniper_ex_ndm_stig, added version v1r2
- Scraper: Updated benchmark juniper_ex_rtr_stig, added version v1r2
- Scraper: Updated benchmark juniper_ex_l2s_stig, added version v1r2
- Scraper: Updated benchmark ibm_zvm_ca_vmsecure_stig, added version v2r2
- Scraper: Updated benchmark ibm_zos_racf_stig, added version v8r8
- Scraper: Updated benchmark ibm_zos_tss_stig, added version v8r7
- Scraper: Updated benchmark ibm_zos_acf2_stig, added version v8r8
- Scraper: Updated benchmark ibm_websphere_liberty_server_stig, added version v1r2
- Scraper: Updated benchmark google_chrome_current_windows, added version v2r7
- Scraper: Updated benchmark google_android_9-x_stig, added version v2r1
- Scraper: Updated benchmark fn_fortigate_firewall_ndm_stig, added version v1r3
- Scraper: Updated benchmark fn_fortigate_firewall_stig, added version v1r3
- Scraper: Updated benchmark firewall_srg, added version v2r3
- Scraper: Updated benchmark cisco_ise_ndm_stig, added version v1r4
- Scraper: Updated benchmark cisco_ise_nac_stig, added version v1r4
- Scraper: Updated benchmark cisco_ios-xe_router_rtr_stig, added version v2r5
- Scraper: Updated benchmark cisco_ios-xe_router_ndm_stig, added version v2r5
- Scraper: Updated benchmark cisco_ios_xe_switch_l2s_stig, added version v2r3
- Scraper: Updated benchmark cisco_ios_xe_switch_rtr_stig, added version v2r2
- Scraper: Updated benchmark cisco_ios_xe_switch_ndm_stig, added version v2r4
- Scraper: Updated benchmark cisco_ios_switch_l2s_stig, added version v2r3
- Scraper: Updated benchmark cisco_ios_switch_rtr_stig, added version v2r2
- Scraper: Updated benchmark cisco_ios_router_rtr_stig, added version v2r2
- Scraper: Updated benchmark cisco_asa_ndm_stig, added version v1r2
- Scraper: Updated benchmark cisco_asa_fw_stig, added version v1r3
- Scraper: Updated benchmark central_log_server_srg, added version v2r2
- Scraper: Updated benchmark canonical_ubuntu_20-04_lts_stig, added version v1r6
- Scraper: Added benchmark can_ubuntu_18-04_stig, added version v2r9
- Scraper: Updated benchmark ca_idms_stig, added version v1r2
- Scraper: Updated benchmark application_security_development_stig, added version v5r2
- Scraper: Updated benchmark application_server_srg, added version v3r3
- Scraper: Updated benchmark apple_macos_12_stig, added version v1r4
- Scraper: Added benchmark apple_ios-ipados_16_stig, added version v1r1
- Scraper: Updated benchmark apple_ios_ipados_14_stig, added version v1r3
- Scraper: Updated benchmark apple_ios_12_stig, added version v2r1
-
Xylok now offers documentation storage and searching for your RMF artifacts (SSPs, SAGs, diagrams, HW/SW lists, etc)
- Excel docs, Word docs, and PDFs can be directly uploaded within Xylok. They will be associated with the currently selected client
- Xylok then allows the user to search across all those documents
- On the backend, search is powered by Typesense, an open-source text search database. Unfortunately, the binary for that is currently huge, so Xylok’s installer size has greatly increased in this release. We’ll see if there’s a way to bring that size down to under CD-size again, but didn’t want to delay the release.
-
Xylok’s user documentation is now built directly into Xylok
- See user menu -> Documentation
- Not currently searchable, although we might be able to utilize Typesense to add that in the future.
- When producing CKLs for an entire client you can select how the host name will export. When exporting individual scan CKLs, the most recently used export setting will be used.
- eMASS TR exports now include a note about the last reviewed/updated date
- Added/changed SAR control review sheet to include more of the calculation details
- Display rule ID, vuln ID, and group title when viewing check details, plus allow searching by those items
- Upgraded to Django 4.1
- Upgraded to SolidJS 1.5
- Upgraded to Alpine 3.10
- Maximum characters per cell increased in output spreadsheets and applied correct line limits, per Microsoft’s documentation
- Benchmarks will be imported in the background, rather than during install
- Documented scan APIs
- Cleared up useless deprecation warning-causing import
- Moved entirely to PDM with the virtual env in the actual core project
- If a machine’s PPS data is corrupted, still allow PPSM generation for other devices
- Tomcat 9 commands and post processing
- Updated IIS 10.0 Server and Site STIGs with July 2022 updates.
- Updated IIS 8.5 Server and Site STIGs with Jul 22 updates.
- Updated MS Office 365 ProPlus STIG v2r6 and marked ready.
- Updated IE 11 STIG v2r2 and marked ready.
- Added commands for Mozilla Firefox STIG v6r3 and marked ready.
- Added XP support to McAfee 8.8 local client by allowing all Win 7 commands to run on XP
- Added XP support to JRE8 batch commands
- Added interviews to Windows XP checks.
- Added interview questions to McAfee Application Control 8.x STIG v2r1.
- Marked Cisco ISE NDM v1r3 ready.
- Cisco ISE NDM v1r3 pp work.
- Added command and interview cmds to Cisco ISE NAC STIG v1r3 and marked ready.
- Marked Cisco ASA IPS STIG v1r1 ready.
- Added interview cmds to Cisco ASA IPS STIG v1r1.
- Updated Cisco IOS XE Switch NDM STIG v2r3 and marked ready.
- Updated Cisco IOS XE Router NDM STIG v2r4 and marked ready.
- Updated Cisco IOS Switch NDM STIG v2r4 and marked ready.
- Updated MS Edge STIG v1r5 and marked ready.
- Added interview questions for application_security_development_stig
- Added interview questions for firewall_srg
- Added interview questions for dns_srg
- Added interview questions for idsp_srg
- Added interview questions for network_device_management_srg
- Added interview questions to router SRG
- Added ‘all’ oses tag
- Minor fixes in RHEL6 PP, added tests for uefi vs bios, better banner check
- Added another child regex to CiscoIOS networkparser (password-policy)
- Scan analysis is now fully JS-driven, which should make it faster and prevent losing search filters during navigation
- Added a Control Groups filter in the CCI Rater
- Added ability to copy comments from a CCI Rating to multiple CCI Ratings in the CCI Rater
- Groups of CCI Ratings can be updated at once using Group CCI Rater
- Xylok import selections allow for specific rating types to be selected
- Updated API Documentation to include new POST methods to edit multiple rater/scan items simultaneously
- Fixed a bug which was causing the SAR reports to not use the latest ratings
- Collection scripts no longer include (blank) sections for runners which don’t actually have any commands. This shouldn’t have any execution effect other than not confusingly saying the script is starting the network runner when you’re on an RHEL box
- RHEL-6 checks: copied 62-2 command and pp into 62-3. Fixed issue on 55
- Scraper: Updated benchmark vvoip_technical, added version v3r15
- Scraper: Updated benchmark voice_video_session_management, added version v2r2
- Scraper: Updated benchmark vvoip_stig_policy, added version v3r18
- Scraper: Updated benchmark voice_video_endpoint, added version v2r2
- Scraper: Updated benchmark vtc_policy, added version v1r12
- Scraper: Added benchmark tanium_7-x_stig, added version v1r1
- Scraper: Updated benchmark samsung_android_os_9_knox_3-x_cope_kpe_legacy_stig, added version v1r5
- Scraper: Updated benchmark samsung_os_9_knox_3-x_cobo_kpe_ae_stig, added version v1r4
- Scraper: Updated benchmark samsung_android_os_9_knox_3-x_cobo_kpe_legacy_stig, added version v1r5
- Scraper: Updated benchmark samsung_os_9_knox_3-x_cope_kpe_ae_stig, added version v1r4
- Scraper: Updated benchmark zos_ibm_system_display_and_search_facility_for_racf_stig, added version v6r9
- Scraper: Updated benchmark ss_android_12_kpe_3-x_cope_stig, added version v1r2
- Scraper: Updated benchmark ss_android_12_kpe_3-x_cobo_stig, added version v1r2
- Scraper: Updated benchmark vmw_vsphere_6-7_eam_tomcat_stig, added version v1r3
- Scraper: Updated benchmark vmw_vsphere_6-7_photon_os_stig, added version v1r4
- Scraper: Added benchmark toss_4_stig, added version v1r1
- Scraper: Updated benchmark ibm_aspera_platform_4-2_stig, updated version v1r1
- Scraper: Updated benchmark tm_tippingpoint_idps_stig, added version v1r2
- Scraper: Updated benchmark samsung_sds_emm_stig, added version v1r3
- Scraper: Updated benchmark zos_ibm_system_display_and_search_facility_for_acf2_stig, added version v6r10
- Scraper: Updated benchmark zos_ibm_system_display_and_search_facility_for_tss_stig, added version v6r9
- Scraper: Updated benchmark splunk_enterprise_8-x_for_linux_stig, added version v1r3
- Scraper: Updated benchmark sles_15_stig, added version v1r7
- Scraper: Updated benchmark sles_12_stig, added version v2r7
- Scraper: Updated benchmark rhel_8_stig, updated version v1r7
- Scraper: Updated benchmark rhel_8_stig, added version v1r7
- Scraper: Updated benchmark rhel_7_stig, added version v3r8
- Scraper: Updated benchmark postgresql_9-x_stig, added version v2r3
- Scraper: Added benchmark pan_prisma_cloud_compute_stig, added version v1r1
- Scraper: Updated benchmark oracle_linux_8_stig, added version v1r3
- Scraper: Updated benchmark oracle_linux_7_stig, added version v2r8
- Scraper: Updated benchmark oracle_database_12c_stig, added version v2r5
- Scraper: Updated benchmark network_infrastructure_policy_stig, added version v10r3
- Scraper: Updated benchmark netapp_ontap_dsc_9-x_stig, added version v1r2
- Scraper: Added benchmark microsoft_windows_11_stig, added version v1r1
- Scraper: Updated benchmark ms_office_365_proplus_stig, added version v2r6
- Scraper: Updated benchmark iis_8-5_server_stig, added version v2r4
- Scraper: Updated benchmark iis_8-5_site_stig, added version v2r6
- Scraper: Updated benchmark iis_10-0_site_stig, added version v2r6
- Scraper: Updated benchmark iis_10-0_server_stig, added version v2r6
- Scraper: Updated benchmark ie_11_stig, added version v2r2
- Scraper: Updated benchmark ms_exchange_2016_edge_transport_server_stig, added version v2r4
- Scraper: Updated benchmark ms_edge_stig, added version v1r5
- Scraper: Updated benchmark moz_firefox_stig, added version v6r3
- Scraper: Added benchmark mariadb_enterprise_10-x_stig, added version v1r2
- Scraper: Updated benchmark kubernetes_stig, added version v1r6
- Scraper: Updated benchmark juniper_router_rtr_stig, added version v2r4
- Scraper: Added benchmark juniper_ex_l2s_stig, added version v1r1
- Scraper: Added benchmark juniper_ex_rtr_stig, added version v1r1
- Scraper: Added benchmark juniper_ex_ndm_stig, added version v1r1
- Scraper: Updated benchmark ibm_zos_acf2_stig, added version v8r7
- Scraper: Updated benchmark ibm_aspera_platform_4-2_stig, added version v1r2
- Scraper: Updated benchmark ibm_aix_7-x_stig, added version v2r6
- Scraper: Updated benchmark general_purpose_operating_system, added version v2r4
- Scraper: Updated benchmark fn_fortigate_firewall_stig, added version v1r2
- Scraper: Updated benchmark fn_fortigate_firewall_ndm_stig, added version v1r2
- Scraper: Updated benchmark edb_postgres_advanced_server_stig, added version v2r2
- Scraper: Updated benchmark edb_postgres_advanced_server_v11_on_windows_stig, added version v2r2
- Scraper: Updated benchmark database_generic, added version v3r3
- Scraper: Updated benchmark cisco_ios-xe_router_ndm_stig, added version v2r4
- Scraper: Updated benchmark cisco_ios_xe_switch_ndm_stig, added version v2r3
- Scraper: Updated benchmark cisco_ios_switch_ndm_stig, added version v2r4
- Scraper: Updated benchmark cisco_ios_router_ndm_stig, added version v2r4
- Scraper: Updated benchmark crunchy_data_postgresql_stig, added version v2r1
- Scraper: Updated benchmark canonical_ubuntu_20-04_lts_stig, added version v1r5
- Scraper: Updated benchmark u_can_ubuntu_18-04_stig, added version v2r8
- Scraper: Updated benchmark avepoint_docave_6_stig, added version v1r2
- Scraper: Added benchmark avepoint_docave_6_stig, added version v1r1
- Scraper: Updated benchmark apple_os_x_10-15_stig, added version v1r9
- Scraper: Updated benchmark apple_macos_12_stig, added version v1r3
- Scraper: Updated benchmark apple_ios-ipados_15_stig, added version v1r3
- Importing Xylok Archives will now allow for selecting which components (clients, scans, ratings, etc) to import
- Xylok will now generate a certificate with a subject alternate name, rather than only a common name. This SAN can be controlled via the XYLOK_HOST setting, see https://support.xylok.io/kb/en/article/https-and-ssl-certificates for more details
- Importing network files now correctly displays the error message if they are missing a command
- Client dashboard bug fix
- Rater modals load correct data again
- Importing ratings no longer wipes ratings for other clients
- Added is_current to more rating tables in export
- Sw list and pps information now get stored correctly as lists in database
- Fixed issue with importing POA&M entries from archive
- Automatically correct configuration if not DB password is set
- Removed show config command with an HPCom OS in Network L2 Switch.
- RHEL 6 fixes:
- Removed smart quotes from command in RHEL 6, added pp for latest version
- Check correctly marks NA when IPv6 is disabled
- Updated several Windows 10 checks to resolve module import error.
- Fixed PP for older windows software collection
- Updated Windows 7 - WINUR-000032 PP to correct false positive condition.
- Scraper: Added benchmark mcafee_ens_10-x_local_client_stig, added version v1r1
- Xylok manager works with Podman 4.x now
- Scans can now have individual benchmarks removed. Option is under the Scan Options menu when analyzing a scan. Closes #312
- Rater tables now hide certain columns on smaller screens
- CCI, POAM, RTM managers have multi-edit functionality
- All Raters that use a ‘reviewed’ column can now mark items as ‘reviewed’ in bulk
- Benchmark reference now says if a benchmark isn’t covered by the user’s license
- Benchmarks show if the benchmark is licensed in the metadata section of the reference
- Scan Details page now correctly handles marking all items when filtered
- Commands are always sorted in check analysis, letting them be stable regardless of edits
- Removed unused check edit page, corrected edit links from machine/location/client findings listings
- ‘Use scan as AA baseline’ is working properly again.
- Scan detail progress bar bug
- Added PAN-OS commands and PAN-OS to OS list
- Added device model tracking for Cisco IOS
- Added show vtp command to Cisco L2S benchmark
- Made Win 10 software list correctly be marked as N/A again
- Fixed IE8 DTBI765 command.
- Updated Windows Server 2016 and 2019, both v2r4.
- Updated Windows PAW v2r2.
- Updated Windows 2012 DNS v2r5.
- Updated Windows Server 2012 DC & MS, both v3r4.
- Updated Windows 10 v2r4.
- Updated MS Defender v2r4.
- Updated McAfee ENS 10.x v2r7.
- Updated HBSS ePO 5.x v2r7.
- Marked Cisco IOS XE Router RTR v2r4 ready.
- Updated Cisco ASA FW v1r2.
- Updated Splunk 8 v1r2.
- Updated MS SQL Server 2016 Database and Instance, v2r4 and v2r7, respectively.
- Updated Mozilla Firefox v6r2.
- Scraper: Updated benchmark mcafee_ens_10-x_stig, added version v2r7
- Scraper: Updated benchmark hbss_epo_5-3_5-9_stig, added version v2r7
- Scraper: Updated benchmark windows_server_2019_stig, added version v2r4
- Scraper: Updated benchmark windows_server_2016_stig, added version v2r4
- Scraper: Updated benchmark windows_paw_stig, added version v2r2
- Scraper: Updated benchmark microsoft_windows_2012_server_domain_name_system_stig, added version v2r5
- Scraper: Updated benchmark windows_2012_ms_stig, added version v3r4
- Scraper: Updated benchmark windows_2012_dc_stig, added version v3r4
- Scraper: Added benchmark ms_windows_10_stig, added version v2r4
- Scraper: Added benchmark ms_defender_antivirus, added version v2r4
- Automated software list and benchmark recommendations:
- Xylok processes the software lists collected by the Xylok OS Baseline benchmark (automatically run on most scans) during post-processing. Software and versions are added to the machine and are now visible under the “Software” link in the machine details.
- The software list page will recommend benchmarks where possible and offer a single-click Add option.
- Benchmarks that should currently be automatically recommended are listed below. We’re working on adding more–please let us know if you have any requests or issues!
- adobe_acrobat_pro_dc_classic_stig
- adobe_acrobat_pro_dc_continuous_stig
- adobe_acrobat_pro_dc_stig
- adobe_acrobat_reader_dc_classic_track_stig
- google_chrome_current_windows
- google_search_applicance_stig
- jre_7_unix_stig
- jre_8_and_unix_stig
- jre_8_and_windows_stig
- mcafee_virusscan88_managed_client
- microsoft_onedrive_for_business_2016
- microsoft_sql_server_2012_database_instance_security_technical_implementation_guide
- moz_firefox_stig
- ms_office_365_proplus_stig
- ms_sql_server_2014_database_stig
- ms_sql_server_2014_instance_stig
- ms_sql_server_2016_database_stig
- ms_sql_server_2016_instance_stig
- ms_sql_server_database_2012
- ms_sql_server_installation_2012
- ms_sql_server_instance_2012
- splunk_enterprise_7-x_for_windows_stig
- Archive format now supports importing and exporting matching software version information
- Regardless of recomendations, the installed software list will appear as an additional column on the hardware spreadsheet. We’re looking into improving this format to more closely reflect how most AF/SF organization represent their HW/SW lists. If you have examples from your organization, we’d gladly use them to inform our approach.
- ISOs and Zip archives of scripts
- In addition to ISOs for locations, locations can now produce a Zip-compressed archive of all machine scripts under them
- Downloading scripts for the entire client is now possible
- Breaking change: Script ISOs/archives are now built with descending directories for locations, rather than being flat at the location level. Location directories are prefixed with “__” to help distinguish them from machines in file listings. Previously all machines under a location were listed in a flat structure, regardless of child locations
- Upgraded to Postgres 13 and Debian Bullseye
- Added rater row fetches to the API Documentation. Note that they’re all marked as internal use, so the format may be changed in the future.
- Permission Errors now show a less ambiguous message
- Upgraded blank setup database with latest migrations
- Documentation fully moved from internal docs to external site (https://support.xylok.io)
- Updated documentation regarding archive format
- Limited nginx to TLS 1.2 and 1.3
- Checklist exports with CUI STIGs (HBSS is the most common example) can now be correctly imported into STIG Viewer. The latest version of STIG Viewer threw an error when a STIG had an ‘FOUO’ classification.
- Restore script uses correct internal path for restoring file
- Fixed issues with navigating using browser’s forward/back that did not return complete pages.
- Fixed nav bar issues when navigating through history on some pages
- Raters were not correctly excluding old data during filter and duplicate current rows in raters
- “Add Group” bug fixed
- Corrected losing the search filter when using the ’re-run pp’ button
- Updated MS Outlook 2016 v2r3.
- Updated MS Office 365 ProPlus v2r5.
- Updated Google Chrome v2r6.
- RHEL 8 updates
- Added commands and PP to Cisco ASA NDM v1r1.
- Updated PP on Cisco NX-OS Switch RTR v2r1.
- Scraper: Updated benchmark traditional_security_checklist, added version v2r2
- Scraper: Added benchmark zebra_android_11_cobo_stig, added version v1r1
- Scraper: Updated benchmark zos_roscoe_for_acf2_stig, added version v6r8
- Scraper: Updated benchmark zos_bmc_mainview_for_zos_for_acf2_stig, added version v6r9
- Scraper: Updated benchmark zos_ibm_system_display_and_search_facility_for_acf2_stig, added version v6r9
- Scraper: Updated benchmark zos_ca_vtape_for_acf2_stig, updated version v6r4
- Scraper: Updated benchmark vmw_vsphere_6-7_photon_os_stig, added version v1r3
- Scraper: Updated benchmark zos_ca_vtape_for_racf_stig, updated version v6r4
- Scraper: Added benchmark ss_android_12_kpe_3-x_cobo_stig, added version v1r1
- Scraper: Added benchmark ss_android_12_kpe_3-x_cope_stig, added version v1r1
- Scraper: Updated benchmark zos_ca_vtape_for_tss_stig, updated version v6r4
- Scraper: Added benchmark vmw_nsx-t_manager_ndm_stig, added version v1r1
- Scraper: Added benchmark vmw_nsx-t_t1_gateway_fw_stig, added version v1r1
- Scraper: Added benchmark vmware_nsx-t_distributed_fw_stig, added version v1r1
- Scraper: Added benchmark vmware_nsx-t_sdn_controller_stig, added version v1r1
- Scraper: Added benchmark vmw_nsx-t_t1_gateway_rtr_stig, added version v1r1
- Scraper: Added benchmark vmw_nsx-t_t-0_rtr_stig, added version v1r1
- Scraper: Added benchmark vmw_nsx-t_t-0_gateway_fw_stig, added version v1r1
- Scraper: Updated benchmark splunk_enterprise_8-x_for_linux_stig, added version v1r2
- Scraper: Updated benchmark sles_15_stig, added version v1r6
- Scraper: Updated benchmark rhel_8_stig, added version v1r6
- Scraper: Updated benchmark rhel_7_stig, added version v3r7
- Scraper: Added benchmark rancher_mcm_stig, added version v1r1
- Scraper: Updated benchmark palo_alto_networks_ndm_stig, added version v2r1
- Scraper: Updated benchmark oracle_linux_8_stig, added version v1r2
- Scraper: Updated benchmark oracle_linux_7_stig, added version v2r7
- Scraper: Updated benchmark oracle_database_12c_stig, added version v2r4
- Scraper: Updated benchmark network_wlan_ap-ig_platform_stig, added version v7r2
- Scraper: Updated benchmark network_wlan_ap-nipr_platform_stig, added version v7r2
- Scraper: Updated benchmark network_wlan_controller_platform_stig, added version v7r2
- Scraper: Updated benchmark network_infrastructure_policy_stig, added version v10r2
- Scraper: Updated benchmark ms_sql_server_2016_instance_stig, added version v2r7
- Scraper: Updated benchmark ms_sql_server_2016_database_stig, added version v2r4
- Scraper: Updated benchmark microsoft_sharepoint_server_2013, added version v2r3
- Scraper: Updated benchmark microsoft_outlook_2016, added version v2r3
- Scraper: Updated benchmark ms_office_365_proplus_stig, added version v2r5
- Scraper: Updated benchmark moz_firefox_stig, added version v6r2
- Scraper: Added benchmark mot_solutions_android_11_cobo_stig, added version v1r1
- Scraper: Added benchmark mongodb_enterprise_advanced_4-x_stig, added version v1r1
- Scraper: Updated benchmark mongodb_3-x_stig, added version v2r1
- Scraper: Updated benchmark kubernetes_stig, added version v1r5
- Scraper: Updated benchmark juniper_router_rtr_stig, added version v2r3
- Scraper: Updated benchmark juniper_router_ndm_stig, added version v2r1
- Scraper: Updated benchmark ibm_zos_tss_stig, added version v8r6
- Scraper: Updated benchmark ibm_zos_racf_stig, added version v8r7
- Scraper: Updated benchmark ibm_zos_acf2_stig, added version v8r6
- Scraper: Added benchmark ibm_aspera_platform_4-2_stig, added version v1r1
- Scraper: Updated benchmark ibm_aix_7-x_stig, added version v2r5
- Scraper: Added benchmark hpe_nimble_storage_array_stig, added version v1r1
- Scraper: Updated benchmark general_purpose_operating_system, added version v2r3
- Scraper: Updated benchmark google_chrome_current_windows, added version v2r6
- Scraper: Updated benchmark firewall_srg, added version v2r2
- Scraper: Updated benchmark enclave_-_zone_d, added version v1r6
- Scraper: Updated benchmark enclave_-_zone_b, added version v1r6
- Scraper: Updated benchmark enclave_-_zone_a, added version v1r6
- Scraper: Updated benchmark enclave_-_zone_c, added version v1r6
- Scraper: Updated benchmark cisco_ise_ndm_stig, added version v1r3
- Scraper: Updated benchmark cisco_ios-xe_router_rtr_stig, added version v2r4
- Scraper: Updated benchmark cisco_asa_fw_stig, added version v1r2
- Scraper: Updated benchmark canonical_ubuntu_20-04_lts_stig, added version v1r4
- Scraper: Updated benchmark u_can_ubuntu_18-04_stig, added version v2r7
- Scraper: Updated benchmark apple_os_x_10-15_stig, added version v1r8
- Scraper: Updated benchmark apple_os_x_10-14_stig, added version v2r6
- Scraper: Updated benchmark apple_os_x_10-13_stig, added version v2r5
- Scraper: Updated benchmark apple_macos_12_stig, added version v1r2
- Scraper: Updated benchmark apple_macos_11_stig, added version v1r6
- The new sorting and filtering from the CCI and Control raters is now also applied to the RTM, Technical and POA&M tools
- When importing data that requires a pre-selected client, the error message should be more intuitive.
- HW Spreadsheet now includes compliance scores in last two columns
- Updated file import to handle new STIG Viewer .ckl files
- Automatic Analysis updates:
- Maintenance process now ensures AA database remains valid and removes duplicate entries if they exist
- Copying AA values from one family to another no longer gives an error
- AA creation has an explicit lock around it, rather than relying on only having a single process registered for handling AA
- DB maintenance process cleans unused checks from the DB and ensures all referenced checks have a valid benchmark version associated with them. This should have minimal user impact.
- Corrected some CKL export issues
- Hitting arrows keys correctly navigates between checks in benchmark view
- Postprocessing button in analysis view now keeps filters
- Prev/next buttons on analysis page retain filter criteria
- Allow old scan data to load if no recommendation status was set in additional_output
- The internal NetworkParse library will better handle Cisco configuration files with ‘unusual’ indentation by somewhat understanding what commands are permitted to have children. If you encounter changes to your processing because of these changes, let us know!
- Marked RHEL 8 v1r5 as customer ready
- Added PP to Cisco IOS-XE Switch RTR v2r1.
- Added PP to Cisco IOS-XE Router RTR v2r3
- Added PP to Cisco IOS Switch RTR v2r1
- Updated PP on Cisco IOS Router RTR and NX-OS Switch RTR based on testing
- Minor correction to PP on single Cisco IOS Router RTR check
- Imported files correctly show redirection/view link
- PP no longer errors out
- Fixed view changes in analysis erasing search filter
Emergency release to fix an issue preventing automatic analysis from running.
- No longer fully family ID from the wrong location during AA
- AA moved to a single new table with integrated command values and a update date
- Task sidebar monitor has an icon for when tasks have an action needed
- Archives with benchmarks with no versions (uncommon) can still be successfully imported
-
Automatic analysis has seen a number of major updates.
- There are now three AA pools: machine, family, and “universal”. Previously only family and universal existed. This change allows machine-specific selections to stay consistent across AA runs.
- Updated Data Analysis documentation with more details about how AA works internally, with a full example across multiple machines. (https://xylok.notion.site/Data-Analysis-168a4af4d49e4c8db16086762837df28)
- During AA for a single scan, you can now select which AA pools to use. See updated documentation for more details about how AA works.
- Allow AA items to represent all possible finding statuses. Previously they would only save Compliant, Noncompliant, and N/A. As a consequence, when you unmark an item we no longer re-mark that item the next time AA is run.
- Breaking Change: The majority of AA data should carry forward with no changes. However, AA entries were post-processing recommendations were overriden will not carry forward.
- Universal AA pool can now be exported by logged-in users from the User Menu. Individual benchmark AA pools are no longer exportable via the benchmark page.
- When exporting a client with scan data, AA data for all client machines, families, and the universal pool will be exported.
- If you need to drop AA data for a machine because items were incorrectly marked, you can now delete a machine’s data pool from the Machine Details’ Options dropdown.
- Family data can be deleted in the same way, from the corresponding Family Details page.
- CCI rater modal always shows link to ‘all items’ and all related items view shows everything, regardless of status
- The scan item list (when you first go to analyze a scan) has a new search! This is an early version of the search–some improvements in this and similar search dialogs will appear in the next release. We’ll add more detailed documentation when that release gets pushed, but for now: pressing / will open and focus the search, Enter to apply, Escape to close.
- Empty and commands with no OSes are now fatal errors in our tooling, so users should never see a check with a command that mysteriously doesn’t run.
- CCI rater modal was showing the finding count as N/As. Now it shows the actual N/A count, like you’d expect.
- Diff with previous check data has colors correctly set
- Prevent wrapping of CCI numbers in control rater and benchmark IDs in benchmark browser
- Client export when families exist works, closes #285
- AA data with an inconclusive status will be migrated to not a finding (this was causing AA issues for some users)
- More reliably force the settings page on the raters if not configured
- Enabled proxy keepalives per Nginx recommendations
- ADFS login redirect should work again
- Scan comparison no longer throws an exception
- We no longer print the PP recommendations at the end of the output. This is a breaking change that will reset AA for items where PP recommendations were overridden. Because other AA changes are being implemented in this release, this should consolidate any additional workload to a single cycle.
- Updated MS Office 365 to v2r4.
- Populated commands for latest Cisco IOS, IOS XE and IOS XR Router RTR STIGs.
- Added commands for latest Cisco NX-OS Switch RTR, NDM, and L2S.
- Populated Cisco NX-OS Switch NDM v2r3 commands.
- Added PP to Cisco NX-OS Switch NDM v2r3.
- Added PP to Cisco NX-OS Switch NDM v2r3.
- Added PP to Cisco NX-OS Switch RTR v2r1.
- Added PP to Cisco IOS Switch NDM v2r3.
- Added PP to Cisco IOS Router NDM v2r3.
- Added PP to Cisco IOS XE Router NDM v2r3.
- Added PP to Cisco IOS XE Switch L2S v2r2.
- Added PP to Cisco IOS XE Switch NDM v2r2.
- Added PP to Cisco IOS XR Router NDM v2r2.
- RHEL 7 - Fixed broken post-processing on RHEL-07-010340
- RHEL 8 - Command and Post Processing updates
- SUSE 15 - PP and test cases
- Updated VMWare VSphere 6.7 ESXi, vCenter, Virtual Machine STIGs, all v1r2.
- Missing OSes fixed for RHEL 5, MacOS 11, SuSe zlinux, SLES 15, web policy, Ubuntu 20.04, and Windows 2008 r2 DC
- Updated Windows 10 BitLocker Network Unlock configuration (WN10-00-000031) to be manual review.
- SCAP scans can now be uploaded from Xylok’s GUI. Process is the same as CKLs–see “Uploading to Xylok” documentation page for more details.
- Django form errors have styling added
- Login virtually always takes you back to your original page now
- Individual findings spreadsheet can be produced again
- Creating users via the admin interface no longer complains about a missing password
- Worked around a regression in Podman 3.4
- Client dashboard redirect has correct URL to cci rater
- CKL exports with idential STIG IDs in a single CKL correctly match finding detail data to the check (before the same data would be replicated across matching STIG IDs)
- Another fix to rule IDs. Should help with the reliability of CKL’s interoperability.
- Marked Splunk 8.x v1r1 ready.
- More tests and PP updates on Splunk 8.x.
- Minor update on Splunk 7.x PP.
- Old Windows Firewall removed
- Cleaned up Network-Perimeter Layer 3 Switch v8r32.
- Cleaned up Network-Firewall v8r25.
- Updated Windows 10, WN10-SO-000280 to account for 24 hour times.
- Updated IIS 10.0 Site v2r5.
- Updated IIS 10.0 Server v2r5.
- Updated IIS 8.5 Site v2r6.
- Updated McAfee ENS 10.x v2r6.
- Updated MS SQL Server 2014 Instance v2r2.
- Updated MS SQL Server 2016 Database v2r3 & Instance v2r6.
- Updated HBSS ePO 5.x v2r6.
- Updated HBSS McAfee Agent v5r5
- Updated MS Office System 2016 v2r2.
- Updated McAfee VirusScan 8.8 Managed Client v6r1.
- Updated McAfee VirusScan 8.8 Local Client v6r1.
- Scraper: Updated benchmark vmw_vsphere_6-7_postgresql_stig, updated version v1r1
- Scraper: Updated benchmark vmw_vsphere_6-7_esxi_stig, added version v1r2
- Scraper: Updated benchmark vmw_vsphere_6-7_eam_tomcat_stig, added version v1r2
- Scraper: Updated benchmark vmw_vsphere_6-7_perfcharts_tomcat_stig, added version v1r2
- Scraper: Updated benchmark vmw_vsphere_6-7_ui_tomcat_stig, added version v1r2
- Scraper: Updated benchmark vmw_vsphere_6-7_sts_tomcat_stig, added version v1r2
- Scraper: Updated benchmark vmw_vsphere_6-7_rhttpproxy_stig, added version v1r2
- Scraper: Updated benchmark vmw_vsphere_6-7_vcenter_stig, added version v1r2
- Scraper: Updated benchmark vmw_vsphere_6-7_photon_os_stig, added version v1r2
- Scraper: Updated benchmark vmw_vsphere_6-7_virtual_machine_stig, added version v1r2
- Scraper: Updated benchmark vmw_vsphere_6-7_vami-lighttpd_stig, added version v1r2
- Scraper: Updated benchmark cisco_ios-xe_router_rtr_stig, updated version v2r3
- Scraper: Updated benchmark cisco_ios-xe_router_ndm_stig, updated version v2r3
- Scraper: Updated benchmark windows_10_stig, updated version v2r3
- Scraper: Updated benchmark microsoft_windows_2012_server_domain_name_system_stig, updated version v2r4
- Scraper: Updated benchmark windows_firewall_with_advanced_security, updated version v2r1
- Scraper: Updated benchmark general_purpose_operating_system, updated version v2r2
- Scraper: Updated benchmark windows_2012_ms_stig, updated version v3r3
- Scraper: Updated benchmark apache_server_2-4_unix_server_stig, updated version v2r3
- Scraper: Updated benchmark windows_server_2019_stig, updated version v2r3
- Scraper: Updated benchmark windows_2012_dc_stig, updated version v3r3
- Scraper: Updated benchmark windows_firewall, updated version v1r7
- Scraper: Updated benchmark windows_server_2016_stig, updated version v2r3
- Scraper: Updated benchmark fs_nac_stig, updated version v1r3
- Scraper: Updated benchmark u_can_ubuntu_18-04_stig, updated version v2r6
- Scraper: Updated benchmark windows_paw_stig, updated version v2r1
- Scraper: Updated benchmark active_directory_domain, updated version v3r1
- Scraper: Added benchmark apple_macos_12_stig, added version v1r1
- Importing Xylok archives correctly pins benchmark versions. This was preventing importing Xylok archives from actually importing assigned machine benchmarks.
-
CKL import has been improved and moved to the web interface, see updated docs under “Upload to Xylok” for more information.
- CKL import now ties data to CCI’s if possible and will create commands on the fly as needed
- CKL import wizard allows client selection as well
- These improvements allow more flexibility in the benchmarks being imported. As long as the CKL matches an existing benchmark, even if Xylok does not have commands in place for it or it’s not under your license, you can import CKL data and have it tie the the CCI rater and other reports.
-
POA&M header can be controled via new POA&M settings, allowing the system name and other specific details to be filled in during generation
- More improvements to the ACAS importing wizard
- Cleaned up task monitor page, much clearer when jobs are in different states
- Added backup-cleanup.sh script and supporting docs
- Better detection for when raters need to be rebuilt, mitigating a common 500 error when clicking a rater row that has not been built yet. This does not eliminate the need to rebuild manually at this point–not all “rebuild-required” cases are detecteed.
- Check Rule IDs are correctly applied again–they had accidentally been located in the expert comments. The most significant issue with this was CKL exports, which would have invalid IDs.
- Mobile menu fully working again
- Handle ‘choice’ type questions the same as ‘choices’
- Try to be even more robust in our python search. Might still allow the Xylok manager to work even if Python is not in the PATH.
- During benchmark imports, don’t try to correct RTM settings which don’t exist
- Django messages are now correctly displayed on all pages
- User email password reset flow working
- Upload API via token is working again
- User password changes no longer kick to the Django admin style view
- No longer display password reset link when email isn’t configured.
- User’s passwords can be directly fixed in the user admin page
- Task monitor always switches priority to newest created window, making it more likely it initiates downloads in the user’s active window
- No longer show rebuild jobs in the task monitor, led to confusing double entries when importing scans and the scan comparison job also appeared
- Fixed a bug which would prevent POA&M from being built when underlying benchmark data was tombstoned
- Updated MS Edge PP
- Updated MS Edge benchmark question
- Updates to MS Edge STIG v1r4.
- Update and marked Google Chrome v2r5 ready.
- RHEL 8 PP syntax errors fixed in RHEL-08-010050 and RHEL-08-010070
- Fixed RHEL-06-000315, now displays raw output
- Cisco Firewall fix for NET0820
- Updated MS Outlook 2016 v2r2, and removed duplicative try/excepts.
- Added additional examples for Cisco IOS Switch L2S tests
- Updated more Cisco IOS Switch L2S PP
- Updated Cisco IOS Switch L2S PP
- RHEL 7 RHEL-07-021350 - Changed Post Processing to check for a str value of 1 instead of int value
- Post Processing Updates: SLES-15-010030 SLES-15-010180 SLES-15-010430
- Commands populated for Cisco IOS Switch RTR STIG v2r1.
- Nessus result importing is now supported, see “Uploading to Xylok” in the updated documentation. Please report any issues you find to support@xylok.io!
- PP processor now makes an internal note when an exception is caught–the goal is to make this a searchable attribute during analysis.
- When loading the installation license, add benchmarks which have changed IDs to the license as well.
- When benchmarks are merged, we now migrate existing assignments of the old benchmark to the new ID. Between this and the previous change, customers with the “old” ID on their license don’t need to take any action to jump to the updated benchmark from DISA.
- Small fix to PSQL runner to prevent errors outputting the command in the result file. Should have no notable affect on results
- Reduce error messages in logs when MX process isn’t able to clean a directory. No notable impact on operation
- Newly created clients are now automatically selected as the current client, closes #263
- Use shell entrypoint for health check to ensure environment is configured correctly, closes #264
- Increase healthcheck time to allow full ready check to work more reliably
- When building releases, we always use the same-tagged version of the benchmark repo for a more reproducible build.
- Database restore script works again
- Navigating between scan items from analysis page now saves changes correctly
- Fixed hotkeys and character escaping in analysis view
- Prevent systemctl status from hanging at the end of the installer if the window is small
- Removed “inconclusive” status from findings/compliance choices. Migrated any “inconclusive” status in DB to “compliant”
- First pass commands done CISCO IOS XE r3 NDM
- Merged 3 MS SQL Server 2012 Instance STIGs into ms_sql_server_2012_stig.
- Merged and Updated Mozilla Firefox v6r1.
- Marked MS OneDrive v2r2 ready.
- Merged Microsoft OneDrive for Business 2016 to Microsoft OneDrive v2r2.
- SLES 15 first pass commands in place
- Merge Windows Firewall benchmark to v2r1 (No changes in actual benchmark)
- HBSS ePO 5.x v2r5
- McAfee ENS 10.x v2r5
- Windows 2012 Server DNS v2r4
- HBSS McAfee Agent v5r4
- HBSS Agent Handler v2r2
- HBSS Remote Console v5r1
- HBSS Rogue Sensor v5r1
- Windows PAW v2r1
- Active Directory Domain v3r1
- Windows Server 2012 DC v3r3
- Windows Server 2012 MS v3r3.
- Windows Server 2016 v2r3
- Windows Server 2019 v2r3
- Fixed conflicting Win Defender command ID
- Microsoft Windows Defender Antivirus STIG v2r3.
- Windows 10 STIG v2r3.
- Tweaked MS Dot Net Framework question collection for cmd.
- Microsoft Windows 2008 Server Domain Name System STIG v1r8.
- RHEL 8 Commands Complete
- PostgreSQL 9 fixes
- Apache 2.4 UNIX site/server commands
- Added SUSE 15 to OS list
- Added “View Admin Page” option on scans, machines, locations, and clients for staff users
- Selected client is no longer tracked in the database. This allows you to use different browsers or incognito mode to work with multiple clients at the same time
- Scan comparison now works across clients. Fixed bugs when working with multiple clients at the same time
- Work more reliably when multiple windows are open and the user attempts to select different clients. Previously we relied on the selected client when editing families, machines, and locations, which led to bugs when editing items not in the currently selected client.
- Fixed database admin page selects
- Removed editing previous scan from admin (with many scans, that field has the potential to prevent the page from loading)
- Prevent code with breakpoints from deploying
- Slightly better recovery when parsing an exception from a background job fails
- Handle the menu correctly when the user is logged in but does not have a client selected
- RHEL 8 Commands Complete
- The Xylok API is now officially supported. Detailed documentation is available under the user menu->API Documentation and high-level docs and use cases can be found under the Automation header of the Xylok docs. The initial use case of this automating scaning and analyzing a machine. Supported API endpoints include:
- Searching for a machine
- Fetching machine script
- Uploading results
- Copying interview answers
- Running Automatic Analysis
- Monitoring the status of background tasks
- You can now drop files on the sidebar, making uploading results easy no matter where you are in Xylok. Multiple files can be uploaded at a time and you will be blocked from navigating away while the uploads are in progress.
- Sidebar now holds a small task monitor, allowing it to track background tasks and download generated files without having to stay on a specific page.
- Single scans can now be exported as CKLs
- When benchmarks are removed from machines/locations, the client will have the pinned benchmarks removed
- Machine list is now sortable
- Hitting ‘/’ (slash) to select search box now works on benchmark, machine, and scan lists
- We now display the benchmark ID as a column in the backmark listing (rather than the short title) and provide an easy copy button
- Navigation now correctly resets to a valid state if the open menu is no longer valid (ie, when you log out)
- Single-task monitor page nicely shows stracktrace, better parsing of exceptions
- Re-worked single task monitor page to use task monitoring API
- Virtually all jobs receive a description when starting now, plus all jobs have a reasonable timeout now
- Navigation menu now allows navigating between section menus without page reloading
- Task displays are now limited to the initiating user
- Include container memory infomration in container log output
- Include container processes in container log output
- Include mx process logs in logs command
- Correctly hide FOUO STIGs from unauthenticated users (thanks to the user who caught that!)
- Don’t error out when serializing job with no result
- Moved to using Alpine to handle row clicks in benchmark browser, preventing history weirdness with HTMX
- Complete export includes ratings. Because ratings depend on scans, the option to download them separately has been removed for now–if you need this feature, contact support
- Allow for nulls in RTM verification dates in export
- If XYLOK_DATA setting has a ~ in it, don’t accidentally create a ~ directory (expand it correctly to the user’s home)
- RTM validation date is now the date of the last rebuild. RTM verification date is the date of the last physical ‘reviewed’ click on the control or the last scan data for technical data
- Removed redundant reports from reports menu found in respective raters
- RTM includes checks from benchmarks assigned to machines, even if there are no scans
- Fixed deprecation warning from my_init
- Modified UI elements, fixed comment box typing/saving
- Removed deprecation warning about ‘GROUP_CLAIM’ when using ADFS authentication
- Correctly return default value when getting archive settings that don’t exist
- RTM now works when there are no scans in client
- Updated McAfee Application Control 7.x STIG v1r6.
- Updated Splunk Enterprise 7.x for Windows STIG v2r3 and marked ready.
- Added PP for Splunk Enterprise 7 STIG v2r3.
- There is a new import/export format for Xylok. The new SQLite-based format demands less memory and will work on a wider range of systems. There’s also more room for optimization, potentially allowing for quick importing/exporting in the future. Features of the new format include:
- Scans, client data, and CCI/Control/Tech/POAM/RTM ratings
- Dependent benchmarks for scans–now an export from one system includes everything needed to work on a different system, even potentially outdated/removed commands
- SQLite3-based, which allows for easier searching and manipulation than the previous format. If needed, the sqlite3 CLI client is included in the Xylok container image.
- Greatly reduced memory usage
- In the future, we plan to include AA data and allow for selective importing of parts of the archive.
- Spreadsheet versions of the various raters (CCI, control, tech) area all exportable directly from the rater page, reducing navigation
- Uploads and downloads now persist to temporary storage on-disk, rather than being retained fully in memory. This should reduce issues on lower-memory systems where imports could not be completed because of out-of-memory process termination. A maintenance process has been added to help clean temporary files over time.
- A new task-montioring page has been created, allowing you to view all background processes in the same location.
- Multiple files can now be selected during upload
- Allow boolean questions to work
- Fixed documentation on importing SCAP/CKL results.
- Started Splunk Enterprise for Windows v2r3.
- Updated Windows Server 2008 MS STIG v6r46.
- RHEL 6 - Additional commands and corrected Post Processing errors
- Finalized IE9 STIG v1r15.
- Finalized IE8 STIG v1r20.
- Finalized IE 7 STIG v4r20.
- Finalized IE 6 STIG v4r11.
- Added remaining RHEL 8 Checks missing commands
- RHEL 8 - Adding missing commands
- Added PP to some Cisco ASA Firewall STIG v1r1 checks.
- Updated Windows 7 - WINUR-000032 to allow for capitalization variations of the ‘Auditors’ group.
- Updated VMWare vSphere 6.5 ESXi STIG v2r3.
- This release comes with a major rewrite of the Xylok user interface. Please give us feedback at support@xylok.io if you run into any issues or have requests!
The documentation has been updated to reflect the new look. Other than looking completely different, some notable features of the new UI include:
- The UI menu has been broken down into “sections,” reflecting the actions you’re most likely to be working on at a given time. I.E., when doing assessments the scan list, raters, and importing are all easily accessible.
- Keyboard-driven workflow for scan analysis. Hover over the “?” at the top of the analysis display to see a list of the keyboard shortcuts.
- The output display for the analysis page can now expand to full screen, for those especially big outputs.
- Far more items have smooth searching now, with results appearing as you type
- Documentation now has a section on the workflow for the Assessment Rater displays, covering the CCI Rater, Control Rater, Technical Rater, and POA&M Manager. As we encourage more organizations to use these integrated tools, we’re hoping to build out even more reporting around them. If you have requests or ideas, let us know.
- The Raters now generally have a “Reviewed” date, allowing them to be more easily updated over time. No changes since the last time you looked at a CCI? Just mark it “reviewed” so you know it’s still accurate!
- Breaking: The
run
subcommand from the xylok manager, because it caused permissions issues. To compenstate, we now create a new/_passthrough
mount for Xylok, intended for transfering files in and out of the container. The host location of this mount can be found by running./xylok pt ext
. TheCommand Line Utilties
->Working with Containers
sections of the documentation has more details on this.
- Added a search to copy answers page, added a link to view all related items from CCI Modal
- We’ve re-introduced the Technical Rater, formerly called the “FARR”. This is intended to provide an interface for rating items on a strictly technical level, outside the CCI Rater. May help with prioritization of fixes.
- Clicking the command link when analyzing opens the command in a new tab with a nice plain-text view
- Added CLI tool to merge two CCI rating sets
- Display background request errors consistently, letting the user know when an error occured.
- Search builder in raters now include filtering for reviewed/updated date range and clear form button
- We now have automated testing around both clean and upgrade installs on every release for on Ubuntu 21.04, CentOS 7 using Docker 1, CentOS 7 using modern Docker, and CentOS 8 using Podman.
- Container health checks also confirm the background workers are responding.
- Most of the system configuration checking has been moved to xylok-manager, allowing it to be re-run on the host as needed (rather than requiring the installer)
- Greatly reduced installer size
- Numerous library upgrades, including Python 3.9 and Django 3.2.
- Added the ability to see recent server logs from the web by going to the user menu->Server Logs. User must be marked as “staff” in the Django database admin.
- No longer error out when importing a ZIP file
- Benchmark details check table now sorts by stig id by default
- Properly run backup of database during install
- Scan comparison family was using name instead of pk, causing it to not load the correct scans when clicking in from an external link.
- Correctly update pagination when searching in raters
- Added back in bulk delete scan warning page
- The ‘unmarked’ filter should now show ’needs human review’ items
- Added support for detecting prompt for HP devices (surroundeded by [])
- Scan comparison URL includes client information, allowing it to work even if a different client was selected by user
- Correctly apply PP when multiple items recommend the same thing
- Don’t accidentally create ‘~’ folders in Xylok Manager
- Nulls are now stripped from PP output, preventing broken PP scripts from causing issues in processing other checks.
- RHEL 6 STIG Added missing commands for v2r2. PP fixes on several checks.
- RHEL 8 STIG Adding missing commands to checks in v1r4
- RHEL 7 - Updated for new release v3r5 - Fixes for commands and post processing
- RHEL 7:
- RHEL-07-021340 - Added Post Processing
- RHEL-07-040180 - Changed command and added Post Processing
- RHEL-07-040190 - Changed command and added Post Processing
- RHEL-07-040200 - Changed command and added Post Processing
- RHEL-07-040520 - Added Post Processing
- RHEL-07-010270 - Changed command and fixed Post Processing
- RHEL-07-010480 - Modified Post Processing to handle RHEL versions better
- RHEL-07-010482 - Added Post Processing with recommendation
- RHEL-07-010483 - Added Post Processing with recommendation
- RHEL-07-910055 - Changed command and added Post Processing
- RHEL-07-020210 - Added Post Processing with recommendation
- RHEL-07-010119 - Removed hard coded 5 for retry in Post Processing
- RHEL-07-021031 - Changed the ’ls’ command to a ‘stat’ command and it no longer returns a line if no results are found
- RHEL-07-010310 - Corrected the recommendation to compliant when the correct value of ‘0’ exists in Post Processing
- RHEL-07-040170 - Modified command and Post Processing
- RHEL-07-040710 - Changed the compliant value to ’no’ in Post Processing
- Marked RHEL 7 v3r4 ready, added remaining command
- Updated MS SQL Server 2016 Database STIG v2r2 and MS SQL Server 2016 Instance STIG v2r5.
- Updated IIS 10 Server STIG v2r4 and IIS 10 Site STIG v2r4.
- Updated IIS 8.5 Server STIG v2r3 and IIS 8.5 Site STIG v2r4.
- Updated VMware vSphere 6.5 Virtual Machine STIG v2r1.
- Updated IE 11 STIG v2r1.
- Updated Microsoft Edge STIG v1r3.
- Populated Microsoft Office 365 ProPlus STIG v2r3 with commands and postprocessing, and expert comments for DISA mistakes.
- More minor updates to Windows 10, Windows Server 2016 and 2019 STIGs.
- Updated firewall rule checks in Microsoft Windows 2012 Server DNS STIG.
- Updated Windows Server 2016/2019 check for ‘create symbolic links’ regarding Hyper-V role.
- Minor updates to Windows 10, Server 2016, Server 2019 STIGs (v2r2).
- Updated Windows Server 2019 STIG v2r2 and Windows Server 2016 STIG v2r2.
- Added ’looking for’ statements for all the basic Cisco L2S PP
- Corrected runner for ASA commands
- Added basic PP (no recommendations) to more of the Cisco IOS l2s STIG
- Added Cisco ASA commands to ASA FW STIG
- Added HP Comm commands to Layer 2 Switch SRG
- Updated Windows Server 2016 STIG v2r2.
- Updated Windows 10 STIG v2r2, including user-identified issues (Thanks!).
- Updated Internet Explorer 11 STIG v1r19, including user-identified issues (Thanks!).
- Installer should be more robust now, handling various edge cases more appropriately and be more adept at recovering from failed partial installs. In addition, there are some settings it will now check during installation and warn the user to correct.
- File imports are sorted, making it a bit easier to tell progress
- Cancelling following xylok logs no longer throws a keyboard interrupt error.
- Podman logic has seen more improvements.
- Removed start.sh and stop.sh scripts. With the move to systemd as the control scheme, using the appropriate systemctl start/stop commands is more appropriate.
- Better management of benchmarks by allowing verisons and checks to be tombstoned (benchmarks and commands already could be). This helps manage major STIG changes over time and prevents visual build up of old STIG data
- No longer display tombstoned benchmarks on benchmark listings
- Correctly import from deeply-nested directory structures
- If a benchmark has no ready versions, during import we now force the latest version to be ready. This avoids weird behavior around brand new benchmarks.
- Forced benchmarks to re-import to ensure tombstoning is properly applied
- During setup, all xylok manager calls are made using ‘bash’ to avoid noexec issues on tmp partitions
- Handle JSON decode errors in the Xylok Manager correctly on Python 2
- Create xylok data and logs folders before settings permissions
- Benchmark coverage page loads correctly, rather than trying to find a benchmark with the id ‘coverage’
- Combined VPN benchmarks
- Combined traditional security benchmarks
- Combined router SRG benchmarks
- Combined IE8 benchmarks
- Combined IE9 benchmarks
- Combined general purpose OS benchmarks
- Combined SQL Server 9 benchmarks
- Combined Database Generic SRGs
- Combined OSX 10.15 benchmarks
- Combined Voice and Video Endpoint SRGs
- Combined RHEL 8 STIGs
- Updates to Oracle DB 11.2g STIG v2r1.
- Marked Oracle DB 11.2g v2r1 as ready for customers
- Populated Cisco IOS XE Switch L2S STIG v2r1.
- Updated Cisco IOS Switch L2S STIG v2r2.
- Oracle Database 11.2g STIGs combined
- Updated Windows 10 commands and PP.
- Updated Mozilla Firefox STIG v5r2.
- Adding Red Hat 8 Commands
- Updated MS SQL Server 2014 Instance STIG v2r1.
- Updated MS Windows 2012 Server Domain Name System STIG v2r3.
- Updated VMWare vSphere 6.5 ESXi STIG v2r2.
- Updated VMWare vSphere 6.5 vCenter Server for Windows STIG v2r2.
- Updated MS SQL Server 2016 Instance STIG v2r4.
- Updated Adobe Acrobat Pro DC Continuous STIG v2r1.
- Updated Microsoft IIS 8.5 Site STIG v2r3.
- Update Microsoft Office System 2016 STIG v2r1.
- Updated Microsoft IIS 10.0 Server STIG v2r3.
- Updated Microsoft IIS 10.0 Site STIG v2r3.
- Updated Google Chrome STIG v2r4.
- Updated MS Edge STIG v1r2.
- Xylok now runs as a non-root user on all installations. To facilitate this, the following things will occur during installation and/or upgrade:
- A
xylok
user and group will be created on the host if it does not exist. This user will be given a home directory (necessary for execution of the container under Podman), but should be created with a system-level UID. - Xylok data files (/var/lib/xylok, /var/log/xylok, /opt/xylok) and configuration files (/etc/xylok.conf) will have their owner changed to
xylok
- If a non-Xylok user should have access to the Xylok data, they can be added to the
xylok
group. Most files, except for Postgres database files, allow group access. - When starting, the Xylok Manager will also work to ensure files are owned by the correct user. If you encounter permissions errors, please contact Xylok support (support@xylok.io).
- A
- Xylok now uses systemd to manage on-boot execution for all installations, rather than relying on Docker’s
restart=always
. Thexylok
unit will be installed during the upgrade. From then on, the systemd unitxylok
can be used for status, starting, and stopping. On Docker systems, there is a dependency on docker starting.
- Updated help docs to reflect new security information
- Removed Redis AOF log, making startup faster. We don’t need the solid persistent anyway, it’s only for caching and session data.
- Logs command supports specifying components, if you only need to tail certain processes. IE,
/opt/xylok/xylok logs -f worker
- Benchmark import correctly removes old version of checks from versions
- Rating importing no longer resets update dates, which occasionally led to the wrong data being displayed as ‘current’
- Corrected POA&M rebuilding and generation from reports menu
- When saving on the various raters, return the correct page of the results still. In addition, don’t give a 404 on an empty page–just return the last page
- As a safety measure, during an install individually request each old component shut down
- Ensure Postgres always terminates connections, rather than waiting for clients to DC
- Correctly update cci compliance status when copying in modal
- Resolved a CSRF issue when using non-standard ports for hosting
- If there are no permissions to create proxy certs, put in tmp directory
- Don’t exit when files are links and/or removed during permissions settings
- Set root data/logs directories with correct permissions, in addition to core mount points
- Dynamically generate self-signed certificates during boot. This fixes and issue when using non-root UID/GIDs for Xylok, which led to Nginx not being able to acces the snakeoil certs.
- Adding RHEL 8 commands
- Numerous benchmarks imported thanks to the quarerly release.
- Added 24hr time parsing/examples Win Svr 2019 (Thanks Thomas)
- Added 24hr time parsing/examples Win Svr 2016
- Fixed issue with WDNS-SC-000010 not showing 2012 command in Windows 2012 DNS STIG v2r2.
- Marked indos 2012 DNS v2r2 ready.
- Updated SSHD config checks
- Initial commit on apple_macos_11_stig
- Nginx (v1.20 currently) has replaced Caddy as the reverse proxy. This has a few benefits:
- Static files (CSS, Javascript) will be served more quickly.
- All content is Gzip, helping any installations with slower networks.
- Fewer compatiblity issues during upgrades, which should help with the previous fixed-SSL certificate reliability issues.
- A more robust Content Server Policy has been put in place, following best practices where possible.
- The move to a single container for all Xylok processes made logging more challenging. This has been resolved, with physical logs being generated at /var/log/xylok/ for each internal component.
- The
/opt/xylok/xylok logs
sub command has been updated to reflect this change. By default, a ZIP file with the last 5000 lines of each log will be generated, plus some settings (passwords/secrets are excluded) and the docker container logs. - The
logs
command also has a-f
flag, which tails all component logs and allows for nice real-time debugging of any issues.
- The
- Container read-only setting can now be set via environment variable.
- Include CSP nonce for scripts where possible. CSP nonce values are regenerated on every build.
- Development images are now also read-only, hopefully avoiding issues moving to production.
- Nginx can now be put into maintenance mode, where no traffic is sent to Xylok.
- Xylok Manager
settings
subcommand now shows default settings. This will allow us to more easily consolidate the documentation for all settings into the Xylok command, rather than just seperate docs. - Removed nodejs from final production image, reducing size slightly.
- Don’t include a DB version script in utils, just do it directly in setup.sh. Correted DB version retrieval.
- If a DB upgrade occurs, don’t fail out when it returns non-0 due to normal warnings.
- Strip docker log output to avoid blank lines at end.
- Marked Windows 2012 DNS v2r2 ready.
- Fixed issue with WDNS-SC-000010 not showing 2012 command in Windows 2012 DNS STIG v2r2.
- Corrected proxy config to work with internal and external certs by splitting configs
- Corrected README instructions for creating an fixed certificate
- Updated IIS Server 8.5/10 checks IISW-SV-000130/IIST-SV-000130 to limit search to local drives.
REMOVED: The FARR has been removed in favor of using the CCI Rater and/or POA&M Rater. If your organization utilitizes the FARR, please contact support@xylok.io.
- Re-wrote client control page to be server-side rendered. After initial build, display should be vastly faster
- Client control coverage is now computed in the background and cached for 10 minutes
- Aadded more robustness to Task Monitor exception parsing
- POA&M, CCI, and Control raters are now rendered on the server side. This should greatly increase the loading of certain aspects, like related data.
- Small redesign of Client/Location/Machine details pages
- All machines list is now searchable by machine name/short name/location/OS/family
- Scan list and location scans list are now searchable
- No longer default Django DEBUG to on
- Remove OOB for machine list search (fixes JS console error)
- When a client’s controls are not found in cache, still return user to correct page after build
- Searching for just a number in the CCI rater now works as you’d expect. IE, just typing “366” correctly returns just CCI-000366.
- Corrected how saving history works during a rebuild
- Corrected Xylok Manager to work with Python 2 again
- Show Benchmark check IDs in benchmark detail print view
- Added time limits to PP code
- Populated IIS 8.5 Server and Site STIGs v2r2 after constant pressure and bullying from the work list.
- Added another SID to Windows User translation PP util.
- Added HPCom OS cmds to Infrastructure L3 Switch STIG v8r29.
- Updated Cisco IOS Switch L2S STIG v2r1.
- Added 4 well known SIDs to Windows User translation PP utility.
- Updated APPNET0066 PP of PS command in Dot Net Framework STIG v2r1 to correct bad regex issue.
- Updated MS Windows Server 2012 DC/MS STIGs v3r2.
- Updated MS Windows Server 2016 v2r2.
- Updated Windows 10 STIG v2r2.
- Updated Windows Server 2019 STIG v2r2.
- Updated Windows Defender AV STIG v2r2.
- Added Windows Server 2019 support to OS Baseline
- Solaris 11 command updates
- Added basic support for Dell switches to Layer 2 Switch SRG
- Scraper: Added benchmark zebra_android_10_cobo_stig, added version v1r1
- Scraper: Added benchmark zebra_android_10_cope_stig, added version v1r1
- Scraper: Added benchmark tm_tippingpoint_ndm_stig, added version v1r1
- Scraper: Added benchmark tm_tippingpoint_idps_stig, added version v1r1
- Scraper: Updated benchmark samsung_sds_emm_stig, added version v1r2
- Scraper: Added benchmark ms_scom_stig, added version v1r1
- Scraper: Updated benchmark layer_2_switch_srg, added version v2r1
- Scraper: Updated benchmark juniper_router_rtr_stig, updated version v2r2
- Scraper: Updated benchmark windows_server_2019_stig, added version v2r2
- Scraper: Updated benchmark windows_server_2016_stig, added version v2r2
- Scraper: Updated benchmark windows_defender_antivirus, added version v2r2
- Scraper: Updated benchmark windows_2012_ms_stig, added version v3r2
- Scraper: Updated benchmark windows_2012_dc_stig, added version v3r2
- Scraper: Updated benchmark windows_10_stig, added version v2r2
- Only mount /etc/passwd when using Docker and a custom UID/GID, Podman nicely creates the container user for us.
- Corrected Xylok Manager to work with Python 2 again
- All Xylok components now run inside a single container. This simplifies supporting both Docker and Podman. In addition, it has allowed for more robust process supversion to be put in place, ensuring failing components restart automatically. The impact on user installations should be minimal. The only caveat to this is the renaming of CPU/memory limit settings. See https://www.notion.so/xylok/Security-91146958a092412696696eee2d665260
- Duplicate scan errors are much prettier
- Make Posix scripts world-readable at the completion of the script, rather than making requiring the end user to fix it
- Error pages are correctly styled and display friendlier error messages. For logged-in users, the stacktrace will be displayed for easier debugging (hidden for anonymous users).
- Sidebar now sticks in the same place when scrolling
- Default to showing more lines in output during analysis
- Commands now have a “Show full command” link at the end of the truncated one of the command is too long to fit on the page. Also has a “collapse command” option once it’s expanded
- Powershell collection script now shows output location at end of script
- Ensure comments and finding details do not contain invalid characters for XML
- Downloads on the task page should correctly continue to refresh
- Corrected error display for errors with a ‘:’ in them
- Downloads which complete before the task monitor page loads should still download properly
- Show a nicer download link in case downloads do not start automatically.
- Increased ready check retry count to 120
- DB and Redis ready now gets checked for all commands–and the DB check works even if the DB isn’t configured yet
- Remove old docker-compose files from existing installations
- Allow non-root UIDs to work with matplotlib
- Remove unneeded Python libs for production installs
- Added basic support for Dell switches to Layer 2 Switch SRG
- Fixed Python 2 compatibility during installation and added testing to check against all supported versions of Python
- Corrected scraped benchmarks which lacked check contents.
- Task monitor page has been rewritten to report errors more nicely
- Several pages should load more quickly and reliably, with less network traffic (rendering has been moved server side)
- Added search and paging to client listing page
- Small fixes to systemd unit file. There may still be an issue with RHEL 7 and Podman 3.
- When booting, Xylok components will attempt to wait for the database and redis to be fully ready
- Added redis to DB start script, since both those backend services might be needed independently of the scanner.
- Don’t eat user messages on task waiting page
- Note that podman 2 mode also covers podman 3
- Scan comparison fixed
- Corrected issue with check links in analysis items
- Cleaned up several unused JS files
- All PP now notifies that it completed successfully
- Updated PP for RHEL and windows machines to collect data needed for PPSM.
- Commands/PP added for VMWare vSphere 6.7 ESXi, Virtual Machine, and vCenter STIGs. All v1r1.
- New commands for Solaris 11x86
- Updated MS Office System 2013 v2r1.
- Updated MS SQL Server 2016 Instance v2r3.
- Update MS Windows DNS 2012 v2r2.
- Updated Google Chrome v2r3
- Updated McAfee VirusScan Enterprise 8.8 Local (v5 r16) and Managed (v5 r21) to combine commands & PP.
- Updates for IIS 10 Site & Server STIGs v2r2.
- Commands/PP populated for IIS 10 Server & Site STIGs, both v2r1.
- Always add Xylok OS Baseline to scans. This fixes the requirement from the previous update that all users must manually add the OS Baseline to their machines to activate the automatic data import. As a part of this:
- All licenses and installers get xylok_os_baseline bundled in. To see the new benchmark, you may need to update the license in Xylok. If you have any issues, please contact Xylok support.
- A PPSM in two formats can be generated using port information gathered by the Xylok OS Baseline. The new report is available under Reports -> Ports, Protocols, and Services Matrix. The data will start being populated the next time a scan is performed. If you need a PPSM in a different format, please contact support@xylok.io
- CKL import will now automatically add IP/MAC addresses and host name if they are in the scan.
- Users will now be notified if the OS they have entered for their machine does not match the OS found in the baseline scan. (Windows and RHEL only so far)
- Xylok will now correctly start automatically on system boot.
- CKL exports will now more reliably include all available check data. Previously, CKLs might ignore some data if the data was from an older version of a check, but this created issues with transitions between benchmark releases.
- Correctly mark no-longer present versions of benchmarks as ’not ready’
- Fixed machine info alerting when the new value is empty.
Quick-turn release to fix two issues.
- Cleaned up migration missing warning
- Corrected scan multi-item edit and filter
- Added an automated “Machine Benchmark Status Report” under the Reports tab. This will generate a spreadsheet that shows the Stig Viewer score and Xylok score, separated for each benchmark, for every machine under a client.
- When importing a scan or running Post Processing, machine info can be automatically updated. If new information conflicts with old information, user can choose which to keep, or to ignore future suggestions. Can also undo ignoring suggestions. More QOL to follow.
- To activate this feature, assign the Xylok OS Baseline to all machines you’d like to track
- Currently, supported OSes include:
- Windows 7
- Windows Server 2012
- Windows 10
- Windows 8
- Windows Server 2008
- Windows Vista
- Windows XP
- Windows Server 2016
- RHEL 5-8
- Let us know if you encounter any issues or have any particular OSes you’d like support added for.
- Added package to log all Javascript errors and exceptions to the main logs, allowing for end-to-end debugging if support is needed.
- users can now use ./xylok logs to save a report of all the container logs.
- Left/right buttons will no longer disappear when changing a scan items status
- Matplotlib will load quicker
- If a user changes a machine’s location, the machine’s scans will relocate to the new location as well
- Users will now be notified if a scan’s location does not match the machine’s location from the scan details page.
- Support Docker 1.26 for healthchecks
- Recent location scans were adding duplicate of most recent scan rather than location scans with no machine (as intended).
- Location scan list was only displaying most recent scans, causing unexpected results. Location and Scan list now default to show all scans, and can also show most recent if desired.
- Xylok can now be hardened to more accurately match the Docker Enterprise STIG. See the “Security” page of the new version of the manual for more details, but included features include:
- Health checks for all containers (always on)
- Container restart policy (configurable)
- Bind interface (configurable)
- Enabled “no-new-privileges” security option (always on)
- Components can run as non-root users inside containers (must be configured, see security guide)
- Containers run with read-only filesystems (always on)
- CPU and memory limits (configurable)
- There is now a “logs” subcommand for xylok-manager.py, which fetches all the container logs with a single command. This should help with debugging issues on customer installs.
- Log Django requests and exceptions at a more detailed level, which will allow those details to be included in the container logs.
- We no longer prompt about upgrading benchmarks. Use the “–no-benchmarks” flag if skipping the upgraded benchmarks is needed.
- Active Directory sign in is available for users who want to log in using Windows Server or Microsoft Azure:
- NOTE: Please reference the updated documentation for details on how to implement this feature for your system.
- Scan details page has an option to filter items by “interview”, showing only items that have interview question to answer.
- Scan Details page shows a progress bar to show how many items are reminaing for that scan (unreviewed/needs manual review).
- Users can specify AD_CHECK_CA (True/False) to either bypass the Active Directory certificate check or have Xylok use their certificate file.
- Users can login using the form method when AD sign in is enabled.
- Scan analysis pages now hides the less pretty version of the Xylok recommendations and instead have a more obvious way to apply those recommendations.
- There’s now options for managing automatic analysis (AA) data, the markings Xylok uses to match up old compliance information with new data when you import scans:
- AA data can now be copied over to a new or existing family
- Users can now use a scan as a ‘baseline’ for AA for a machine family, essentially updating all the AA items to use the findings from that scan
- Admin page now has a filter to show AA items by family, enabling deletion of AA data for families. AA data copy to new family now copies check command sets correctly.
- From admin page, can filter (and therefore delete) AA items by benchmark as well now.
- STIG titles no longer have to be unique, allowing for easier migration when forced by DISA
- Controls page now shows filtering options by control groups in navigation pane. Hovering a control group abbreviation in the sidebar will show the full group name.
- Added a navigation pane for more pages.
- Benchmark questions can now have more strict structure. Existing answers are unchanged, but this will allow Xylok to enforce better answers going forward.
- Allow commands to be ordered within a runner.
- New users can successfully switch/select clients
- POA&M no longer includes N/A rows
- SCAP import handles duplicate STIG titles more correctly
- If there is no data in the installer, don’t attempt to load it. As a consquence, we can now allow the installer to bail if importing data does fail.
- No longer show Matplotlib debugging output
- PP recommendation functions can now take both an issue list and a header for that list
- Clients with fully completed task lists wwill no longer redirect to the login screen.
- Export/import of client control ratings updated to include all date information and POA&M status
- Users can now import CKL data into Xylok
- A “new client checklist” will now appear when a new client is created. If you’ve used Xylok before, go to the checklist and hit “Mark All Complete.”
- Poam rater can now have multiple items edited at a time.
- Multiple edit for scan details page, allowing quickly changing status and comment of multiple analysis items.
- Store alternate benchmark IDs in database, allowing migration over time when DISA changes benchmarks.
- Allow commands to be ordered within a runner. From a user’s perspective, this should result in more consistent analysis displays.
- Added instructions for gaining privileged access on switches and logging using SSH
- New versions of benchmarks no longer default to customer ready. This should allow Xylok to wait to release new versions until commands have been added for new benchmarks.
- Xylok manager now correctly determines relative path to files, fixing some CLI usage issues.
- Interview OS devices (ie, printers) now correctly skip producing an actual script. This mostly caused confusion because printers would have a generated script.
- Fixed a bug where NewClientChecklist was initializing incorrectly.
- Correct customer databases to merge various duplicate/renamed benchmarks. Notable among these are Firefox and the voice and video services STIGs
- Control rater was not allowing controls to become compliant again thanks to old CCI rating data. That’s fixed now, only the most recent CCI ratings will be used
- Client Dashboard and New Client checklist no longer return error with no Client or if CCI’s haven’t been built.
- CKL import should more reliably find matching benchmarks
- Fixed benign error message near end of installer output
- Users can now import SCAP results into Xylok
- A client’s POA&M can now be managed directly within Xylok, allowing dates and comments to be tracked. Changes are timestampted in the database, laying the groundwork for reviewing changes over time. The generated POA&M Template will integrate any changes made on this POA&M manager.
- CCI and Control raters store changes over time, allowing for review of changes over time.
- An integrated Client Dashboard is now available under the Clients menu. This dashboard includes configurable graphs to show changes over time.
- Benchmark editing is now performed outside the main Xylok Scanner web interface. Benchmarks are tracked in an external repository to allow for more flexibility in tooling and testing. A plan will be developed to transition organizations that currently edit benchmarks internally to the new tools.
- Added filter for “needs manual review” on the scan details page. Added new icon for “needs manual review”.
- Xylok manager will return return code from commands run via exec
- Podman 2 rootless mode is now more fully supported.
- Old benchmarks can now be more cleanly hidden from view, but still exist for purposes of old scans.
- During install, perform cleanup of old Xylok images based on image tag. This removes the need for an all-or-nothing image prune call. As a consequence, upgrades will no longer prompt for confirmation.
- Benchmarks are tracked by a Git commit ID, allowing upgrades to complete more quickly if a given benchmark hasn’t been updated.
- Moved to HTML based help documentation.
- Xylok default users are no longer bundled into installs.
- Redis will persist its database across upgrades, allowing users to stay logged in
- Ability to enable/disable using ‘unready’ versions of benchmarks. Defaults to disabled.
- Added benchmarks and admin user CLI flags to installer
- Added support for .tar.gz, .tar.bz2, and .tar.lzma files in import
- Simple page to grab authentication token for use with external tools using the Xylok API.
- Detect Podman version 2 correctly
- Detect even more odd builds of Docker
- Default to debug off for local installs
- Importing a client from JSON correctly saves RMF overlays.
- POA&M now properly only includes non-compliant rows
- Support OSes that ship with a base64 that does not support newline-terminated inputs. (RHEL 5 is notable here).
- Bulk processing now links back to machine/location scan list. Select all and select page are now options
- Proxy now has access to certificates on host again
- Small speed improvements in Xylok Manager
- Docker 1.13 supported
- Xylok now supports both Docker and Podman.
- CentOS 8/RHEL 8 support should be much better using in-repo Podman.
- Podman 1 in root mode should work correctly.
- Podman 2 and rootless modes has not been tested as much.
- Systemd is needed to auto-start Xylok on boot. Xylok Manager’s “systemd” subcommand can help manage the service file.
- All Podman installs should be treated as experimental–please contact support if you encounter any issues!
- human_id is now accessible to post-processing scripts by using “ctx.human_id”
- Post-processing scripts can mark an item as “needs manual review” to make it obvious the data was looked at by the script, but a determination is impossible without more information. Reports treat this status the same as “not reviewed.”
- Upgrade Django to 2.2 LTS.
- Remote databases are now supported for standalone installations. IE, an AWS RDS Postgres instance could be used.
- Better handling of volumes under SELinux (even when using Docker).
- Machine scan listing is now correctly paginated.
- Self-managed user password changes.
- User may now set http and https port manually before install using
--http(s)-port <port>
flag
- Scan list now has checkboxes to select multiple scans for deletion/auto-analysis/post-processing.
- Added ability to specify listening ports via HTTP_PORT and HTTPS_PORT in /etc/xylok.conf. See Manual for more information.
- Embeded docker-compose updated to latest version
- Some delete form “Cancel” buttons have been fixed.
- Proxy bind addresses set up to correctly issue certs in all cases
- Never require SSL from the Xylok web server, handle only on proxy side
- Allow importing clients that have old version infomation stored
- Install defaults to production mode
- Show Caddy environment during boot
- Upgraded to release version of Caddy 2
- Always set PATH for Windows batch scripts (should help systems that have had powershell removed from the path)
- Now using Caddy as the reverse proxy, unifying all deployment types under the same server.
- Proxy now hosts most static files, reducing number of containers in use (and a small reduction in disk usage).
- Caddy requires a common name in certificates. If a certificate does not match this requirement, it will be moved in /opt/xylok/certs to allow Caddy to still run using a self-signed certificate.
- Additional HTTP security headers enabled for local installs
- Docker helper scripts have been overhauled, fixing some issues and adding some flexibility. General usage has not changed.
- Docker helpers run commands as the current user, avoiding some permissions issues that might arise.
- import-data.sh CLI allows automatic analysis to be run immediately, see updated manual.
- Updated Xylok manual with instructions for updated import-data.sh
- PP moved into core application. Brings a massive speed improvement at the possible cost of stability. Postprocessing speed more than doubled, bulk processing updates are more quickly applied to the database.
- As a result, there will no longer be a separate “postprocessor” Docker container. It should be automatically removed during the upgrade.
- Added support for additional string outputs from PP. Currently does nothing, but in the future these may be shown as additional columns on spreadsheets or other reports
- Build image no longer warns about Docker if it is not in use for that build step
- Build licenses, images, and benchmarks as separate parts
- Profiling features and support for internal use
- Frontend correctly responds to requests again
- CKL production has numerous fixes:
- ‘rule names’. Not all STIGs will work correctly, new data can only be pulled from some STIGs.
- Severity values are correct now, so all Cat I/II/III tabs will populate correctly.
- CKLs are built into a location-based directory structure
- Bulk postprocessing of small scans (less than 100 items) will now succeed
- Updated benchmarks are pulled in correctly again
- Fixed technical likelihood not saving on CCI rater
- Fixed Traefik 2 not working with HTTPS. This fix includes forcing all clients to redirect to HTTPS–if this causes problems for your organization contact support@xylok.io
- Fixed technical items not appearing on CCI rater
- Moved to Traefik 2 as a proxy for local installations
- Added CCIs to several benchmarks that did not have CCIs from DISA or that tied to RMF rev 3, including Cisco Firewall, JRE 7, and some RHEL 6 items.
- Updated AFSPC A3/6 MAD
- Fixed post processing timing out on large scans
- Copying question answers when the ‘from’ scan does not contain all the benchmarks of the ’to’ scan now succeeds
- Copying question answers when the ‘from’ scan does not contain all the benchmarks of the ’to’ scan now succeeds
- Bulk Postprocessing for large scans will no longer timeout
- If a 40X error is encountered by the PP test script, it now shows the response body
- Benchmark importer does not die on XSL files
- More reliably only stop existing install if the stop script actually exists
- Warn when showing raw output on PP tab during analysis
- Correctly end Airtable upload loop
- Benchmark version comparison no longer duplicates changed/removed entries
- Benchmark changes are now pushed to tracker for easier management
- Limit benchmark update time to 30 minutes
- Make working with empty PP output more consistent
NOTE This version will upgrade your system to Postgres 11. A special backup will be created as a part of this process. Please contact Xylok if you encounter any issues.
- Severity value displays correctly on benchmark listing (internal value was correct)
- Question editing corrected
- OSes not selected warning fixed for when only tags are in use
- Updated all use of version/release numbers to support string versions
- Ensure selects with no key or os tag are still correct
- Only Xylok production will attempt to send errors to central logging
- Runners are loaded correctly for command verification
- Note in the check search that regex is supported
- Check searches with incomplete regular expressions will now be treated as plain strings
- PP error helper grammar fixed
- Base64 works on systems that do not support base64 –decode
- PP audit helper handled blank case and correctly marks “no rules” case as noncompliant
- eMASS TR fixed following other internal changes
- Control rater CCI definitions included again
- Bug with control rater rebuilder related to assessment number corrected
- Risk rating from MAD not being included in CCI dump
- Added separate vCenter OS(es) to reduce the confusion around using “ESXi” when collecting data on a vCenter server.
- Added versions.sh script to utilities, allowing for easy confirmation of the version numbers of components in Xylok
- Xylok web displays long benchmark IDs appropriately
- Pointed file importer to new XML processor
- CIS and DISA XCCDF imports run through a merge operation into the original JSON in Xylok
- CIS and DISA benchmark conversions to JSON fully supported
- When Xylok service(s) are not availble, try to die with a nicer message
- Interview and user-editable answers are now easily copied from scan to scan
- Stacked scan info more closely together to save space
- Show scan descriptions on various lists
- Scans can now have a description set to help differentiate scans
- Control ratings can now be imported and exported independent of the remainder of the client configuration
- Windows Server 2012 no longer depends on subinacl and dumpsec
- CCI rater rebuild now applies automatically compliant/NAs from MAD
- Add audit module to PP docs
- PP new check_audit_lines() helper is available
- PP audit helper functions added
- Seaching and filtering for new columns in CCI rater
- CCI rater modal links to CCI page
- New-style CCI rating calculator complete
- New CCI rater modal layout
- Manual has a new section for working with ESXi/vCenter
- pgcli multistage build
- pgcli moved to Python3
- Moved to Taskfile for task management
- Less noisy DOCKER_HOST initialization
- Always pull base image again
- Build custom pgcli image
- Build custom version of Redis image
- Whitenoise uses Django finders to locate static files
- Whitenoise 4.1
- Multistage PP image build
- Simplified black configuration
- Optomized core Docker image for size
- Machine and location commands are retrieved via access layer
- Clean up unnecessary imports
- Sped up most integration tests
- Always clear caches on DB initialization
- Test for exporting ISO
- Tests for client importing and exporting
- Fixed STIG XML importing during automatic updates
- Customized Postgres 11 image
- Migrate raw risk comments to technical comment field
- Handle no scan being supplied to PP processor
- Handle blank PP scripts more gracefully
- PP tester script can now accept scan and client JSON for more involved scripts
- More informative error messages for PP stack traces
- PP script errors are reported with line numbers closer to the real location (should only be offset by 1 line)
- After finishing disk cleanup, show resulting free space
- Use Kaniko to build main builder image
- Windows Server 2019 has been updated with commands, please report any issues you encounter!
- Fixed an issue with context.raw not always returning the correct value
- PP with blank raw_output works again
- Fixed a speed regression with PP and the new options available to scripts
- Pager-based filtering corrected to work with all pages
- Sorting on special columns (risk, category, status) works as expected now
- Allow 255 characters for benchmark IDs and short titles
- Normalize benchmark ID when importing SCAP content
- Use the benchmark ID as the short title if the normal title is too long
- When clicking copyable text, ensure the scroll position doesn’t change.
- Added new SIDs for resolve_sids
- Benchmark list included in SAR
- Added ability to export the SAR data as a JSON file
- Added Lenenshtein Distance algorithm as PP helper
- Clients can now be marked as classified (in a future release, this will allow reports to be marked appropriately)
- Postprocessing documentation updated with
context
information - New Context object available for PP to use, which includes smart properties for common PP needs
- Hovering over a command in analysis shows the PP script in use (if any)
- New
context
variable to PP scripts carries additional information without adding to the global namespace - PP now has much more data available to it.
- Bulk processing of a scan’s PP should be faster in some circumstances.
- Results listing shows PP output if available
- CCI rater now uses a fancy search box that can take multiple conditions and negations
- Allow search entry via query builder OR direct input
- Removed old filter headers on CCI rater
- Support “has:” queries in fancy search
- Increased the size of the CCI rater modal text boxes some
- Preemptive fix to avoid poorly constructed benchmark helpers from breaking building scripts.
- Error if no data config is given for a spreadsheet column
- Autofit gives a bit more room
- HW report widths fixed
- eMASS TR formatting fixed to focus on results more
- Fixed wrapping on machine report
- eMASS TR now has blue “results here” and autofiltering by default. Closes #146 and #145
- Conditional formatting location adjusts with additional columns
- During base control wrap-up, N/A controls no longer affect the parent control’s status
- Newline in checksum file
- Build SAR System Control Risk Distibution off full control list including enhancements, not just base
- Individual names for checksum files
- SAR Baseline Control Review CCI C/NC/NA/etc counts corrected
- SAR Base Control Review comments for NAs are more appropriate.
- Control rater now prioritizes compliance status by NC > C > NA CCIs. I.E., if there’s a conflict then the highest rating wins.
- SAR Base Control Review has spaces added for status now
- On SAR CCI&AP tab, statuses now include spaces
- Conditional formatting for findings spreadsheet
- Colors for SAR ratings
- Added conditional formatting for POAM Severity and Residual Risk columns
- Impact Description can be included on POA&M (just a blank placeholder)
- Added more POA&M options: Rule ID/STIG ID and the ability to include items without an AP
- POA&M now has an options page that allows adding blank lines to template. Closes #142
- Added a Control Review worksheet to the tab, which covers all controls including enhancements (in contrast to the Base Control sheet)
- Added System Control Risk Distribution chart to SAR
- Control Rater default comments are now built off NAs and Compliants as well
- Allow filtering for NAs on CCI and control rater
- If the CCI Benchmark for a CCI is marked as Not Applicable, the associated CCI will also be marked NA regardless of other data.
- Include Not Applicables on CCI rater modal items
- If a NIST CSF category is an “unknown” risk (probably compliant), call it Compliant on the NIST CSF SAR tab
- If a CCI has no mitigations, state that rather than having a blank commet in the default comment
- Use fully qualified Docker image tags for installers for increased Podman/Docker interoperability
- Removed mypy dependency
- Moved all conditional formatting into helper functions
- Documented spreadsheet_builder
- More consistent internal name for spreadsheet config items
- SAR moved to spreadsheet builder
- FARR spreadsheet moved to helper
- Moved HW report to new spreadsheet helper
- Moved Individual Findings Spreadsheet to new builder
- POA&M and Scan Comparison moved to new spreadsheet generator helper
- Show OS on machine page
- A default comment can now be built for the control rater. Use control rating default comment in reports if a manual comment is not set
- Added implementation guidance from MAD to CCIs. Hot loaded on demand
- Better description of Control Rater comment purpose
- Show default comment on control rater if there is no other comment
- NC3 overlay updated
- Control pages show deprecation/withdrawn warnings
- Tomcat benchmark built
- SQL Server 2008 R2 working from Server 2008 (Using SQL Server 2012 STIG)
- Client controls and CCIs are filtered by withdrawn/deprecated status
- POA&M now uses Rule ID and skips item without MAD entries by default
- “Tranditional” misspelling fixed
- POA&M now includes only emass-only columns
- Label the FARR Risk as such in the individual findings spreadsheet to avoid confusion
- Firefox control overlay formatting
- If AA data can’t be imported for any reason, skip it without dying on remaining data
- Don’t die if there’s no exception to report in a JSON call
- eMASS TR control names have no spaces in them
- It is now possible to click the actual overlay row instead of just the links
- “Medium” renamed to “Moderate” in all applicable cases
- On POAM, all severity/impact strings use spaces instead of underscores
- SAR risks/etc have underscores replaced with spaces
- Checksum file is more simply named
- Corrected hash file format
- Installer can now be pushed to ShareFile
- Firefox control overlay formatting
- If AA data can’t be imported for any reason, skip it without dying on remaining data
- Findings JSON generation no longer complains about UUIDs
- Added “machines” column to POA&M
- Added FQDN to JSON findings
- Added machine and location ID to finding JSON
- Only benchmarks available in a license are shown in the benchmark list
- Cache clear command works
- “Eventually” has arrived
- Report generation script as JSON
- Networkparse 1.6.5
- JSON export of individual findings
- Individual findings JSON can be built quickly from the command line
- Scale workers correctly again, now that zombie workers are corrected
- Keep trying worker names until one works, fixing workers dying early
- Use command -v instead of which in POSIX and CSH environments. Fixes an issue with Solaris 10
- MySQL scripts can be generated
- PP scripts run in a function now, allowing them to return early
- Updated NetworkParse to 1.6.4
- Only run a single worker until name duplication issue can be resolved
- Handle non-UUID case in patching benchmarks
- NetworkParse 1.6.1
- Removed applications from the DB
- Skip loading benchmarks if they don’t exist in installer
- When building installers without a complete installer, don’t die
- Handle diffs requests that have JSON files that are not in the DB
- Easier method of extracting benchmark changes from last update
- Check for new STIGs every hour
- Added FortiOS to application fixture
- Only show overlay if dragging files, not text
- NetworkParse v1.2.0
- Show OSes in command table row
- Benchmark metadata is always loaded and placed in store, making page transitions faster
- When the user is not logged in, don’t show file drop indication
- Importing clients with incomplete control ratings now works
- If rule ID isn’t available, use stig id for checklists
- When exporting Checklists, use Rule ID
- Added FortiOS (Fortinet networking OS)
- Better error handling on uploads
- SPA pages now support drag-and-drop file upload of multiple files
- Added RSS feed of STIG changes
- Allow specifying the starting url for a benchmark scrape
- Updated benchmark scraper to use new DISA cyber.mil site
- Rule ID now stored in DB and there is a way to import them using DISA XML
- On connection/download errors, don’t leave the link as marked
- Added flag to PP testing script to ignore SSL errors, useful for self-signed certs
- Updated NetworkParse documenation to the latest version
- Only create pwsh directory if we’re going to actually extract powershell
- No longer need to create symlink for powershell, the script itself will create an alias if needed
- Supress some PS errors and allow it to work properly on systems with Powershell Core only (pwsh vs powershell)
- Less noisy PS extraction
- ISOs with multi-extension files work
- ESXi from PS now uses correct env
- Include updated OS and execution environment info in fixtures
- When setting up PowerCLI, use system-specified PathSeparator
- Ensure benchmark cache is cleared on imports of JSON
- ZIP and ISO production use the same method for folder creation
- PowerCLI Environment for ESXi
- PowerCLI helper in place
- Helper assignments can be import/exported
- Metadata for benchmarks is easier to read and shows information about runners/oses
- CCI rebuilding will load data correctly at completion
- Recommendations and control adds/removes/overlays included in export
- Include control number in ratings for client exports
- CCI ratings showing under Control Rater modal
- Don’t show pager while loading cci/control ratings
- POA&M generation errors
- DISA Scrape no longer breaks on XML that is not a benchmark
- File importer redirect
- CCIs in benchmarks will now import correctly
- Client controls load properly
- ControlRating migration name issue
- No longer include controls in installer
- SAR generation with new CCI ratings
- Control Rater sort order
- Control Rater default sort
- Control Rater rebuild button
- Control rating page and SAR generation working with new control rating table
- Indexed check CCI numbers
- When searching for ONLY a control group, don’t search other text
- PDB left in test
- SE family sorting into the middle of SC
- Link back to benchmark from check
- Allow changing versions in comparison
- Allow access to the homepage when not logged in. Oops.
- CCIs eradicated from StigCheck
- Function documenation
- Removed numerous old STIG change components
- Use new benchmark diff across the board
- Benchmark diff remade as SPA
- SPA homepage used for all home-page links
- Homepage is now SPA
- CCI rater moved to same format as control rater
- Controls and CCIs completely removed, migration not applied to remove columns yet
- Dependencies upgrades
- Title in benchmarks hides on small screens (short title still visible)
- When not authenticated, don’t fail on removing commands from metadata
- Dynamically show/hide pager on all pages using it
- Check links and JS errors when no benchmarks are visible
- Allow anonymous users to get background task information
- Benchmark check paging is actually used for table
- Benchamrk CCIs listing/editing corrected
- Don’t show Extras in control list
- Hide withdrawn controls on control list (can still be viewed)
- CCI searching
- Scroll position between SPA pages should be more natural
- Increased number of items on pages
- Use RMF JSON rather than DB for client control determination
- Cross-domain overlays corrections
- Never apply text-based AA to CCI benchmark
- Background task errors have red alert again
- Background exception error handling
- OVAL importing
- Removed unneeded template files for controls
- Additional old control pages removed
- Controls no longer have separate group pages
- Removed dependence on RMF controls in DB for reporting
- Removed dead system import/export code
- From SPA pages, directly go to client selector
- Use new SPA benchmarks page
- CCIs can now be searched by related RMF controls
- Load metadata locally to benchmark list, not into Vuex
- Benchmark list is now dynamic, although too slow to use
- Paging added to benchmark checks
- Show benchmark name on check
- Overlays now use SPA exclusively
- Overlays now have SPA page
- When CCIs are loaded, RMF related numbers are normalized
- CCIs now have SPA page available
- Controls are now handled by SPA
- RMF controls are now searchable and paged
- JS Control browser built, not yet default option
- Sentry is now used for error recording rather than Rollbar
- CCI benchmark is now marked NA based on the client control set.
- AA data import now available, upload using the normal fields
- Automatic analysis data can be export for a benchmark from the same location as normal benchmark exports
- Sorting, searching, and paging support all moved to pager mixin
- Metadata is produced much more quickly when not in cache
- Removed benchmark files to make searching clearer
- Removed client.rmf_controls
- Removed dependencies on client.rmf_controls
- Rollbar removed
- Re-enabled coverage information for controls
- Removed duplicate CCI entry for CA-1
- Client selected controls working again
- Don’t double-request benchmark when benchmark page first loads
- PP docs not loading in Python 3.7
- More likely to find the “useful” error message in the string exeception info
- Better handling of in-progress statuses
- Removed PP browser, instead we point to generated docs
- Control list loading speed improved by nearly 50%
- Benchmark loading happens in background
- Removed need to rebuild scan and benchmark caches during install
- Full traceback available for failed tasks (for logged-in users)
- Testing around comparisons put in place
- Consolidated async network handling and downloads
- Local installs should spawn more workers. Defaults to 4, but can be configured in /etc/xylok.conf
- K8s will now run worker correctly
- Moved from Celery to Python RQ to support Python 3.7 and allow better task management
- Moved entirely to Poetry from Pipenv
- Moved to Python 3.7
- Removed unused benchmark_api
- Numerous changes to control access internally
- Scan comparison should be more reliable
- Scan comparison now automatically performs a compare when both selections are locked
- Include changelog in docs index
- Easier method of building release notes
- PathPrefixStrip for docs to allow them to load correctly in standalone installs
- Change log section titles for changelog
- Specify limit and request for all memory on K8s
- Installers built in tagged directories now and make installer names more straight forward
- No longer deploy on tags, only master
- Build release notes and automatically push them