Runecast Analyzer Release Updates

• Preventing unexpected startup sequence in rare cases for OVA deployments

• The underlaying OS for OVA and cloud image deployments has been upgraded
• Added possibility to delete multiple registered OS hosts at a time
• Standard update and maintenance of knowledge rules, HCL records and system packages

• Automated migration of potentially affected filters after upgrade to version 6.5
• DISA STIG for RHEL was updated to latest version (ver1, rel. 9)
• Standard update and maintenance of knowledge rules

• Added CIS for CentOS 7
• Standard update and maintenance of knowledge rules, HCL records and system packages

• Tasks in Configuration Vault - performed tasks on ESXi hosts and VMs are now available in Configuration Vault. This allows easy correlation between configuration changes and performed tasks for enhanced audit tracking
• Brand new analyses comparison - provides deep insights into what has changed between two analyses - on issue and object level. Helps to track progress towards risk-free IT infrastructure
• More security profiles -Runecast now covers BSI for Kubernetes and KVKK for vSphere
• Standard update and maintenance of knowledge rules, HCL records and system packages

• Coverage of multiple important VMware KBs affecting infrastructure availability
• Standard update and maintenance of knowledge rules, HCL records and system packages

• NIST coverage for Windows Server OS
• Increased count of automated DISA STIG rules for Windows Server
• Improved performance and stability
• Faster update of manual answers
• Addressed an issue with the vSphere WebClient plugin
• OS analysis agent update to resolve missing collection data
• Minor usability improvements of the Image Scanning view
• An ESXi 8.0 coverage in the HW compatibility checks.
• NIST coverage for Linux RHEL
• New coverage of Microsoft Vulnerabilities added (published by Microsoft this month).
• Standard update and maintenance of knowledge rules, HCL records and system packages

• Container image scans can be shared by a dedicated URL
• NSX-T Global Manager is now supported as part of the NSX-T connection
• Standard update and maintenance of knowledge rules, HCL records and system packages

• Extended coverage of DISA STIG for vSphere 7 (vCenter VAMI and RhttpProxy)
• Updated OS agent to allow auto-evaluation of more OS related rules
• Addressed minor usability bugs
• Standard update and maintenance of knowledge rules, HCL records and system packages

• Additional API endpoints for container image scanning integration
• Export to Jira now available in all views
• Addressed minor usability bugs
• Standard update and maintenance of knowledge rules, HCL records and system packages

• Added critical VMware KBs in the proactive analysis
• Standard update and maintenance of knowledge rules, HCL records and system packages

• Coverage for critical MS Windows CVE-2022-30190
• Extended Linux vulnerabilities coverage
• Standard update and maintenance of knowledge rules, HCL records and system packages

• Addressed minor usability bugs
• Coverage of NIST profile for Azure
• Coverage of BSI profile for Windows Server OS
• Standard update and maintenance of knowledge rules, HCL records and system packages

• Communication of “Not Analyzed” issue state – brings attention to new rule definitions that were not analyzed yet
• Added integration to Jira
• Extended vSphere collection – tags for objects are now included in Configuration Vault
• Improvements to the OS Analysis – simpler agent installation and better communication of errors during analysis
• Standard update and maintenance of knowledge rules and Hardware Compatibility List records

• Introducing Organizations - group connections into different logical units to replicate your company structure and allow only required teams to view or manage the systems they are responsible for
• Correlation with Known Exploited Vulnerabilities (KEV) catalog helps you prioritize remediation actions for any discovered vulnerabilities
• More security profiles - OS support is extended with coverage of DISA STIG profile. vSphere can be evaluated against GDPR
• All new issue lists unlock new powerful ways of how to observe, filter, inspect and resolve all the reported issues

• Improved usability
• Standard update and maintenance of knowledge rules and Hardware Compatibility List records

• New CIS Benchmarks - Windows Server 2019 and RHEL 7
• Extended coverage of VMware NSX-T
• Fixed usability bugs
• Standard update and maintenance of knowledge rules and HCL records

‍

• Added a rule detecting a newly published log4j2 vulnerability (CVE-2021-45105)
• Updated log4j to version 2.17 to address CVE-2021-45105
• Updated ElasticSearch and Logstash to 6.8.22 which contain the latest log4j 2.17
• Fixed the OS agents installation script to work with localized Windows versions
• Updated the VMSA-2021-0028 body in the UI according to the latest VMware updates
• Updated the VMware Horizon log4j analysis rule as now there is a patch released, based on VMSA-2021-0028
• Adjusted the Apache Log4j2 Security Update CVE-2021-45046 severity to Critical

• Runecast Analyzer and all components are fully patched to address CVE-2021-44228 and 2021-45046
• Updated detection of Apache Log4j Java library vulnerability (CVE-2021-44228) on Windows and Linux which improves the results accuracy and makes the results more explanatory
• Detection on Windows, Linux, and VMware of newly added Apache Log4j Java library vulnerability (CVE-2021-45046)
• Updated Elasticsearch and Logstash components to version 6.8.21 to address CVE-2021-44228 and 2021-45046
• New Windows 2016 Domain Controller CIS profile added that extends the compliance capabilities on Microsoft platform
• Improved detection of CVE-2021-44228 reducing false positives

• Detection of Apache Log4j Java library vulnerability (CVE-2021-44228) on Windows and Linux
• Applied Log4j vulnerability workaround on Elasticsearch components
• Log4j library used in Runecast Analyzer updated to latest recommended version - 2.16.0
• Updated evaluation of VMSA-2021-0028 to include the newly added NSX-V

• Apache Log4j Java library is updated to version 2.15.0 to address CVE-2021-44228
• Critical VMSA-2021-0028 is covered by Runecast Analyzer

• Support for LDAP as an Identity Source. You can now use local user management, Active Directory or LDAP/LDAPS groups to allow access to Runecast
• Significant Remediation improvements – additional remediation rules for AWS, doubling the amount of remediable issues and the ability to add parameterized remediable content (such as timeout values, etc.)
• New Configuration Vault views – for Kubernetes and NSX-V
• vSphere7 Update 3 checks against VMware Hardware Compatibility List (HCL)

• Configuration Vault: Introducing a new summary widget to spot changes or deviations easily.
• Configuration Vault: added ability to apply the same baseline on multiple systems
• Configuration Vault: added AWS insights with multiple additional views
• Added Remediation functionality for AWS environments.

• Introducing Configuration Vault to highlight inconsistencies and configuration drift in your environment
• Introducing Remediation - generate scripts & Ansible playbooks to remediate issues at speed
• Knowledge Definition update

• Added Best Practices Profile for vSphere on Nutanix
• Added CIS Benchmark for ESXi 7.0
• CIS Benchmark updates for ESXi 6.7
• Knowledge definition update

• Runecast Analyzer can be deployed natively on Azure from Azure Marketplace
• Added Vulnerability Management
• User Guide is now additionally embedded into the appliance for offline usage
• ‍VMware Hardware Compatibility widget added to the main dashboard
• Added standard port groups to the list of reportable objects for vSphere environments
• Knowledge definition update

• Knowledge definition updates

‍

• Added ServiceNow integration 
• Added automated audits and reporting for Cyber Essentials compliance in vSphere environments
• Knowledge definition updates

‍

• New onboarding wizard guiding the initial setup of your vCenter, AWS and Kubernetes environment in Runecast
• AWS dashboard improvements (new widgets for severity, profiles and history)
• Full Public API coverage for NSX-T, Kubernetes, AWS, VMware Cloud Director
• User interface of the Runecast definition database view enhanced  
• Knowledge definition updates

• Added initial VMware Cloud Director support (Early Access)
• Knowledge definition updates

• Audits against VMware’s Security Configuration Guide (SCG) for NSX-T
• Insights for Edge Nodes, Host Nodes, and Management Nodes
• Checks against VMware Knowledge Base articles covering NSX-T
• Validation against NSX-T best practices

• Added ISO 27001 compliance profiles supporting VMware and AWS
• Added STIG Viewer export
• Added VMware Security Configuration Guide 7.0 support

• Fix added to allow vCenters with vSAN 7.0 U1 to be correctly analysed
• Knowledge definition updates

• Custom Profiles Support.
• Adding Kubernetes (CIS and Best Practices).

• Added GDPR compliance profile for AWS.‍
• Latest knowledge definition updates.

‍

• Fixed a problem to upgrade to 4.4.2.0 when Active Directory was configured.
• Knowledge definition updates.

‍

• Update of vSphere 6.5 DISA STIG to version 1, release 4.
• Added official best practices for Pure Storage Flash Array.
• Knowledge definition updates.

‍

• Improvements to the analysis algorithm to support the latest knowledge definitions.
• Knowledge definition updates.

‍

• VMware Hardware Compatibility: New override functionality enables that particular hardware can be marked manually as compatible, and the information will be applicable in all areas of Runecast Analyzer.
• UI redesign of the Hardware Compatibility feature for increased usability, readability, and accessibility.
• Knowledge definition update.

• HW Compatibility: Added smarter evaluation of socket configurations for servers. 
• Enterprise Console: Added new public API endpoint for group management. Added search/filter functionality for connected systems. Increased loading speed of local systems by 70%.
• Knowledge definition update.

• Added NIST security profile compliance scans for native AWS environments. 
• Knowledge definition update.

• General improvement: Full vSphere 7.0 support.
• Possibility to deactivate VMware HCL checks for any socket number configurations via public API of Runecast Analyzer.
• Knowledge definition update.

• Enterprise Console: New dashboard to monitor a network of Runecast Analyzers and all connected systems.
• Added CIS security profile compliance scans for native AWS environments. 
• Knowledge definition update.

• Best Practices for SAP HANA deployments on VMware.
• NIST (VMware) compliance profile to support federal agencies.
• Added the ability to use custom repositories to update your appliances and deliver knowledge updates.
• Added the ability to include/hide healthy inventory objects (hosts, devices, etc...) from the inventory view.
• Improvements to the user interface and handling for better usability and consistency.

• Update to activate free Horizon analysis to support the home office situation world wide due to COVID-19 crisis.
• Knowledge Definition Updates.

• New usability enhancements.
• Knowledge Definition Update.

• New Security Hardening profile - CIS (Center for Internet Security) for VMware environments.
• Update of DISA STIG profile for vSphere 6.5 ESXi and Virtual Machine.
• Inventory view enhanced with total issue count for each object and all its descendants.

• New Security Hardening profile -  BSI Security Standard.
• Major Performance Improvements.
• Knowledge Definition Update.

• Customizable PCI-DSS criteria based on your enterprise-specific security requirements.
• Add the Log Analysis improvements.
• Improving check of VMSA-2019-0011.

• New HCL ESXi upgradability feature.
• General VMware Hardware Compatibility List (HCL) Improvements.
• WebClient Plugin Improvements.
• Data simplification after 1 Year.

• Brand new automated VMware HCL functionality available in public Beta: Including Host and IO devices checks.

• Update of DISA STIG.