Runecast Release Notes
Subscribe to RSS
Runecast Analyzer 6.9.5.0
- CIS Update for Windows Server
CIS profile for Windows Server 2022 is updated to the latest version (version 3.0.0).
- Analysis separation
An architectural update to our application. The configuration and analysis components have been separated into independent modules.
- K8s Node Collector changes
Improvements in collection for more precise results and support of upcoming security profiles (please note there is a mounted volumes change).
- Improvements
Improvements made to enhance usability and functionality.
- Standard update and maintenance of knowledge rules
Weekly updates of knowledge rules, HCL records and system packages are included.
Knowledge Definition Update 6.9.4.2
- Critical VMSA-2024-0012
VMware vCenter Server updates address heap-overflow and privilege escalation vulnerabilities (CVE-2024-37079, CVE-2024-37080, CVE-2024-37081).
- CIS Update for Windows Server
CIS profile for Windows Server 2016 is updated to the latest version (version 3.0.0).
- Standard update and maintenance of knowledge rules
Weekly updates of knowledge rules and HCL records.
Runecast Analyzer 6.9.4
- Data retention configuration
You can now change or disable data retention policy for features like Configuration Vault and Capacity Management
- vSphere Agentless OS Scanning Updates
- Usability improvements
The Filters and Licensing settings pages have been re-designed for easier use.
The vSphere Log KB Articles page is now aligned with other issue pages, so you can take advantage of the standard issue grid features and issue details.
- Definitions update and maintenance
Weekly updates of knowledge rules and HCL records and OS Security updates
Knowledge Definition Update 6.9.3.1
- CIS Update for Microsoft Azure Foundations
CIS Security Profile for Microsoft Azure Foundations was updated to the latest version (v2.0.0).
- CIS Update for Ubuntu Linux
CIS Security Profile for Ubuntu Linux 22.04 LTS was updated to the latest version (v2.0.0).
- NIST for vSphere enhancement
NIST for vSphere has been updated to include new rules based on the DISA STIG for vSphere 7.0, in addition to the original rules.
- Standard update and maintenance of knowledge rules
Weekly updates of knowledge rules and HCL records.
Knowledge Definition Update 6.9.1.2
- Critical VMSA-2024-0006
VMware updates address multiple vulnerabilities in ESXi.
- CIS Update for CentOS
CIS Security Profile for CentOS was updated to the latest version (v4.0.0).
- Standard update and maintenance of knowledge rules
Weekly updates of knowledge rules are included.
Runecast Analyzer 6.9.1
- OS collection fix
Resolved an issue causing incomplete Linux OS configuration collection.
- Extended DISA STIG coverage
DISA STIG security profile now covers Red Hat Enterprise Linux 9.
- Extended CIS coverage
The CIS security profile now covers Rocky Linux Benchmark v.1.0.0 and Microsoft Windows 10 & 11 Benchmarks v2.0.0.
- Definitions update and maintenance
Weekly updates of knowledge rules and HCL records.
Runecast 6.9
🚀 Agentless Scanning Improvements
The vSphere Agentless feature has been extended with complete coverage for Windows and Linux OS vulnerabilities, along with configurable tags for specifying eligible VMs for scanning. AWS EC2 instances and vSphere VMs selected for agentless scan are highlighted in the inventory tree.
🎁 Introducing New Sidebar with View Controls
Issue quick filters were moved to a brand new side panel allowing view selection - controlling the scope of issues, listed in the table, based on their results.
MS Word Export
The results of the analysis can be exported in a detailed DOCX format. This provides the freedom to easily edit the exported data while keeping it well formatted.
CIS CSC and HIPAA Update
Ubuntu Linux 22.04 and 20.04 are covered in CIS CSC. HITRUST 9.2 for Azure was added to HIPAA.
Cross-System Rules
A single knowledge definition can be related to multiple system types. For instance, a given vulnerability can be discovered on OS with agent and VMs with vSphere agentless scanning configured.
Knowledge Definition Update 6.8.3.2
- Critical VMSA-2023-0023.1
VMware has confirmed that a critical vCenter Server remote code execution vulnerability (CVE-2023-34048) patched in October is now under active exploitation. Users are advised to apply available updates to affected VMware products to remediate the vulnerability.
- Standard update and maintenance of knowledge rules and HCL records
Weekly updates of knowledge rules and HCL records are included.
Knowledge Definition Update 6.8.3.1
- New Microsoft CVEs: New Microsoft CVEs from Microsoft's January 2024 Patch Tuesday are added for OS analysis. Additionally, the existing Microsoft CVEs rules for OS analysis are aligned with the latest updates.
- RHEL DISA STIG update: DISA STIG Security Profile for Red Hat Enterprise Linux 8 has been updated to the latest version.
- Standard update and maintenance of knowledge rules and HCL records: Weekly updates of knowledge rules and HCL records are included.
Runecast 6.8.3
- Updated Memory Requirements: With the increased feature set, the amount of covered knowledge rules and to accommodate future growth, the minimum memory allocation for Runecast has been revised. Please review and adhere to the current requirements.
Knowledge Definition Update 6.8.1.4
- DISA STIG Security Profiles for vSphere 8.0 updated.
- CIS AWS Foundations Benchmark Security Profile v2.0.0 added.
- CIS Security Profile for VMware ESXi 8.0 v1.0.0 added.
- Standard update and maintenance of knowledge rules and HCL records.
Knowledge Definition Update 6.8.1.3
- New SUSE Linux CVEs (SUSE/openSUSE CVEs from the period 2020 to 2022 are added).
- Microsoft Windows Server (2016, 2019 and 2022) DISA STIG updated to latest version.
- Standard update and maintenance of knowledge rules and HCL records.
Runecast 6.8
🚀 Agentless OS Scanning for vSphere, Early Access
Introducing an industry-first agentless scanning for Windows and Linux hosted on vSphere. Get a comprehensive analysis of guest OS without the increased overhead for agent deployment and maintenance. Agentless scanning is in early access, detecting a thousand vulnerabilities and increasing with each knowledge definition update. You can still contribute with your feedback to shape this functionality and get the most out of it!
🇪🇺 Extended DORA and HPE CVEs Coverage
The DORA Security Profile has been extended to include Windows and Linux Operating Systems. HPE CVEs affecting hardware and firmware now cover vulnerabilities identified since 2021.
Improvements to Capacity Management
Trend and forecast chart can now be zoomed in to make specific results easier to read. Resource utilization and allocation charts are optimized to display many clusters, improving performance during initial load and workload simulation.
Analysis Summary Report Available in API
Get the latest HTML analysis report for a selected system via public API. The report contains information about configuration issues and drifts detected in the last analysis. You will get a detailed system overview without a need for scripting.
Support of VMware Cloud Director 10.5
Analysis results and Configuration Vault data are now available for version 10.5 of VMware Cloud Director
Knowledge Definition Update 6.7.1.2
- New Linux CVEs (20 RHEL) added.
- New Microsoft CVEs added.
- DISA STIG Photon OS profile section for vSphere 8.0 added.
- CIS for Windows Server 2016 updated to version 2.0.0.
- CIS for Windows Server 2019 updated to version 2.0.0.
- CIS for Windows Server 2022 updated to version 2.0.0.
- Standard update and maintenance of knowledge rules and HCL records.
Runecast 6.7.1
Capacity Management for vSphere
Review your cluster capacity utilization, simulate host failure scenarios, or plan future workload deployments. This feature provides VMware admins with an essential, high level usage overview to prevent resource contention and service degradation. Combined with persistent historical utilization snapshots, it serves as an ideal starting point for monitoring growth and shaping the physical expansion strategy for each cluster.
CVSS Score for Vulnerabilities
The vulnerabilities view has been enhanced to include a separate column for the CVSS score. This adds another option for filtering and prioritizing detected vulnerabilities.
HCL Simulation for vSphere 8 U2
Is your hardware still compatible? vSphere 8 Update 2 was recently released and the HCL data is already available for upgrade simulations.
Content Improvements
- With the inclusion of the vCenter Appliance Photon OS Security Technical Implementation Guide, Runecast now comprehensively addresses all of the DISA STIGs for vSphere 7.
- HPE CVEs affecting Hardware and Firmware have been implemented to cover 2023.
- BSI C5 security standard for AWS was implemented. C5 (Cloud Computing Compliance Controls Catalogue) assists organizations in showcasing their operational security against typical cyber threats when utilizing cloud services, in line with the German Government’s “Security Guidelines for Cloud Providers”.
- The CIS profile coverage was extended by adding Red Hat Enterprise Linux 9 and Oracle Linux 9 benchmarks.
Updated Memory Requirements
With the increased feature set and amount of covered knowledge rules, the minimum resource allocation for Runecast Analyzer has been revised. Please review and adhere to the current requirements.
Knowledge Definition Update 6.7.0.4
- CIS for VMware ESXi 7.0 updated to version 1.2.0.
- New Microsoft CVEs added.
- New Linux CVEs (24 RHEL, 81 Ubuntu) added.
- Newly added - E8 for AWS.
- New Kubernetes BPs added.
- CVEs from 2022 added for Agentless Vulnerability Scanning for AWS (5000+ CVEs).
- More customizable checks added for Linux rules.
- Standard update and maintenance of knowledge rules and HCL records.
- Some rule adjustments to better cover the issues reported in support/feedback tickets.
Knowledge Definition Update 6.7.0.3
- 6 more DISA STIG for vSphere 8.0 (Readiness Guide) profile sections are added
- Newly added - TISAX for Azure
- More customizable checks added for MS Windows rules.
- More customizable checks added for Linux rules.
- Standard update and maintenance of knowledge rules and HCL records.
Knowledge Definition Update 6.7.0.2
- New VMware Vulnerability (VMSA-2023-0019) added.
- Customizable checks added for MS Windows rules.
- 4 new NSX KBs added.
- New Linux CVEs (RHEL - 22 CVEs, Ubuntu - 79 CVEs) added.
- A few manual STIG checks replaced with customizable checks.
- Standard update and maintenance of knowledge rules and HCL records.
- Some rule adjustments to better cover the issues reported in support/feedback tickets.
Knowledge Definition Update 6.7.0.1
- DISA STIG for vSphere 8.0 (Readiness Guide) draft version is added
- VCD Config Vault is enriched
- DISA STIG, MS CIS and Azure PCI DSS were improved
- Standard update and maintenance of knowledge rules and HCL records
- Some rule adjustments to better cover the issues reported in support/feedback tickets.
Runecast Analyzer 6.7
DORA Security Profile for vSphere and NSX
VMware vSphere and NSX engineers can now perform the necessary DORA assessments to demonstrate compliance with the EU financial industry regulatory standard.
Extended Coverage of DISA STIG for vSphere 7
Our new vCenter collection mechanism allows automation of more DISA STIG rules for vSphere 7 and saves you many hours spent on manual validation.
Customizable Rules for OS
You can now customize certain site-specific rules for Operating Systems to fine-tune the automatic evaluation based on your organization’s needs.
Knowledge Definition Update 6.6.0.5
- New VMware Vulnerability (VMSA-2023-0017) added.
- New Linux CVEs (33 RHEL, 187 Ubuntu) added.
- A few manual STIG checks replaced with customizable checks.
- Standard update and maintenance of knowledge rules and HCL records.
- Some rule adjustments to better cover the issues reported in support/feedback tickets.
Knowledge Definition Update 6.6.0.4
- DISA STIG for vSphere 7.0 updated to the latest version (Ver 1, Rel 2).
- New Ubuntu CVE (CVE-2023-20867) added.
- A few manual STIG checks replaced with customizable checks.
- Standard update and maintenance of knowledge rules and HCL records.
- Some rule adjustments to better cover the issues reported in support/feedback tickets.
Runecast Analyzer 6.6
Agentless Vulnerability Scanning for AWS
Request early access to Runecast SaaS from Runecast portal, and perform agentless vulnerability scanning across all your Linux EC2 instances. The newly added option for role-based authentication to your AWS account makes it more secure and easier to set up.
Quick Access to Image Scan Results
Access container image scan results page via its URL from Runecast’s API or Kubernetes Admission Controller, eliminating the need to manually select the correct organization.
More Usability Improvements
Ensure you never miss important information. Failed analyses and expiring licenses are highlighted to capture your attention.
Content Improvements
The ISO 27001 profile is enhanced to cover Microsoft Azure. Also, all Ubuntu CVEs dating back to 2020 are now included.
Knowledge Definition Update 6.5.6.2
- VMSA-2023-0013 added
- Newly added - Ubuntu CVEs for 2023
- Newly added - CIS Benchmark for Kubernetes v1.24
- Newly added - CIS Benchmark for Kubernetes v1.23
- Newly added - DISA STIG for NSX-T
- New Red Hat CVEs added
- Standard update and maintenance of knowledge rules and HCL records.
- Some rule adjustments to better cover the issues reported in support/feedback tickets.
Note: For Linux CVEs the product filter can be used with options Linux Ubuntu, Linux Red Hat or Linux to filter only CVEs of a specific Linux OS type.
Knowledge Definition Update 6.5.6.1
- DISA STIG for Windows Server 2016 updated to the latest version (Ver 2, Rel 6)
- DISA STIG for Windows Server 2019 updated to the latest version (Ver 2, Rel 7)
- DISA STIG for Windows Server 2022 updated to the latest version (Ver 1, Rel 3)
- Cyber Essentials security profile updated to the latest version (Ver 3.1)
- BSI rules for Linux OS adjusted to show better Result Statuses.
- New Linux CVEs from 2020 and 2021 are added (1570 CVEs).
- New Microsoft CVEs are added (679 CVEs).
- 2 Critical VMware KBs added.
- Standard update and maintenance of knowledge rules and HCL records.
- Some rule adjustments to better cover the issues reported in support/feedback tickets.
Knowledge Definition Update 6.5.5.2
- Remediation scripts for ~130 rules added
- CIS profile for AWS updated to 1.5.0.
- Remaining NIST rules for AWS added.
- Config Vault for VMware now contains more performance information and SMNP config details
- VMware BPs for overcommitment
- VMSA-2023-0010 regarding NSX-T added
- ~220 Red Hat CVEs added/updated
- Standard update and maintenance of knowledge rules and HCL records.
Knowledge Definition Update 6.5.4.2
- 4 Critical VMware KBs added.
- 1263 new Microsoft CVEs added.
- The NIST Compliance Profile is updated to NIST SP 800-53 Rev.5.
- Multiple updates and modifications are done on the ISO 27001 and TISAX profiles.
- Standard update and maintenance of knowledge rules and HCL records.
- Some rule adjustments to better cover the issues reported in support tickets.
Runecast Analyzer 6.5.4.0
- Exploit Information for Vulnerabilities - Vulnerability view is now enhanced with additional metadata indicating whether any exploit information is available for a given CVE. This introduces another layer to risk prioritization based on severity levels.
- Additional Result Statuses - Not Applicable and Not Relevant statuses have been added to make the analysis results even more transparent and easy to consume.
- Enhanced Inventory View - The Inventory view page has been redesigned to offer cohesive data and interactions across the board. This page displays the same issue grid, filters, and metadata as in other views, so you can quickly gain insights when checking the overall status of your infrastructure.
- New Compliance Profile: TISAX - The Trusted Information Security Assessment Exchange (TISAX) standard helps to ensure information security in the automotive industry and is now available in the knowledge profiles list.
- Updated OS Analysis Agent (Action Required) - New version of the OS agent is available. Update of the target systems is required to take advantage of new improvements.
- Standard update and maintenance of knowledge rules, HCL records and system packages
Knowledge Definition Update 6.5.3.2
- Standard update and maintenance of knowledge rules and HCL records
- NSX-T and NSX-V SCG (a.k.a SH) profiles are updated.
- 56 new Microsoft CVEs added.
- Some rule adjustments to better cover the issues reported in support tickets.
Knowledge Definition Update 6.5.1.2
- Standard update and maintenance of knowledge rules and HCL records
- Disa STIG for Red Hat Enterprise Linux 7 was added
- ISO 27001 for AWS and vSphere updated
- Some rule adjustments to better cover the issues reported in support tickets.
Runecast Analyzer 6.5.0.0
- Full Objects View in Issue Detail - analysis findings now include all relevant objects that took part in the issue evaluation with their respective status: Failed, Passed, and Filtered out.
- New User Interface - introducing brand new dashboards and redesign of the Settings menu to bring more insights, streamlined interactions and better control.
- Filters in the URL - enables to quickly re-apply desired filter selection on any issue view by storing or sharing the URL.
Knowledge Definition Update 6.3.1.1
- Standard update and maintenance of knowledge rules and HCL records
- 66 new Microsoft CVEs
- PCI DSS Security Standard profile updated to the latest version (version 4) for AWS, vSphere and NSX-V systems.
- Some rule adjustments to better cover the issues reported in support tickets.
Runecast Analyzer 6.2.6.0
- Tasks in Configuration Vault - performed tasks on ESXi hosts and VMs are now available in Configuration Vault. This allows easy correlation between configuration changes and performed tasks for enhanced audit tracking
- Brand new analyses comparison - provides deep insights into what has changed between two analyses - on issue and object level. Helps to track progress towards risk-free IT infrastructure
- More security profiles -Runecast now covers BSI for Kubernetes and KVKK for vSphere
- Standard update and maintenance of knowledge rules, HCL records and system packages
Runecast Analyzer 6.2.4.0
- NIST coverage for Windows Server OS
- Increased count of automated DISA STIG rules for Windows Server
- Improved performance and stability
- Faster update of manual answers
- Addressed an issue with the vSphere WebClient plugin
- OS analysis agent update to resolve missing collection data
- Minor usability improvements of the Image Scanning view
- An ESXi 8.0 coverage in the HW compatibility checks.
- NIST coverage for Linux RHEL
- New coverage of Microsoft Vulnerabilities added (published by Microsoft this month).
- Standard update and maintenance of knowledge rules, HCL records and system packages
Runecast Analyzer 6.2.2.0
- Extended coverage of DISA STIG for vSphere 7 (vCenter VAMI and RhttpProxy)
- Updated OS agent to allow auto-evaluation of more OS related rules
- Addressed minor usability bugs
- Standard update and maintenance of knowledge rules, HCL records and system packages
Runecast Analyzer 6.2.0.0
- New Container image scanning - Integrate with K8s admission controller to secure your deployment processes or run image scans manually from Runecast Analyzer
- Introducing GCP support - Best practices, CIS compliance and configuration tracking for your GCP environment
- OpenID Connect - You can now login to Runecast Analyzer using your OIDC identity provider
- More security profiles - Added support for DISA STIG for RHEL8 and CIS GCP Foundations
- Performance and usability improvements - Working with filters is now faster and you can notice other UI enhancements
- Standard update and maintenance of knowledge rules, HCL records and system packages
Runecast Analyzer 6.1.1.0
- Communication of “Not Analyzed” issue state – brings attention to new rule definitions that were not analyzed yet
- Added integration to Jira
- Extended vSphere collection – tags for objects are now included in Configuration Vault
- Improvements to the OS Analysis – simpler agent installation and better communication of errors during analysis
- Standard update and maintenance of knowledge rules and Hardware Compatibility List records
Runecast Analyzer 6.1.0.0
- Introducing Organizations - group connections into different logical units to replicate your company structure and allow only required teams to view or manage the systems they are responsible for
- Correlation with Known Exploited Vulnerabilities (KEV) catalog helps you prioritize remediation actions for any discovered vulnerabilities
- More security profiles - OS support is extended with coverage of DISA STIG profile. vSphere can be evaluated against GDPR
- All new issue lists unlock new powerful ways of how to observe, filter, inspect and resolve all the reported issues
Runecast Analyzer 6.0.4/6.0.4.1
- Added a rule detecting a newly published log4j2 vulnerability (CVE-2021-45105)
- Updated log4j to version 2.17 to address CVE-2021-45105
- Updated ElasticSearch and Logstash to 6.8.22 which contain the latest log4j 2.17
- Fixed the OS agents installation script to work with localized Windows versions
- Updated the VMSA-2021-0028 body in the UI according to the latest VMware updates
- Updated the VMware Horizon log4j analysis rule as now there is a patch released, based on VMSA-2021-0028
- Adjusted the Apache Log4j2 Security Update CVE-2021-45046 severity to Critical
Runecast Analyzer 6.0.3.0
- Runecast Analyzer and all components are fully patched to address CVE-2021-44228 and 2021-45046
- Updated detection of Apache Log4j Java library vulnerability (CVE-2021-44228) on Windows and Linux which improves the results accuracy and makes the results more explanatory
- Detection on Windows, Linux, and VMware of newly added Apache Log4j Java library vulnerability (CVE-2021-45046)
- Updated Elasticsearch and Logstash components to version 6.8.21 to address CVE-2021-44228 and 2021-45046
- New Windows 2016 Domain Controller CIS profile added that extends the compliance capabilities on Microsoft platform
- Improved detection of CVE-2021-44228 reducing false positives
Runecast Analyzer 6.0.2.0
- Detection of Apache Log4j Java library vulnerability (CVE-2021-44228) on Windows and Linux
- Applied Log4j vulnerability workaround on Elasticsearch components
- Log4j library used in Runecast Analyzer updated to latest recommended version - 2.16.0
- Updated evaluation of VMSA-2021-0028 to include the newly added NSX-V
Runecast Analyzer 6.0.0.0
- All new Windows and Linux OS configuration & security management. Stay on top of known vulnerabilities, be audit-ready and follow the configuration changes in your environment – starting with CIS Benchmarks.
- More security profiles for your public and private cloud. BSI and GDPR security profiles now covers Microsoft Azure. DISA STIG profile now supports vSphere 6.7
- Additional Configuration Vault data for ESXi hosts and vSphere VMs
- UI refresh with cleaner views that keep your focus on the important findings and data
- Security updates and additional improvements to make your life easier
Runecast Analyzer 5.1.2.0
- Support for LDAP as an Identity Source. You can now use local user management, Active Directory or LDAP/LDAPS groups to allow access to Runecast
- Significant Remediation improvements – additional remediation rules for AWS, doubling the amount of remediable issues and the ability to add parameterized remediable content (such as timeout values, etc.)
- New Configuration Vault views – for Kubernetes and NSX-V
- vSphere7 Update 3 checks against VMware Hardware Compatibility List (HCL)
Runecast Analyzer 5.1.1.0
- Configuration Vault: Introducing a new summary widget to spot changes or deviations easily.
- Configuration Vault: added ability to apply the same baseline on multiple systems
- Configuration Vault: added AWS insights with multiple additional views
- Added Remediation functionality for AWS environments.
Runecast Analyzer 5.0.2.0
- Runecast Analyzer can be deployed natively on Azure from Azure Marketplace
- Added Vulnerability Management
- User Guide is now additionally embedded into the appliance for offline usage
- VMware Hardware Compatibility widget added to the main dashboard
- Added standard port groups to the list of reportable objects for vSphere environments
- Knowledge definition update
Runecast Analyzer 4.7.4.0
- New onboarding wizard guiding the initial setup of your vCenter, AWS and Kubernetes environment in Runecast
- AWS dashboard improvements (new widgets for severity, profiles and history)
- Full Public API coverage for NSX-T, Kubernetes, AWS, VMware Cloud Director
- User interface of the Runecast definition database view enhanced
- Knowledge definition updates