Runecast Analyzer Release Updates

• CIS for VMware ESXi 7.0 updated to version 1.2.0.
• New Microsoft CVEs added.
• New Linux CVEs (24 RHEL, 81 Ubuntu) added.
• Newly added - E8 for AWS.
• New Kubernetes BPs added.
• CVEs from 2022 added for Agentless Vulnerability Scanning for AWS (5000+ CVEs).
• More customizable checks added for Linux rules.
• Standard update and maintenance of knowledge rules and HCL records.
• Some rule adjustments to better cover the issues reported in support/feedback tickets.

• 6 more DISA STIG for vSphere 8.0 (Readiness Guide) profile sections are added
• Newly added - TISAX for Azure
• More customizable checks added for MS Windows rules.
• More customizable checks added for Linux rules.
• Standard update and maintenance of knowledge rules and HCL records.

• New VMware Vulnerability (VMSA-2023-0019) added.
• Customizable checks added for MS Windows rules.
• 4 new NSX KBs added.
• New Linux CVEs (RHEL - 22 CVEs, Ubuntu - 79 CVEs) added.
• A few manual STIG checks replaced with customizable checks.
• Standard update and maintenance of knowledge rules and HCL records.
• Some rule adjustments to better cover the issues reported in support/feedback tickets.

• DISA STIG for vSphere 8.0 (Readiness Guide) draft version is added
• VCD Config Vault is enriched
• DISA STIG, MS CIS and Azure PCI DSS were improved
• Standard update and maintenance of knowledge rules and HCL records
• Some rule adjustments to better cover the issues reported in support/feedback tickets.

‍‍DORA Security Profile for vSphere and NSX
‍VMware vSphere and NSX engineers can now perform the necessary DORA assessments to demonstrate compliance with the EU financial industry regulatory standard.

Extended Coverage of DISA STIG for vSphere 7
‍Our new vCenter collection mechanism allows automation of more DISA STIG rules for vSphere 7 and saves you many hours spent on manual validation.

Customizable Rules for OS
‍You can now customize certain site-specific rules for Operating Systems to fine-tune the automatic evaluation based on your organization’s needs.

‍

• New VMware Vulnerability (VMSA-2023-0017) added.
• New Linux CVEs (33 RHEL, 187 Ubuntu) added.
• A few manual STIG checks replaced with customizable checks.
• Standard update and maintenance of knowledge rules and HCL records.
• Some rule adjustments to better cover the issues reported in support/feedback tickets.

• DISA STIG for vSphere 7.0 updated to the latest version (Ver 1, Rel 2).
• New Ubuntu CVE (CVE-2023-20867) added.
• A few manual STIG checks replaced with customizable checks.
• Standard update and maintenance of knowledge rules and HCL records.
• Some rule adjustments to better cover the issues reported in support/feedback tickets.

• 3 Kubernetes CVEs added
• Standard update and maintenance of knowledge rules and HCL records.

• Newly added - CIS 1.7.1 for Kubernetes
• Newly added - HIPAA for AWS
• New Microsoft CVEs added
• New Linux CVEs added
• New Kubernetes CVE added
• Standard update and maintenance of knowledge rules and HCL records

• 3 Critical VMware KBs added
• Newly added - Cyber Essentials for AWS
• Standard update and maintenance of knowledge rules and HCL records.

Agentless Vulnerability Scanning for AWS
‍Request early access to Runecast SaaS from Runecast portal, and perform agentless vulnerability scanning across all your Linux EC2 instances. The newly added option for role-based authentication to your AWS account makes it more secure and easier to set up.

Quick Access to Image Scan Results
‍Access container image scan results page via its URL from Runecast’s API or Kubernetes Admission Controller, eliminating the need to manually select the correct organization.

More Usability Improvements
‍Ensure you never miss important information. Failed analyses and expiring licenses are highlighted to capture your attention.

Content Improvements
The ISO 27001 profile is enhanced to cover Microsoft Azure. Also, all Ubuntu CVEs dating back to 2020 are now included.

• VMSA-2023-0014 added
• New Microsoft CVEs added
• Remediation scripts added to cover DISA STIG profile rules for vSphere.
• 4 Critical VMware KBs added
• Standard update and maintenance of knowledge rules and HCL records.

• VMSA-2023-0013 added
• Newly added - Ubuntu CVEs for 2023
• Newly added - CIS Benchmark for Kubernetes v1.24
• Newly added - CIS Benchmark for Kubernetes v1.23
• Newly added - DISA STIG for NSX-T
• New Red Hat CVEs added
• Standard update and maintenance of knowledge rules and HCL records.
• Some rule adjustments to better cover the issues reported in support/feedback tickets.

Note: For Linux CVEs the product filter can be used with options Linux Ubuntu, Linux Red Hat or Linux to filter only CVEs of a specific Linux OS type.

• DISA STIG for Windows Server 2016 updated to the latest version (Ver 2, Rel 6)
• DISA STIG for Windows Server 2019 updated to the latest version (Ver 2, Rel 7)
• DISA STIG for Windows Server 2022 updated to the latest version (Ver 1, Rel 3)
• Cyber Essentials security profile updated to the latest version (Ver 3.1)
• BSI rules for Linux OS adjusted to show better Result Statuses.
• New Linux CVEs from 2020 and 2021 are added (1570 CVEs).
• New Microsoft CVEs are added (679 CVEs).
• 2 Critical VMware KBs added.
• Standard update and maintenance of knowledge rules and HCL records.
• Some rule adjustments to better cover the issues reported in support/feedback tickets.

• Addressed usability issues in large environments
• Standard update and maintenance of knowledge rules, HCL records and system packages

• Remediation scripts for ~130 rules added
• CIS profile for AWS updated to 1.5.0.
• Remaining NIST rules for AWS added.
• Config Vault for VMware now contains more performance information and SMNP config details
• VMware BPs for overcommitment
• VMSA-2023-0010 regarding NSX-T added
• ~220 Red Hat CVEs added/updated
• Standard update and maintenance of knowledge rules and HCL records.

• 2 Critical VMware KBs added.
• Standard update and maintenance of knowledge rules and HCL records.
• Some rule adjustments to better cover knowledge description.

• 4 Critical VMware KBs added.
• 1263 new Microsoft CVEs added.
• The NIST Compliance Profile is updated to NIST SP 800-53 Rev.5.
• Multiple updates and modifications are done on the ISO 27001 and TISAX profiles.
• Standard update and maintenance of knowledge rules and HCL records.
• Some rule adjustments to better cover the issues reported in support tickets.

• Standard update and maintenance of knowledge rules and HCL records
• Added Hardware Compatibility Checks for vSphere 8.0 U1
• Some rule adjustments to better cover the issues reported in support tickets.

• Exploit Information for Vulnerabilities - Vulnerability view is now enhanced with additional metadata indicating whether any exploit information is available for a given CVE. This introduces another layer to risk prioritization based on severity levels.
• Additional Result Statuses - Not Applicable and Not Relevant statuses have been added to make the analysis results even more transparent and easy to consume.
• Enhanced Inventory View - The Inventory view page has been redesigned to offer cohesive data and interactions across the board. This page displays the same issue grid, filters, and metadata as in other views, so you can quickly gain insights when checking the overall status of your infrastructure.
• New Compliance Profile: TISAX - The Trusted Information Security Assessment Exchange (TISAX) standard helps to ensure information security in the automotive industry and is now available in the knowledge profiles list.
• Updated OS Analysis Agent (Action Required) - New version of the OS agent is available. Update of the target systems is required to take advantage of new improvements.
• Standard update and maintenance of knowledge rules, HCL records and system packages

• Standard update and maintenance of knowledge rules and HCL records

• Standard update and maintenance of knowledge rules and HCL records
• Some improvement done on the NIST and STIG rules regarding the Red Hat Enterprise Linux OS.

• Standard update and maintenance of knowledge rules and HCL records
• CIS for Red Hat Enterprise Linux 8 is improved and updated to version 2.0.0

• Standard update and maintenance of knowledge rules and HCL records
• NSX-T and NSX-V SCG (a.k.a SH) profiles are updated.
• 56 new Microsoft CVEs added.
• Some rule adjustments to better cover the issues reported in support tickets.

• Standard update and maintenance of knowledge rules and HCL records
• Newly added - ISO 27001 profile for Linux and Windows OS.
• Some rule adjustments to better cover the issues reported in support tickets.

• Preventing unexpected startup sequence in rare cases for OVA deployments

• The underlaying OS for OVA and cloud image deployments has been upgraded
• Added possibility to delete multiple registered OS hosts at a time
• Standard update and maintenance of knowledge rules, HCL records and system packages

• Standard update and maintenance of knowledge rules and HCL records
• Disa STIG for Red Hat Enterprise Linux 7 was added
• ISO 27001 for AWS and vSphere updated
• Some rule adjustments to better cover the issues reported in support tickets.

• Standard update and maintenance of knowledge rules and HCL records
• 37 new Microsoft CVEs
• Some rule adjustments to better cover the issues reported in support tickets.

• Automated migration of potentially affected filters after upgrade to version 6.5
• DISA STIG for RHEL was updated to latest version (ver1, rel. 9)
• Standard update and maintenance of knowledge rules

• Full Objects View in Issue Detail - analysis findings now include all relevant objects that took part in the issue evaluation with their respective status: Failed, Passed, and Filtered out.
• New User Interface - introducing brand new dashboards and redesign of the Settings menu to bring more insights, streamlined interactions and better control.
• Filters in the URL - enables to quickly re-apply desired filter selection on any issue view by storing or sharing the URL.

‍

‍

• BSI security standard updated to version 2022.
• BSI for Linux is added covering Ubuntu, Red Hat, Suse and CentOS.
• Standard update and maintenance of knowledge rules and HCL records

• Standard update and maintenance of knowledge rules and HCL records
• 30 new Linux CVEs
• Some rule adjustments to better cover the issues reported in support tickets.

• Standard update and maintenance of knowledge rules and HCL records
• 66 new Microsoft CVEs
• PCI DSS Security Standard profile updated to the latest version (version 4) for AWS, vSphere and NSX-V systems.
• Some rule adjustments to better cover the issues reported in support tickets.

• Added CIS for CentOS 7
• Standard update and maintenance of knowledge rules, HCL records and system packages

‍

• Tasks in Configuration Vault - performed tasks on ESXi hosts and VMs are now available in Configuration Vault. This allows easy correlation between configuration changes and performed tasks for enhanced audit tracking
• Brand new analyses comparison - provides deep insights into what has changed between two analyses - on issue and object level. Helps to track progress towards risk-free IT infrastructure
• More security profiles -Runecast now covers BSI for Kubernetes and KVKK for vSphere
• Standard update and maintenance of knowledge rules, HCL records and system packages

• Coverage of multiple important VMware KBs affecting infrastructure availability
• Standard update and maintenance of knowledge rules, HCL records and system packages

• NIST coverage for Windows Server OS
• Increased count of automated DISA STIG rules for Windows Server
• Improved performance and stability
• Faster update of manual answers
• Addressed an issue with the vSphere WebClient plugin
• OS analysis agent update to resolve missing collection data
• Minor usability improvements of the Image Scanning view
• An ESXi 8.0 coverage in the HW compatibility checks.
• NIST coverage for Linux RHEL
• New coverage of Microsoft Vulnerabilities added (published by Microsoft this month).
• Standard update and maintenance of knowledge rules, HCL records and system packages

• Container image scans can be shared by a dedicated URL
• NSX-T Global Manager is now supported as part of the NSX-T connection
• Standard update and maintenance of knowledge rules, HCL records and system packages

• Extended coverage of DISA STIG for vSphere 7 (vCenter VAMI and RhttpProxy)
• Updated OS agent to allow auto-evaluation of more OS related rules
• Addressed minor usability bugs
• Standard update and maintenance of knowledge rules, HCL records and system packages

• Additional API endpoints for container image scanning integration
• Export to Jira now available in all views
• Addressed minor usability bugs
• Standard update and maintenance of knowledge rules, HCL records and system packages

• New Container image scanning - Integrate with K8s admission controller to secure your deployment processes or run image scans manually from Runecast Analyzer
• Introducing GCP support - Best practices, CIS compliance and configuration tracking for your GCP environment
• OpenID Connect - You can now login to Runecast Analyzer using your OIDC identity provider
• More security profiles - Added support for DISA STIG for RHEL8 and CIS GCP Foundations
• Performance and usability improvements - Working with filters is now faster and you can notice other UI enhancements
• Standard update and maintenance of knowledge rules, HCL records and system packages

• Added critical VMware KBs in the proactive analysis
• Standard update and maintenance of knowledge rules, HCL records and system packages

• Coverage for critical MS Windows CVE-2022-30190
• Extended Linux vulnerabilities coverage
• Standard update and maintenance of knowledge rules, HCL records and system packages

• Addressed minor usability bugs
• Coverage of NIST profile for Azure
• Coverage of BSI profile for Windows Server OS
• Standard update and maintenance of knowledge rules, HCL records and system packages

• Communication of “Not Analyzed” issue state – brings attention to new rule definitions that were not analyzed yet
• Added integration to Jira
• Extended vSphere collection – tags for objects are now included in Configuration Vault
• Improvements to the OS Analysis – simpler agent installation and better communication of errors during analysis
• Standard update and maintenance of knowledge rules and Hardware Compatibility List records

• Introducing Organizations - group connections into different logical units to replicate your company structure and allow only required teams to view or manage the systems they are responsible for
• Correlation with Known Exploited Vulnerabilities (KEV) catalog helps you prioritize remediation actions for any discovered vulnerabilities
• More security profiles - OS support is extended with coverage of DISA STIG profile. vSphere can be evaluated against GDPR
• All new issue lists unlock new powerful ways of how to observe, filter, inspect and resolve all the reported issues

• Improved usability
• Standard update and maintenance of knowledge rules and Hardware Compatibility List records

• New CIS Benchmarks - Windows Server 2019 and RHEL 7
• Extended coverage of VMware NSX-T
• Fixed usability bugs
• Standard update and maintenance of knowledge rules and HCL records

‍

• Added a rule detecting a newly published log4j2 vulnerability (CVE-2021-45105)
• Updated log4j to version 2.17 to address CVE-2021-45105
• Updated ElasticSearch and Logstash to 6.8.22 which contain the latest log4j 2.17
• Fixed the OS agents installation script to work with localized Windows versions
• Updated the VMSA-2021-0028 body in the UI according to the latest VMware updates
• Updated the VMware Horizon log4j analysis rule as now there is a patch released, based on VMSA-2021-0028
• Adjusted the Apache Log4j2 Security Update CVE-2021-45046 severity to Critical

• Runecast Analyzer and all components are fully patched to address CVE-2021-44228 and 2021-45046
• Updated detection of Apache Log4j Java library vulnerability (CVE-2021-44228) on Windows and Linux which improves the results accuracy and makes the results more explanatory
• Detection on Windows, Linux, and VMware of newly added Apache Log4j Java library vulnerability (CVE-2021-45046)
• Updated Elasticsearch and Logstash components to version 6.8.21 to address CVE-2021-44228 and 2021-45046
• New Windows 2016 Domain Controller CIS profile added that extends the compliance capabilities on Microsoft platform
• Improved detection of CVE-2021-44228 reducing false positives

• Detection of Apache Log4j Java library vulnerability (CVE-2021-44228) on Windows and Linux
• Applied Log4j vulnerability workaround on Elasticsearch components
• Log4j library used in Runecast Analyzer updated to latest recommended version - 2.16.0
• Updated evaluation of VMSA-2021-0028 to include the newly added NSX-V

• Apache Log4j Java library is updated to version 2.15.0 to address CVE-2021-44228
• Critical VMSA-2021-0028 is covered by Runecast Analyzer

• All new Windows and Linux OS configuration & security management. Stay on top of known vulnerabilities, be audit-ready and follow the configuration changes in your environment – starting with CIS Benchmarks.
• More security profiles for your public and private cloud. BSI and GDPR security profiles now covers Microsoft Azure. DISA STIG profile now supports vSphere 6.7
• Additional Configuration Vault data for ESXi hosts and vSphere VMs
• UI refresh with cleaner views that keep your focus on the important findings and data
• Security updates and additional improvements to make your life easier

• Support for LDAP as an Identity Source. You can now use local user management, Active Directory or LDAP/LDAPS groups to allow access to Runecast
• Significant Remediation improvements – additional remediation rules for AWS, doubling the amount of remediable issues and the ability to add parameterized remediable content (such as timeout values, etc.)
• New Configuration Vault views – for Kubernetes and NSX-V
• vSphere7 Update 3 checks against VMware Hardware Compatibility List (HCL)

• Configuration Vault: Introducing a new summary widget to spot changes or deviations easily.
• Configuration Vault: added ability to apply the same baseline on multiple systems
• Configuration Vault: added AWS insights with multiple additional views
• Added Remediation functionality for AWS environments.

• Introducing Configuration Vault to highlight inconsistencies and configuration drift in your environment
• Introducing Remediation - generate scripts & Ansible playbooks to remediate issues at speed
• Knowledge Definition update

• Added Best Practices Profile for vSphere on Nutanix
• Added CIS Benchmark for ESXi 7.0
• CIS Benchmark updates for ESXi 6.7
• Knowledge definition update

• Runecast Analyzer can be deployed natively on Azure from Azure Marketplace
• Added Vulnerability Management
• User Guide is now additionally embedded into the appliance for offline usage
• ‍VMware Hardware Compatibility widget added to the main dashboard
• Added standard port groups to the list of reportable objects for vSphere environments
• Knowledge definition update

• Knowledge definition updates

‍

• Added Microsoft Azure insights (CIS & Best practices)
• Added automated audits and reporting for Essential 8 security compliance
• Introduced New Licensing Model

‍

• Added ServiceNow integration 
• Added automated audits and reporting for Cyber Essentials compliance in vSphere environments
• Knowledge definition updates

‍

• New onboarding wizard guiding the initial setup of your vCenter, AWS and Kubernetes environment in Runecast
• AWS dashboard improvements (new widgets for severity, profiles and history)
• Full Public API coverage for NSX-T, Kubernetes, AWS, VMware Cloud Director
• User interface of the Runecast definition database view enhanced  
• Knowledge definition updates

• Added initial VMware Cloud Director support (Early Access)
• Knowledge definition updates

• Audits against VMware’s Security Configuration Guide (SCG) for NSX-T
• Insights for Edge Nodes, Host Nodes, and Management Nodes
• Checks against VMware Knowledge Base articles covering NSX-T
• Validation against NSX-T best practices

• Added ISO 27001 compliance profiles supporting VMware and AWS
• Added STIG Viewer export
• Added VMware Security Configuration Guide 7.0 support

• Fix added to allow vCenters with vSAN 7.0 U1 to be correctly analysed
• Knowledge definition updates

• Custom Profiles Support.
• Adding Kubernetes (CIS and Best Practices).

• Added GDPR compliance profile for AWS.‍
• Latest knowledge definition updates.

‍

• Fixed a problem to upgrade to 4.4.2.0 when Active Directory was configured.
• Knowledge definition updates.

‍

• Update of vSphere 6.5 DISA STIG to version 1, release 4.
• Added official best practices for Pure Storage Flash Array.
• Knowledge definition updates.

‍

• Improvements to the analysis algorithm to support the latest knowledge definitions.
• Knowledge definition updates.

‍

• VMware Hardware Compatibility: New override functionality enables that particular hardware can be marked manually as compatible, and the information will be applicable in all areas of Runecast Analyzer.
• UI redesign of the Hardware Compatibility feature for increased usability, readability, and accessibility.
• Knowledge definition update.

• HW Compatibility: Added smarter evaluation of socket configurations for servers. 
• Enterprise Console: Added new public API endpoint for group management. Added search/filter functionality for connected systems. Increased loading speed of local systems by 70%.
• Knowledge definition update.

• Added NIST security profile compliance scans for native AWS environments. 
• Knowledge definition update.

• General improvement: Full vSphere 7.0 support.
• Possibility to deactivate VMware HCL checks for any socket number configurations via public API of Runecast Analyzer.
• Knowledge definition update.

• Enterprise Console: New dashboard to monitor a network of Runecast Analyzers and all connected systems.
• Added CIS security profile compliance scans for native AWS environments. 
• Knowledge definition update.

• Best Practices for SAP HANA deployments on VMware.
• NIST (VMware) compliance profile to support federal agencies.
• Added the ability to use custom repositories to update your appliances and deliver knowledge updates.
• Added the ability to include/hide healthy inventory objects (hosts, devices, etc...) from the inventory view.
• Improvements to the user interface and handling for better usability and consistency.

• Update to activate free Horizon analysis to support the home office situation world wide due to COVID-19 crisis.
• Knowledge Definition Updates.

• New usability enhancements.
• Knowledge Definition Update.

• New Security Hardening profile - CIS (Center for Internet Security) for VMware environments.
• Update of DISA STIG profile for vSphere 6.5 ESXi and Virtual Machine.
• Inventory view enhanced with total issue count for each object and all its descendants.

• On-premises VMware analytics extended to AWS support for EC2, IAM, VPC, S3.
• Checks for AWS Best Practices.
• AWS compliance checks for PCI DSS.
• New dedicated AWS dashboard.
• Enhanced inventory view.

• New Security Hardening profile -  BSI Security Standard.
• Major Performance Improvements.
• Knowledge Definition Update.

• New Hardware compatibility list (HCL) analytics for VMware vSAN.
• Customized PCI-DSS checks to align with your specific environment.
• Enhanced predictive analysis with expanded HCL upgrade simulations.
• Increased visibility & transparency of how your environment is set up.
• New Web Client plug-in.

• Customizable PCI-DSS criteria based on your enterprise-specific security requirements.
• Add the Log Analysis improvements.
• Improving check of VMSA-2019-0011.

• New HCL ESXi upgradability feature.
• General VMware Hardware Compatibility List (HCL) Improvements.
• WebClient Plugin Improvements.
• Data simplification after 1 Year.

• Brand new automated VMware HCL functionality available in public Beta: Including Host and IO devices checks.

• Update of DISA STIG.