Runecast Release Notes

• CIS Kubernetes Benchmark 1.10.0
  CIS Kubernetes Benchmark Security Profile 1.10.0 was added.
  

• Standard update and maintenance of knowledge rules
  Weekly updates of knowledge rules and HCL records.

• Standard update and maintenance of knowledge rules
  Weekly updates of knowledge rules and HCL records.

• VMware vSphere DISA STIG update
  DISA STIG for VMware vSphere 7.0 update to v1 r3
  

• RHEL DISA STIG update
  DISA STIG Security Profile for Red Hat Enterprise Linux 9 update to the latest version (ver 2, rel 1).
  

• Extended CIS coverage
  The CIS security profile now covers Ubuntu Linux 24.04 LTS v1.0.0.
  

• NIST Update for Windows Server
  NIST profile for Windows Server update to the latest release 5.1.1.
  

• Standard update and maintenance of knowledge rules
  Weekly updates of knowledge rules and HCL records.

• Critical VMSA-2024-0019
  VMware vCenter Server updates address heap-overflow and privilege escalation vulnerabilities (CVE-2024-38812, CVE-2024-38813)
  

• VMware vSphere DISA STIG update
  DISA STIG for VMware vSphere 8.0 update to v2 r1
  

• Microsoft Windows Server DISA STIG update
  DISA STIG Microsoft Windows Server 2016 Benchmark - update to Ver 2, Rel 8
  

• CIS for VMware vSphere update
  Update CIS for VMware ESXi 8.0 to v1.1.0, Update CIS for VMware ESXi 7.0 to v1.4.0
  ‍
  
• Other Improvements
  Improvements in Horizon scans, definition exports and more

• New Security Profiles for Kubernetes
  CIS 1.9.0, NIST, DORA, and STIG v2 release 1 has been added to our compliance portfolio. Activate the new profiles for your connected K8s environment Visit Knowledge profiles section to activate.
  

• Improvements in Finding Values for vCenter
  The formerly missing values for some issues in the Findings tab are now displayed.
  

• Agentless Improvements
  Improvements in Agentless scanning for better stability.
  ‍
• Other Improvements
  WebClient Plugin and HCL Global Override Fix
  

• Microsoft Windows Server DISA STIG update
  DISA STIG Security Profile for Microsoft Windows Server 2022 has been updated to the latest version (MS Windows Server 2022 STIG - Ver 2, Rel 1).
  

• Standard update and maintenance of knowledge rules
  Weekly updates of knowledge rules and HCL records.

• CIS Update for Windows
  CIS profile for Windows 10 Enterprise is updated to the latest version (version 3.0.0).
  

• Standard update and maintenance of knowledge rules
  Weekly updates of knowledge rules and HCL records.

• CIS Update for Windows
  CIS profile for Windows 11 Enterprise is updated to the latest version (version 3.0.0).
  

• Standard update and maintenance of knowledge rules
  Weekly updates of knowledge rules and HCL records.

• CIS Update for Windows Server
  CIS profile for Windows Server 2022 is updated to the latest version (version 3.0.0).
  ‍
• Analysis separation
  An architectural update to our application. The configuration and analysis components have been separated into independent modules.
  ‍
• K8s Node Collector changes
  Improvements in collection for more precise results and support of upcoming security profiles (please note there is a mounted volumes change).
  ‍
• Improvements
  Improvements made to enhance usability and functionality.
  ‍
• Standard update and maintenance of knowledge rules
  Weekly updates of knowledge rules, HCL records and system packages are included.

• CIS Update for Windows Server
  CIS profile for Windows Server 2019 is updated to the latest version (version 3.0.1).
  

• Standard update and maintenance of knowledge rules
  Weekly updates of knowledge rules and HCL records.

• Critical VMSA-2024-0012
  VMware vCenter Server updates address heap-overflow and privilege escalation vulnerabilities (CVE-2024-37079, CVE-2024-37080, CVE-2024-37081).
  

• CIS Update for Windows Server
  CIS profile for Windows Server 2016 is updated to the latest version (version 3.0.0).
  

• Standard update and maintenance of knowledge rules
  Weekly updates of knowledge rules and HCL records.

• NIST for vSphere improvement
  NIST for vSphere enriched with rules based on DISA STIG for vSphere 8.0.
  

• Standard update and maintenance of knowledge rules
  Weekly updates of knowledge rules and HCL records.

• Data retention configuration
  You can now change or disable data retention policy for features like Configuration Vault and Capacity Management

• vSphere Agentless OS Scanning Updates
  ‍
• Usability improvements
  The Filters and Licensing settings pages have been re-designed for easier use.
  The vSphere Log KB Articles page is now aligned with other issue pages, so you can take advantage of the standard issue grid features and issue details.

• Definitions update and maintenance
  Weekly updates of knowledge rules and HCL records and OS Security updates

‍

‍

• CIS Update for Microsoft Azure Foundations
  CIS Security Profile for Microsoft Azure Foundations was updated to the latest version (v2.0.0).
  

• CIS Update for Ubuntu Linux
  CIS Security Profile for Ubuntu Linux 22.04 LTS was updated to the latest version (v2.0.0).
  

• NIST for vSphere enhancement
  NIST for vSphere has been updated to include new rules based on the DISA STIG for vSphere 7.0, in addition to the original rules.
  

• Standard update and maintenance of knowledge rules
  Weekly updates of knowledge rules and HCL records.

• Checks for the latest LINUX CVEs were added
• Microsoft's April 2024 Patch Tuesday CVEs
• OS Security updates
• Standard update and maintenance of knowledge rules, HCL records, and system packages

• Standard update and maintenance of knowledge rules
  Weekly updates of knowledge rules and HCL records.

• RHEL DISA STIG update
  DISA STIG Security Profile for Red Hat Enterprise Linux 7 has been updated to the latest version.
  

• Standard update and maintenance of knowledge rules
  Weekly updates of knowledge rules and HCL records.

• CIS Update for RHEL
  CIS Security Profile for RHEL was updated to the latest version (v4.0.0).
  

• Standard update and maintenance of knowledge rules
  Weekly updates of knowledge rules and HCL records.

• Critical VMSA-2024-0006
  ‍VMware updates address multiple vulnerabilities in ESXi.
  

• CIS Update for CentOS
  ‍CIS Security Profile for CentOS was updated to the latest version (v4.0.0).
  

• Standard update and maintenance of knowledge rules
  Weekly updates of knowledge rules are included.

• DISA STIG for vSphere Enhanced
  An additional 120 DISA STIG for vSphere rules automated.
  

• Standard update and maintenance of knowledge rules and HCL records
  Weekly updates of knowledge rules and HCL records are included.

• OS collection fix
  Resolved an issue causing incomplete Linux OS configuration collection.
  

• Extended DISA STIG coverage
  DISA STIG security profile now covers Red Hat Enterprise Linux 9.
  

• Extended CIS coverage
  The CIS security profile now covers Rocky Linux Benchmark v.1.0.0 and Microsoft Windows 10 & 11 Benchmarks v2.0.0.
  

• Definitions update and maintenance
  Weekly updates of knowledge rules and HCL records.

🚀 Agentless Scanning Improvements

The vSphere Agentless feature has been extended with complete coverage for Windows and Linux OS vulnerabilities, along with configurable tags for specifying eligible VMs for scanning. AWS EC2 instances and vSphere VMs selected for agentless scan are highlighted in the inventory tree.
‍

🎁 Introducing New Sidebar with View Controls

Issue quick filters were moved to a brand new side panel allowing view selection - controlling the scope of issues, listed in the table, based on their results.
‍

MS Word Export

The results of the analysis can be exported in a detailed DOCX format. This provides the freedom to easily edit the exported data while keeping it well formatted.
‍

CIS CSC and HIPAA Update

Ubuntu Linux 22.04 and 20.04 are covered in CIS CSC. HITRUST 9.2 for Azure was added to HIPAA.
‍

Cross-System Rules

A single knowledge definition can be related to multiple system types. For instance, a given vulnerability can be discovered on OS with agent and VMs with vSphere agentless scanning configured.

‍

• Critical VMSA-2023-0023.1
  VMware has confirmed that a critical vCenter Server remote code execution vulnerability (CVE-2023-34048) patched in October is now under active exploitation. Users are advised to apply available updates to affected VMware products to remediate the vulnerability.
  

• Standard update and maintenance of knowledge rules and HCL records
  Weekly updates of knowledge rules and HCL records are included.

‍

• New Microsoft CVEs: New Microsoft CVEs from Microsoft's January 2024 Patch Tuesday are added for OS analysis. Additionally, the existing Microsoft CVEs rules for OS analysis are aligned with the latest updates.
  

• RHEL DISA STIG update: DISA STIG Security Profile for Red Hat Enterprise Linux 8 has been updated to the latest version.
  

• Standard update and maintenance of knowledge rules and HCL records: Weekly updates of knowledge rules and HCL records are included.

‍

• Updated Memory Requirements: With the increased feature set, the amount of covered knowledge rules and to accommodate future growth, the minimum memory allocation for Runecast has been revised. Please review and adhere to the current requirements.

• Standard update and maintenance of knowledge rules and HCL records.

• New Microsoft CVEs (December 2023 Patch Tuesday)
• Standard update and maintenance of knowledge rules, HCL records and system packages

• Standard update and maintenance of knowledge rules and HCL records.

• DISA STIG Security Profiles for vSphere 8.0 updated.
• CIS AWS Foundations Benchmark Security Profile v2.0.0 added.
• CIS Security Profile for VMware ESXi 8.0 v1.0.0 added.
• Standard update and maintenance of knowledge rules and HCL records.

• New SUSE Linux CVEs (SUSE/openSUSE CVEs from the period 2020 to 2022 are added).
• Microsoft Windows Server (2016, 2019 and 2022) DISA STIG updated to latest version.
• Standard update and maintenance of knowledge rules and HCL records.

• New Microsoft CVEs (November 2023 Patch Tuesday)
• CIS Update for Red Hat Linux 8 (v 3.0.0)
• Standard update and maintenance of knowledge rules and HCL records.
  

• Fixed an issue causing failure to send email reports in rare cases
• Minor improvements in orchestrating vSphere Agentless OS Scanning

• HPE CVEs Coverage - HPE CVEs affecting hardware and firmware now cover vulnerabilities identified since 2020.
• Standard update and maintenance of knowledge rules and HCL records.

🚀 Agentless OS Scanning for vSphere, Early Access

Introducing an industry-first agentless scanning for Windows and Linux hosted on vSphere. Get a comprehensive analysis of guest OS without the increased overhead for agent deployment and maintenance. Agentless scanning is in early access, detecting a thousand vulnerabilities and increasing with each knowledge definition update. You can still contribute with your feedback to shape this functionality and get the most out of it!

🇪🇺 Extended DORA and HPE CVEs Coverage

The DORA Security Profile has been extended to include Windows and Linux Operating Systems. HPE CVEs affecting hardware and firmware now cover vulnerabilities identified since 2021.

Improvements to Capacity Management

Trend and forecast chart can now be zoomed in to make specific results easier to read. Resource utilization and allocation charts are optimized to display many clusters, improving performance during initial load and workload simulation.

Analysis Summary Report Available in API

Get the latest HTML analysis report for a selected system via public API. The report contains information about configuration issues and drifts detected in the last analysis. You will get a detailed system overview without a need for scripting.

Support of VMware Cloud Director 10.5

Analysis results and Configuration Vault data are now available for version 10.5 of VMware Cloud Director

• Critical VMSA-2023-0023.
• New Linux CVEs.
• User Guide Update for Azure Open ID.
• Standard update and maintenance of knowledge rules and HCL records.

• Vulnerabilities and Exposures for SUSE Linux OS.
• New Linux CVEs.
• Enrichment with more vCD Cluster data.
• Standard update and maintenance of knowledge rules and HCL records.

• New Linux CVEs (20 RHEL) added.
• New Microsoft CVEs added.
• DISA STIG Photon OS profile section for vSphere 8.0 added.
• CIS for Windows Server 2016 updated to version 2.0.0.
• CIS for Windows Server 2019 updated to version 2.0.0.
• CIS for Windows Server 2022 updated to version 2.0.0.
• Standard update and maintenance of knowledge rules and HCL records.

• HPE CVEs from 2022 affecting Hardware and Firmware are added.
• Standard update and maintenance of knowledge rules and HCL records.
• Some rule adjustments to better cover the issues reported in support/feedback tickets.

‍

Capacity Management for vSphere

Review your cluster capacity utilization, simulate host failure scenarios, or plan future workload deployments. This feature provides VMware admins with an essential, high level usage overview to prevent resource contention and service degradation. Combined with persistent historical utilization snapshots, it serves as an ideal starting point for monitoring growth and shaping the physical expansion strategy for each cluster.

CVSS Score for Vulnerabilities

The vulnerabilities view has been enhanced to include a separate column for the CVSS score. This adds another option for filtering and prioritizing detected vulnerabilities.

HCL Simulation for vSphere 8 U2

Is your hardware still compatible? vSphere 8 Update 2 was recently released and the HCL data is already available for upgrade simulations.

Content Improvements

• With the inclusion of the vCenter Appliance Photon OS Security Technical Implementation Guide, Runecast now comprehensively addresses all of the DISA STIGs for vSphere 7.
• HPE CVEs affecting Hardware and Firmware have been implemented to cover 2023.
• BSI C5 security standard for AWS was implemented. C5 (Cloud Computing Compliance Controls Catalogue) assists organizations in showcasing their operational security against typical cyber threats when utilizing cloud services, in line with the German Government’s “Security Guidelines for Cloud Providers”.
• The CIS profile coverage was extended by adding Red Hat Enterprise Linux 9 and Oracle Linux 9 benchmarks.

Updated Memory Requirements

With the increased feature set and amount of covered knowledge rules, the minimum resource allocation for Runecast Analyzer has been revised. Please review and adhere to the current requirements.

‍
Watch summary.

• New Linux CVEs added.
• Standard update and maintenance of knowledge rules and HCL records.

‍

• CIS for VMware ESXi 7.0 updated to version 1.2.0.
• New Microsoft CVEs added.
• New Linux CVEs (24 RHEL, 81 Ubuntu) added.
• Newly added - E8 for AWS.
• New Kubernetes BPs added.
• CVEs from 2022 added for Agentless Vulnerability Scanning for AWS (5000+ CVEs).
• More customizable checks added for Linux rules.
• Standard update and maintenance of knowledge rules and HCL records.
• Some rule adjustments to better cover the issues reported in support/feedback tickets.

• 6 more DISA STIG for vSphere 8.0 (Readiness Guide) profile sections are added
• Newly added - TISAX for Azure
• More customizable checks added for MS Windows rules.
• More customizable checks added for Linux rules.
• Standard update and maintenance of knowledge rules and HCL records.

• New VMware Vulnerability (VMSA-2023-0019) added.
• Customizable checks added for MS Windows rules.
• 4 new NSX KBs added.
• New Linux CVEs (RHEL - 22 CVEs, Ubuntu - 79 CVEs) added.
• A few manual STIG checks replaced with customizable checks.
• Standard update and maintenance of knowledge rules and HCL records.
• Some rule adjustments to better cover the issues reported in support/feedback tickets.

• DISA STIG for vSphere 8.0 (Readiness Guide) draft version is added
• VCD Config Vault is enriched
• DISA STIG, MS CIS and Azure PCI DSS were improved
• Standard update and maintenance of knowledge rules and HCL records
• Some rule adjustments to better cover the issues reported in support/feedback tickets.

‍‍DORA Security Profile for vSphere and NSX
‍VMware vSphere and NSX engineers can now perform the necessary DORA assessments to demonstrate compliance with the EU financial industry regulatory standard.

Extended Coverage of DISA STIG for vSphere 7
‍Our new vCenter collection mechanism allows automation of more DISA STIG rules for vSphere 7 and saves you many hours spent on manual validation.

Customizable Rules for OS
‍You can now customize certain site-specific rules for Operating Systems to fine-tune the automatic evaluation based on your organization’s needs.

‍

• New VMware Vulnerability (VMSA-2023-0017) added.
• New Linux CVEs (33 RHEL, 187 Ubuntu) added.
• A few manual STIG checks replaced with customizable checks.
• Standard update and maintenance of knowledge rules and HCL records.
• Some rule adjustments to better cover the issues reported in support/feedback tickets.

• DISA STIG for vSphere 7.0 updated to the latest version (Ver 1, Rel 2).
• New Ubuntu CVE (CVE-2023-20867) added.
• A few manual STIG checks replaced with customizable checks.
• Standard update and maintenance of knowledge rules and HCL records.
• Some rule adjustments to better cover the issues reported in support/feedback tickets.

• 3 Kubernetes CVEs added
• Standard update and maintenance of knowledge rules and HCL records.

• Newly added - CIS 1.7.1 for Kubernetes
• Newly added - HIPAA for AWS
• New Microsoft CVEs added
• New Linux CVEs added
• New Kubernetes CVE added
• Standard update and maintenance of knowledge rules and HCL records

• 3 Critical VMware KBs added
• Newly added - Cyber Essentials for AWS
• Standard update and maintenance of knowledge rules and HCL records.

Agentless Vulnerability Scanning for AWS
‍Request early access to Runecast SaaS from Runecast portal, and perform agentless vulnerability scanning across all your Linux EC2 instances. The newly added option for role-based authentication to your AWS account makes it more secure and easier to set up.

Quick Access to Image Scan Results
‍Access container image scan results page via its URL from Runecast’s API or Kubernetes Admission Controller, eliminating the need to manually select the correct organization.

More Usability Improvements
‍Ensure you never miss important information. Failed analyses and expiring licenses are highlighted to capture your attention.

Content Improvements
The ISO 27001 profile is enhanced to cover Microsoft Azure. Also, all Ubuntu CVEs dating back to 2020 are now included.

• VMSA-2023-0014 added
• New Microsoft CVEs added
• Remediation scripts added to cover DISA STIG profile rules for vSphere.
• 4 Critical VMware KBs added
• Standard update and maintenance of knowledge rules and HCL records.

• VMSA-2023-0013 added
• Newly added - Ubuntu CVEs for 2023
• Newly added - CIS Benchmark for Kubernetes v1.24
• Newly added - CIS Benchmark for Kubernetes v1.23
• Newly added - DISA STIG for NSX-T
• New Red Hat CVEs added
• Standard update and maintenance of knowledge rules and HCL records.
• Some rule adjustments to better cover the issues reported in support/feedback tickets.

Note: For Linux CVEs the product filter can be used with options Linux Ubuntu, Linux Red Hat or Linux to filter only CVEs of a specific Linux OS type.

• DISA STIG for Windows Server 2016 updated to the latest version (Ver 2, Rel 6)
• DISA STIG for Windows Server 2019 updated to the latest version (Ver 2, Rel 7)
• DISA STIG for Windows Server 2022 updated to the latest version (Ver 1, Rel 3)
• Cyber Essentials security profile updated to the latest version (Ver 3.1)
• BSI rules for Linux OS adjusted to show better Result Statuses.
• New Linux CVEs from 2020 and 2021 are added (1570 CVEs).
• New Microsoft CVEs are added (679 CVEs).
• 2 Critical VMware KBs added.
• Standard update and maintenance of knowledge rules and HCL records.
• Some rule adjustments to better cover the issues reported in support/feedback tickets.

• Addressed usability issues in large environments
• Standard update and maintenance of knowledge rules, HCL records and system packages

• Remediation scripts for ~130 rules added
• CIS profile for AWS updated to 1.5.0.
• Remaining NIST rules for AWS added.
• Config Vault for VMware now contains more performance information and SMNP config details
• VMware BPs for overcommitment
• VMSA-2023-0010 regarding NSX-T added
• ~220 Red Hat CVEs added/updated
• Standard update and maintenance of knowledge rules and HCL records.

• 2 Critical VMware KBs added.
• Standard update and maintenance of knowledge rules and HCL records.
• Some rule adjustments to better cover knowledge description.

• 4 Critical VMware KBs added.
• 1263 new Microsoft CVEs added.
• The NIST Compliance Profile is updated to NIST SP 800-53 Rev.5.
• Multiple updates and modifications are done on the ISO 27001 and TISAX profiles.
• Standard update and maintenance of knowledge rules and HCL records.
• Some rule adjustments to better cover the issues reported in support tickets.

• Standard update and maintenance of knowledge rules and HCL records
• Added Hardware Compatibility Checks for vSphere 8.0 U1
• Some rule adjustments to better cover the issues reported in support tickets.

• Exploit Information for Vulnerabilities - Vulnerability view is now enhanced with additional metadata indicating whether any exploit information is available for a given CVE. This introduces another layer to risk prioritization based on severity levels.
• Additional Result Statuses - Not Applicable and Not Relevant statuses have been added to make the analysis results even more transparent and easy to consume.
• Enhanced Inventory View - The Inventory view page has been redesigned to offer cohesive data and interactions across the board. This page displays the same issue grid, filters, and metadata as in other views, so you can quickly gain insights when checking the overall status of your infrastructure.
• New Compliance Profile: TISAX - The Trusted Information Security Assessment Exchange (TISAX) standard helps to ensure information security in the automotive industry and is now available in the knowledge profiles list.
• Updated OS Analysis Agent (Action Required) - New version of the OS agent is available. Update of the target systems is required to take advantage of new improvements.
• Standard update and maintenance of knowledge rules, HCL records and system packages

• Standard update and maintenance of knowledge rules and HCL records

• Standard update and maintenance of knowledge rules and HCL records
• Some improvement done on the NIST and STIG rules regarding the Red Hat Enterprise Linux OS.

• Standard update and maintenance of knowledge rules and HCL records
• CIS for Red Hat Enterprise Linux 8 is improved and updated to version 2.0.0

• Standard update and maintenance of knowledge rules and HCL records
• NSX-T and NSX-V SCG (a.k.a SH) profiles are updated.
• 56 new Microsoft CVEs added.
• Some rule adjustments to better cover the issues reported in support tickets.

• Standard update and maintenance of knowledge rules and HCL records
• Newly added - ISO 27001 profile for Linux and Windows OS.
• Some rule adjustments to better cover the issues reported in support tickets.

• Preventing unexpected startup sequence in rare cases for OVA deployments

• The underlaying OS for OVA and cloud image deployments has been upgraded
• Added possibility to delete multiple registered OS hosts at a time
• Standard update and maintenance of knowledge rules, HCL records and system packages

• Standard update and maintenance of knowledge rules and HCL records
• Disa STIG for Red Hat Enterprise Linux 7 was added
• ISO 27001 for AWS and vSphere updated
• Some rule adjustments to better cover the issues reported in support tickets.

• Standard update and maintenance of knowledge rules and HCL records
• 37 new Microsoft CVEs
• Some rule adjustments to better cover the issues reported in support tickets.

• Automated migration of potentially affected filters after upgrade to version 6.5
• DISA STIG for RHEL was updated to latest version (ver1, rel. 9)
• Standard update and maintenance of knowledge rules

• Full Objects View in Issue Detail - analysis findings now include all relevant objects that took part in the issue evaluation with their respective status: Failed, Passed, and Filtered out.
• New User Interface - introducing brand new dashboards and redesign of the Settings menu to bring more insights, streamlined interactions and better control.
• Filters in the URL - enables to quickly re-apply desired filter selection on any issue view by storing or sharing the URL.

‍

‍

• BSI security standard updated to version 2022.
• BSI for Linux is added covering Ubuntu, Red Hat, Suse and CentOS.
• Standard update and maintenance of knowledge rules and HCL records

• Standard update and maintenance of knowledge rules and HCL records
• 30 new Linux CVEs
• Some rule adjustments to better cover the issues reported in support tickets.

• Standard update and maintenance of knowledge rules and HCL records
• 66 new Microsoft CVEs
• PCI DSS Security Standard profile updated to the latest version (version 4) for AWS, vSphere and NSX-V systems.
• Some rule adjustments to better cover the issues reported in support tickets.

• Added CIS for CentOS 7
• Standard update and maintenance of knowledge rules, HCL records and system packages

‍

• Tasks in Configuration Vault - performed tasks on ESXi hosts and VMs are now available in Configuration Vault. This allows easy correlation between configuration changes and performed tasks for enhanced audit tracking
• Brand new analyses comparison - provides deep insights into what has changed between two analyses - on issue and object level. Helps to track progress towards risk-free IT infrastructure
• More security profiles -Runecast now covers BSI for Kubernetes and KVKK for vSphere
• Standard update and maintenance of knowledge rules, HCL records and system packages

• Coverage of multiple important VMware KBs affecting infrastructure availability
• Standard update and maintenance of knowledge rules, HCL records and system packages

• NIST coverage for Windows Server OS
• Increased count of automated DISA STIG rules for Windows Server
• Improved performance and stability
• Faster update of manual answers
• Addressed an issue with the vSphere WebClient plugin
• OS analysis agent update to resolve missing collection data
• Minor usability improvements of the Image Scanning view
• An ESXi 8.0 coverage in the HW compatibility checks.
• NIST coverage for Linux RHEL
• New coverage of Microsoft Vulnerabilities added (published by Microsoft this month).
• Standard update and maintenance of knowledge rules, HCL records and system packages

• Container image scans can be shared by a dedicated URL
• NSX-T Global Manager is now supported as part of the NSX-T connection
• Standard update and maintenance of knowledge rules, HCL records and system packages

• Extended coverage of DISA STIG for vSphere 7 (vCenter VAMI and RhttpProxy)
• Updated OS agent to allow auto-evaluation of more OS related rules
• Addressed minor usability bugs
• Standard update and maintenance of knowledge rules, HCL records and system packages

• Additional API endpoints for container image scanning integration
• Export to Jira now available in all views
• Addressed minor usability bugs
• Standard update and maintenance of knowledge rules, HCL records and system packages

• New Container image scanning - Integrate with K8s admission controller to secure your deployment processes or run image scans manually from Runecast Analyzer
• Introducing GCP support - Best practices, CIS compliance and configuration tracking for your GCP environment
• OpenID Connect - You can now login to Runecast Analyzer using your OIDC identity provider
• More security profiles - Added support for DISA STIG for RHEL8 and CIS GCP Foundations
• Performance and usability improvements - Working with filters is now faster and you can notice other UI enhancements
• Standard update and maintenance of knowledge rules, HCL records and system packages

• Added critical VMware KBs in the proactive analysis
• Standard update and maintenance of knowledge rules, HCL records and system packages

• Coverage for critical MS Windows CVE-2022-30190
• Extended Linux vulnerabilities coverage
• Standard update and maintenance of knowledge rules, HCL records and system packages

• Addressed minor usability bugs
• Coverage of NIST profile for Azure
• Coverage of BSI profile for Windows Server OS
• Standard update and maintenance of knowledge rules, HCL records and system packages

• Communication of “Not Analyzed” issue state – brings attention to new rule definitions that were not analyzed yet
• Added integration to Jira
• Extended vSphere collection – tags for objects are now included in Configuration Vault
• Improvements to the OS Analysis – simpler agent installation and better communication of errors during analysis
• Standard update and maintenance of knowledge rules and Hardware Compatibility List records

• Introducing Organizations - group connections into different logical units to replicate your company structure and allow only required teams to view or manage the systems they are responsible for
• Correlation with Known Exploited Vulnerabilities (KEV) catalog helps you prioritize remediation actions for any discovered vulnerabilities
• More security profiles - OS support is extended with coverage of DISA STIG profile. vSphere can be evaluated against GDPR
• All new issue lists unlock new powerful ways of how to observe, filter, inspect and resolve all the reported issues

• Improved usability
• Standard update and maintenance of knowledge rules and Hardware Compatibility List records

• New CIS Benchmarks - Windows Server 2019 and RHEL 7
• Extended coverage of VMware NSX-T
• Fixed usability bugs
• Standard update and maintenance of knowledge rules and HCL records

‍

• Added a rule detecting a newly published log4j2 vulnerability (CVE-2021-45105)
• Updated log4j to version 2.17 to address CVE-2021-45105
• Updated ElasticSearch and Logstash to 6.8.22 which contain the latest log4j 2.17
• Fixed the OS agents installation script to work with localized Windows versions
• Updated the VMSA-2021-0028 body in the UI according to the latest VMware updates
• Updated the VMware Horizon log4j analysis rule as now there is a patch released, based on VMSA-2021-0028
• Adjusted the Apache Log4j2 Security Update CVE-2021-45046 severity to Critical

• Runecast Analyzer and all components are fully patched to address CVE-2021-44228 and 2021-45046
• Updated detection of Apache Log4j Java library vulnerability (CVE-2021-44228) on Windows and Linux which improves the results accuracy and makes the results more explanatory
• Detection on Windows, Linux, and VMware of newly added Apache Log4j Java library vulnerability (CVE-2021-45046)
• Updated Elasticsearch and Logstash components to version 6.8.21 to address CVE-2021-44228 and 2021-45046
• New Windows 2016 Domain Controller CIS profile added that extends the compliance capabilities on Microsoft platform
• Improved detection of CVE-2021-44228 reducing false positives

• Detection of Apache Log4j Java library vulnerability (CVE-2021-44228) on Windows and Linux
• Applied Log4j vulnerability workaround on Elasticsearch components
• Log4j library used in Runecast Analyzer updated to latest recommended version - 2.16.0
• Updated evaluation of VMSA-2021-0028 to include the newly added NSX-V

• Apache Log4j Java library is updated to version 2.15.0 to address CVE-2021-44228
• Critical VMSA-2021-0028 is covered by Runecast Analyzer

• All new Windows and Linux OS configuration & security management. Stay on top of known vulnerabilities, be audit-ready and follow the configuration changes in your environment – starting with CIS Benchmarks.
• More security profiles for your public and private cloud. BSI and GDPR security profiles now covers Microsoft Azure. DISA STIG profile now supports vSphere 6.7
• Additional Configuration Vault data for ESXi hosts and vSphere VMs
• UI refresh with cleaner views that keep your focus on the important findings and data
• Security updates and additional improvements to make your life easier

• Support for LDAP as an Identity Source. You can now use local user management, Active Directory or LDAP/LDAPS groups to allow access to Runecast
• Significant Remediation improvements – additional remediation rules for AWS, doubling the amount of remediable issues and the ability to add parameterized remediable content (such as timeout values, etc.)
• New Configuration Vault views – for Kubernetes and NSX-V
• vSphere7 Update 3 checks against VMware Hardware Compatibility List (HCL)

• Configuration Vault: Introducing a new summary widget to spot changes or deviations easily.
• Configuration Vault: added ability to apply the same baseline on multiple systems
• Configuration Vault: added AWS insights with multiple additional views
• Added Remediation functionality for AWS environments.

• Introducing Configuration Vault to highlight inconsistencies and configuration drift in your environment
• Introducing Remediation - generate scripts & Ansible playbooks to remediate issues at speed
• Knowledge Definition update

• Added Best Practices Profile for vSphere on Nutanix
• Added CIS Benchmark for ESXi 7.0
• CIS Benchmark updates for ESXi 6.7
• Knowledge definition update