/
RELEASE NOTES

SecHard

RELEASE NOTES

 

Version 3.6.3

Features

Bug Fixes

 

Version 3.6.2.20250325 - Released 2025-03-25

Features

  • Migration of Weblogic Server dashboard to the overall dashboard

  • Hardening improvements with Panorama support

  • Displaying alarms and warnings when publication of sample web pages is blocked in Web Content Monitor

  • Android MDM integration

  • Merging folder, asset group, asset location, and tag relationships under the same structure for assets

  • Adding 'resource creation date' and 'resource creation method' as optional fields in the resource list

  • Preserving the previous status when an 'error' is detected during status changes

  • Using FQDN value if available in database native client connections

  • Making the Connectivity Sync job triggerable for a resource (ping, port, credential check)

  • Ensuring that assets selected as VNC-only are also visible on the RDP page

  • Adding DNS Discovery method

  • MISP CTI integration

  • USOM CTI integration

  • Tenable SC+ integration

  • SentinelOne Deception System risk data collection integration

  • Displaying the account name in the session ticket list

  • Integration of Cisco Catalyst (DNA) Center v2.3.7

  • Adding a web scanner context page

  • Integrating vulnerabilities detected in Advanced Scanner scans into asset-risk

  • Monitoring content integrity of web pages, detecting changes, and generating alerts

  • Bizzy Asset Discovery integration

  • Adding Netstat Asset PDF Report

  • Defining nmap parameters to be used during instant discovery

  • Adding OS Information and Benchmark Name to the Hardening Observation report

  • Managing XSOAR incident structure as a ticket integration

  • Creating a PRTG discovery method using Passhash and Password

  • Adding FortiGate, SQL Server, SecHard Overall, Up-Down Grafana dashboards, and Up-Down alert

  • Filtering XSS-containing inputs in PAM Command creation and editing

  • Adding severity information to hardening reports

  • Developing a report containing information about folders and associated resources

  • Developing Windows DNS Monitoring and Hardening

  • Updating RedHat 8 Benchmark from v2.0.0 to v3.0.0

  • Adding Juniper Router Benchmark

  • Updating RedHat 9 Benchmark from v1.0.0 to v2.0.0

  • Adding export-import functionality for all risk setting values

  • MongoDB 4 Hardening Benchmark v1.0.0

  • Using domain suffix as the domain during RDP with AD

  • Retrieving email sender information from system settings

  • Prioritizing risk assessment results based on risk scores

  • Consolidating the notification structure to listen to all events from a single source and determine notification types accordingly

  • Standardizing event data structure

  • Retrieving the real-time status of specific services based on resources

  • Disabling server certificate recording in RDP Proxy

  • Calculating and displaying risk scores based on threat analysis

  • Adjusting dashboard variables and migrating them to the overall dashboard

  • Migrating FortiGate dashboard to the overall dashboard

  • Adding an exclusion option for FQDNs in Discovery Methods

  • OpenText uCMDB PAM integration

  • Separating Executive Summary, Comparison, and Statistics menus from the reports permission

  • Adding Radius Vendor Specific Attributes and Message-Authenticator fields

  • Adding FQDN and OU-based exclusion options in Discovery

  • Tagging devices based on Discovery method

  • Displaying Threat and CTI scores on the company risk score page

  • Exporting mRemoteNG-compatible Session Ticket CSV files

  • Logging session key logs for RDP Proxy

  • Reducing CPU consumption by initiating encoding of RDP Proxy video files in passthrough mode

  • Sending an alarm when a prohibited word is detected in Session Logs

  • Providing more detailed information on the Risk Score pages

  • Migrating IIS Server dashboard to the overall dashboard

  • Migrating MSSQL dashboard to the overall dashboard

  • Generating alarms and sending emails based on real-time up/down status of specific services

  • Migrating vCenter dashboard to the overall dashboard

  • Adding Grafana overall dashboard

  • Updating Node Exporter version

  • Migrating SNMP Exporter dashboard to the overall dashboard

  • Updating VMI Exporter version

  • Allowing users to add Generic Resources and select authentication types

  • Applying Self-Question items in bulk configuration

  • Improving the performance of Security Zone Dashboards by creating database views

  • Migrating Postman Reporting, Key Manager, and Syslog Private APIs, and making necessary changes

  • Adding F5 TMOS as a Web Application Firewall (WAF)

  • Adding IBM WebSphere Liberty Benchmark

  • Adding IBM AIX 7.2 Benchmark

  • Adding Oracle Database 19c and 18c Benchmark

  • Adding Lenovo Switch Benchmark

  • Adding Redis Benchmark

  • Upgrading Mongo Service to version 6.0.18

  • Adding Juniper Firewall v2.1.0 Benchmark

  • Adding Brocade Switch Benchmark

  • Adding CIS Kubernetes Benchmark v1.9.0

  • Adding alarm functionality in RemoteApp sessions

  • Separating Remote App and PowerShell log deletion times

  • Supporting multiple file downloads/uploads and folder uploads via SFTP

  • Adding an option to append a domain to usernames when importing Radius accounts

  • Adding Expiring Certificates Mail to the alarm page

  • Enabling renaming of user information for Linux machines in SecHard Resource List

  • Adding sechard.sh commands:

    • Deleting Docker images (sechard image -d)

    • Checking for updates (sechard image -c)

    • Updating an image (sechard update -u <image>)

  • Adding Vault Certificate Import feature

  • Generating a Mac Addresses Report

  • Adding IBM AIX system support and creating a user password change recipe

  • Supporting new Ubuntu 22.04 images

  • Integrating Trellix EPO - EDR systems

  • Preventing unnecessary migration executions by checking script changes during queue startup

  • Adding 'Duplicate As' feature for Custom Benchmarks

  • Expanding Database Discovery to include web servers

  • Fixing Fortinet SSH Login issue caused by Prompt-based account verification

  • Adding Cisco Firepower Threat Defense Hardening

  • Allowing different report formats on the Reports page

  • Updating Portainer container to version 2.21.0

  • Integrating Trellix ePO Discovery and PRTG Discovery

  • Implementing FortiMail hardening guide tasks

Bug Fixes

  • Displaying the sizes of Proxy session logs on the Database Maintenance page

  • Default risk scores should not be written when risk score parameters are not entered during Resource CSV import

  • Detection and correction of MacOS False-Positive items

  • Revision of Advanced Scanner (OpenVAS)

  • Fix for OS Exporter auto-select issue

  • Detection and correction of FortiGate False-Positive items

  • Fixing Juniper firewall checks

  • A Windows resource added via instant discovery not appearing in the PAM connection menu

  • System email and sender details being ignored in OTP emails

  • Fix for export error of SSH sessions created via Proxy

  • Unable to search in Session Logs on the PAM Sessions page

  • Fix for passwords not being visible or copyable on the TACACS and RADIUS Credentials page

  • Unable to download Proxy sessions

  • When a session ticket is issued, clicking the three dots on the PAM page does not initiate any connection

  • Windows devices added via Discovery should be displayed on the PAM connections page

  • "Resource on/off" notification template error

  • Modification of Show Log XML monitoring script

  • Fixing Oracle 19c benchmark errors

  • Fixing hardening items containing Default Web Site on IIS servers

  • Secret Key should be retrieved from the config file using Docker secret

  • Forcing Docker secret key change during installation

  • Fix for Windows User Right Assignments items appearing as inactive

  • Removing the timeout duration for RDP Proxy

  • Fixing the issue where unauthorized users could access resource and account details via API

  • Resolving the error encountered when generating a firewall policy report

  • Fixing error encountered when editing an account

  • Standardizing resource-removed & resource-edit alarm email templates

  • Creating service alarms

  • Fixing Redis event subscription issue caused by migration index synchronization failure during update

  • Fixing the issue where AD synchronization fails if a remote session account is registered

  • Fixing "Account details BSON too large" error

  • Fixing error encountered when editing a CyberArk account

  • Fixing issue where the Show Server Info script was not running

  • Increasing the repeat_interval duration of Grafana alarms from 4 hours to 12 hours

  • Fixing an issue where the password reset job was skipping password resets

  • Fixing an issue where the base filter information was not being used when editing Active Directory settings

  • Fixing the issue where the shortcuts button was visible in RDP even when permission was not granted

  • Fixing an issue where a newly added resource could not be verified with a private key

  • Fixing an AD Group sync error

  • Fixing an issue where RDP-Console connection could not be established with a Vault account

  • Optimizing the query after selecting "select-all" on the User Roles > Resources page

  • Preventing password changes without entering a new password during account password change

  • Displaying the number of resources that could not be added due to verification failure during Discovery

Version 3.6.1.20240729 - Released 2024-07-29

Features

  • Uploading benchmarks to the CIS portal

  • Adding WLC 9800CL Benchmark

  • Adding VMware Security Hardening Guides to vCenter vCenter

  • Adding Best Practices for Securing Active Directory benchmark

  • Software end of life control

  • Addition of Arabic language support with AI

  • Performing Pfsense firewall hardening guide operations

  • Adding a Server name field for LDAP

  • Timezone and volume setting moved to system settings

  • Fixing RDP, Console error messages

  • Assigning the clipboard feature in RDP, VNC, Console sessions with authorisation via user role

  • RDP audio off by default

  • Requesting only auth code on the login screen

  • Adding logout and reconnect buttons in PAM sessions

  • Sending timezone in RDP and SSH sessions

  • Increasing the limited number of lines of Console output

  • Moving request collection to session tickets collection

  • Adding the ability to send multiple files in RDP

  • Short cut options are optional and subject to role

  • Putting F11 as full screen button in RDP

  • Addition of PRTG Discovery feature

  • Removing version information from scripts

  • Adding Microsoft 365 hardening

  • Remediation and rollback with Windows GPO

  • Addition of SCCM discover feature

  • Adding Palo Alto 11 Benchmark

  • Panorama Integration - Discover - Hardening - Backup feature

  • Hardening in Openshift architecture

  • Openshift architecture integration

  • Addition of the Break Glass scenario

  • Adding Keepas import feature

  • Addition of Panorama Discover feature

  • Adding PAM-Sessions ALL feature to the role

  • Access via Openshift API and adding token feature

  • Correction of the Discover result page view

  • Creation of Security Dashboard report

  • Creation of Company Risk Score report

  • Creating the LDAP Active Directory Groups report

  • Ability to hide areas such as browser tab, login screen, bottom bar on the brand page

  • Creating an alarm in case of a change in Netstat output

  • Creating Backup Dashboard page, adding Backup Sessions Last 10 Points and Backup Sessions Last 10 Days widgets

  • Adding PAM Sessions Last 10 Points and PAM Sessions Last 10 Days widgets in PAM Dashboards

  • SSL key manager batch execute

  • Adding type, vendor, family fields to Exporter report

  • Display of EOL software on the software page

  • Adding the ability to add more than one e-mail address to the alarm / e-mail field

  • Creation of Lestencrypt cert renew recipient, systematic operation

  • Development of Fortigate vdom backup structure

  • Moving the user role page to the new table structure

  • Linux servers added with Discover Connection Methods SSH, Auth Method SSH

  • Keeping backup tftp files as a file on the database

  • Branding logo change main screen and addition of top left logo feature

  • Linux node exporter update

  • Adding Microsoft 365 hardening

  • Remediation and rollback with Windows GPO

  • Fortimail hardening guide operations

  • Receiving information of recipients with confirm message when assigning recipe group

  • Adding Remote app Remote Application Instructions clone feature

  • Reading smbv3 Turkish folder/file names

  • System Integration PAM - Cyberark page editing

  • Benchmark import/export feature

  • In LDAP Discover, windows servers come as server instead of domain controller

  • Including Description field in filters and table

  • Folder structure improvements

  • Security and self-control items can be selected in bulk config

  • Abolish internal messaging. External messaging via Redis

  • Default benchmark can be changed according to resources

  • Benchmark duplicate/copy feature

  • Cisco Switch, cisco router discarding notification of ntp clock-period X / ntp clock period X changes

  • Permit middleware should not do extra token verification

  • Entering the time-zone setting in SIEM integration

  • Displaying the desired user actions on the User Role resource session recording page

  • Adding sync date to asset manager info page

  • Sending System Event details to SIEM

  • PAM Connections breadcrumb should be moved to the component itself, root directory should be listed

  • Sources without connection methods are not displayed in PAM Connections ALL section

  • Moving Benchmark setting recipe associete page to new page

  • The ‘lock’ status of user accounts should also be taken, they should be unlocked and password reset should be possible regardless of verify status in windows

  • Resource DNS Lookup option is enabled by default but can be removed if desired

  • Ssl key manager deleting old certificates and giving information about which discover method they come from

  • Defining the default connection account for users of resources assigned to a role in the Resource <> Type association component

  • Granting User Role multiple authorisations

  • Forti Switch (FortiOS) hardening implementation

  • CK Network - Looking at the Extreme Switch Problem without Backup

  • Fortisiem installation

  • Database permission control during the hardening phase. Minimum authorisation requirement

  • Trellix EPO - EDR system integration

  • Establishment of the necessary infrastructure for the creation of the LLDP topology map

  • Making rdp/console connection with User Provided accounts

  • Adding the Trellix ePO Discovery feature

Bug Fixes

  • Auto Discovery LDAP Credential error

  • Display of AD Group on User Management page and AD special character filtering

  • ‘Import Ad Group Users’ remains ticked

  • Roles deleted or newly added without changing the page on the User Management page are not updated in the Add or edit user window

  • RDP connection closes on connection to active session with control

  • In RDP the sidebar should not stay on the image

  • Inability to use the mouse wheel fluently in drawing programmes

  • Proxy connections that cannot be terminated

  • Writing the primary account name after proxy problem

  • AltGr key combinations in English Windows

  • Polling condition under dispatcher (recipe-execution-module.run) is not satisfied if any subjob in Recipe Execution queue receives an error and does not update its status

  • Custom benchmarks should be migrated by default

  • Imported benchmarks should not be system benchmarks, system benchmarks are deleted in every migration

  • Making the connection method value editable in VMware resource types

  • Hiding the remediation button on hardening passive substances

  • Cannot open console session with Vault credential, credentials must be searched in correct collection

  • Hardening page filters are removed when action (remediation-rollback) is taken

  • vCenter verifies from 22 in the first addition phase, it should do it from 443

Version 3.5.0.20240114 - Released 2024-01-14

 

Features

  • Changing the duration of the approval request request and sending it to terminate

  • Providing permanent proxy connections by creating Session Token

  • Adding "Show Users" button to AD Groups page

  • VNC multi-monitor support

  • LDAP Tree View view and adding Exclude option

  • Keeping the source information for mail and sms while synchronising accounts and not overwriting if entered manually

  • PAM Connections Default Account - separation as RDP and SSH

  • GUI Terminal display right side update

  • Optional display of the Sechard 2FA QR Code at the entrance

  • Automatic addition of LDAP username domain suffix

  • TTMesaj SMS provider integration

  • PAM - Private key in Account section can be made primary in Associete section

  • SecHard-Drive" drive to be named "Drive on SecHard"

  • AD user names should be case insensitive

  • AD users at the top level cannot be retrieved with lower level filtering

  • Adding the number of pieces in Discover dashboard

  • Pulling PaloAlto Firewall Asset information

  • Pulling Fortinet Firewall Asset information

  • WMI Exporter 0.24 update and update of Windows dashboards

  • Linux version control and automatic editing

  • ESXi version control and auto-editing

  • Adding dependency column on Account

  • Adding resource information in Licence Asset report

  • Adding Password generate example button

  • Adding Centos 7 asset manager sssd service

  • Windows resources added with AD Discover should also be checked in Domain controller type and added accordingly.

  • Adding hardening scores history recipe report

  • Adding hardening error information to the cake

  • Automatic page refresh when the source changes from the top right on the Dashboard screen

  • Adding resource information to Grafana OK alarm

  • Adjusting the theme black font setting

  • Triggering an alarm when the Licence Expiration Date reaches the specified date

  • In the Import from AD discover option, it should be possible to add the same name with a different name

  • Discovered Resource List Not Detechted resources can be exported

  • Replacing the licence restriction with a unique encrypted value generated by the system instead of the MAC address

  • Adding URL field information for printer devices and opening the web page when we say right button connect

  • CTRL focus on enter

  • Black app list application alarm

  • Production of compliance reports

  • Saving filters in the user's browser on the Recipe Settings page

  • Add TAG to Hardening Zone filtering section

  • Hardening diff recipe report

  • Adding Windows licences to the license page

  • Job Management job export report csv

  • Accessories, licence, componet export - import

  • Executive Summary Report should be added to the report page

  • Organisation of PAM Role page order

  • Resource - Created manually at Feb 23, 2023, 11:32:10 AM. Addition of Added by

  • Resource cloning

  • Adding recipes from the Hardening page to the recipe group

  • Showing PAM Account, Vault account changes in system event

  • Adding Asset Management Dashboard resources information

  • Removing the repeat feature in discoveries

  • Nginx auth method ssh defaulted should come

  • vCenter auth method API port 443 should come in default + migration

  • ESXi auth method API port 443 should come in default + migration

  • Switching from otp to password during login

  • Adding Recipe Group export - import feature

  • Adding the PAM Connection Tree View display feature

  • Adding User Management Bulk edit

  • Tag options at the top and check boxed and stack them on top

  • User role resourcelar is not added automatically Family option and the option to include newly added resources

  • In network devices, asset scripts should work in the first addition phase

SecHard