...
Version | Type | Collection | Description |
|---|---|---|---|
Enterprise | New Feature | Vulnerabilities | Vulnerability Detection |
All | New Feature | News | News Feeds for updates. |
Enterprise | New Feature | Standards | Standards Reporting (ISO 27001 at the moment). |
All | Improvement | GUI | Multiple languages now supported. |
All | Improvement | GUI | Improved HELP in the GUI. |
Enterprise | New Feature | Certificates | Certificate Management and Reporting. |
All | Improvement | Devices | Filters for OS and Type on the Devices List page. |
All | Improvement | Devices | Manufacturers logos shown on the devices list. |
All | Improvement | Discoveries | Native PowerShell auditing. |
All | Improvement | Discoveries | Hyper-V guest VM auditing. |
All | Improvement | Discoveries | Cisco license retrieval. |
All | Improvement | Discoveries | Redhat license details. |
All | Improvement | Integrations | Improved NMIS integration. |
Enterprise | Improvement | Benchmarks | Added Benchmarks (RH10, Ubuntu 24.04). |
Enterprise | Improvement | Agents | Agents for MacOS and Linux. |
Enterprise | New Feature | Logging | Log to syslog in Common Event Format for several different events. |
Vulnerabilities
Our new feature, Vulnerabilities, works by your Open-AudIT install reaching out to our server and downloading a list of vulnerability definitions. These are then used each time device data is processed to return a list of affected items.
...
We have done some work on Integrations with NMIS to make them even better and more robust.
CEF Syslog
There are now new configuration options to log certain events to syslog (on Linux) using the Common Event Framework format. These are all disabled by default. CEF formatted logs consumable by software outside Open-AudIT, like Splunk, etc.
A typical CEF formatted entry in syslog for an access event will look like below.
| Code Block | ||||
|---|---|---|---|---|
| ||||
CEF:0|FirstWave|Open-AudIT|6.0.0|5|Access|1|Info|collection=devices action=collection user=admin |
This corresponds to:
| Code Block | ||||
|---|---|---|---|---|
| ||||
Cef:Version | Vendor | Product | Product Version | Event ID | Event | Severity Number | Severity Text | Details |
Event IDs are:
New Device
Component Added
Vulnerability Detected
Component Removed
Access
An event that does not change data will be severity 1, others (that change data) will be severity 5. Generally, an access log to something that is not changing data (the Device List, for example) is the only severity 1. Everything else will be severity 5.
The following configuration items are available:
| Code Block | ||||
|---|---|---|---|---|
| ||||
feature_syslog_access feature_syslog_components feature_syslog_devices feature_syslog_vulnerabilities |
Access logs each time a user calls a page.
Component logs each time any device component is added or removed. It is not recommended to set this, except in specific circumstances.
Devices logs each time a new device is found.
Vulnerabilities logs each time a vulnerability is detected.