| Excerpt |
|---|
Released - 2025-11-?30 |
Linux SHA256: 9ef5fa8bba215b0c965e005fa83c9c8f828c0eebce566b367867e47076fa3aea 9339325282d0d083a608a6921ec57ad72ccc1c882f3613bbeab6ce196b800622
Windows SHA256: 9b74682feb2e2e1b174acbe02a5fd3cbae58167b8d173321713e91fa1422f0f9 53548738fdc66609484e50b1e1eec96c20d1776e0e317ab662f2fa9de9da8587
This is a big one 
This is the one you’ve all been waiting for 
...
In our experience, 99% of these are rectified by upgrading the affected software to the latest version - simple. But now you’ll know just how many affected programs are on your estate!
One thing though - we have had to increase the minimum level of supported Linux distributions. Open-AudIT 6.0.0 requires Debian 12, 13, Redhat 9, 10 or Ubuntu 24.04. Also, Windows Server 2025 is now supported as well.
See below the table for more details.`
Version | Type | Collection | Description |
|---|---|---|---|
Enterprise | New Feature | Vulnerabilities | Vulnerability Detection |
All | New Feature | News | News Feeds for updates. |
Enterprise | New Feature | Standards | Standards Reporting (ISO 27001 at the moment). |
All | Improvement | GUI | Multiple languages now supported. |
All | Improvement | GUI | Improved HELP in the GUI. |
Enterprise | New Feature | Certificates | Certificate Management and Reporting. |
All | Improvement | Devices | Filters for OS and Type on the Devices List page. |
All | Improvement | Devices | Manufacturers logos shown on the devices list. |
All | Improvement | Discoveries | Native PowerShell auditing. |
All | Improvement | Discoveries | Hyper-V guest VM auditing. |
All | Improvement | Discoveries | Cisco license retrieval. |
All | Improvement | Discoveries | Redhat license details. |
All | Improvement | Integrations | Improved NMIS integration. |
Enterprise | Improvement | Benchmarks | Added Benchmarks (RH10, Ubuntu 24.04). |
Enterprise | Improvement | Agents | Agents for MacOS and Linux. |
Enterprise | New Feature | Logging | Log to syslog in Common Event Format for several different events. |
Vulnerabilities
Our new feature, Vulnerabilities, works by your Open-AudIT install reaching out to our server and downloading a list of vulnerability definitions. These are then used each time device data is processed to return a list of affected items.
...
We have changed a few things in discovery - the largest this being the deprecation of the VBscript to audit Windows. We now use a PowerShell script. This has all the property retrieval of the deprecated VBScript with the exception of local device group policies. This will be added in time. We also retruen return Cisco license info using "show licenses" via SSH. And Redhat subscription details. As well as auditing Hyper-V hosts. We have also revised the page where you read a discovery details. This might be revised again - we will see hwo how it goes. Let us know if you like it!
...
We have done some work on Integrations with NMIS to make them even better and more robust.
Syslog in CEF format
There are now new configuration options to log certain events to syslog (on Linux) using the Common Event Framework format. These are all disabled by default. CEF formatted logs are consumable by software outside Open-AudIT, like Splunk, etc.
A typical CEF formatted entry in syslog for an access event will look like below.
| Code Block | ||||
|---|---|---|---|---|
| ||||
CEF:0|FirstWave|Open-AudIT|6.0.0|5|Access|1|Info|collection=devices action=collection user=admin |
This corresponds to:
| Code Block | ||||
|---|---|---|---|---|
| ||||
Cef:Version | Vendor | Product | Product Version | Event ID | Event | Severity Number | Severity Text | Details |
Event IDs are:
New Device
Component Added
Vulnerability Detected
Component Removed
Access
An event that does not change data will be severity 1, others (that change data) will be severity 5. Generally, an access log to something that is not changing data (the Device List, for example) is the only severity 1. Everything else will be severity 5.
The following configuration items are available:
| Code Block | ||||
|---|---|---|---|---|
| ||||
feature_syslog_access
feature_syslog_components
feature_syslog_devices
feature_syslog_vulnerabilities |
Access logs each time a user calls a page.
Component logs each time any device component is added or removed. It is not recommended to set this, except in specific circumstances.
Devices logs each time a new device is found.
Vulnerabilities logs each time a vulnerability is detected.