Released - 2025-11-30
Linux SHA256: 9ef5fa8bba215b0c965e005fa83c9c8f828c0eebce566b367867e47076fa3aea 9339325282d0d083a608a6921ec57ad72ccc1c882f3613bbeab6ce196b800622
Windows SHA256: 9b74682feb2e2e1b174acbe02a5fd3cbae58167b8d173321713e91fa1422f0f9
This is a big one 
This is the one youâve all been waiting for 
This is the one thatâs caused us to work late đŚ
We are introducing quite a few new features, the most compelling of which is vulnerability detection. Iâll go over them all below, but in short - now when a device is audited, during the data processing Open-AudIT will compare the installed software to the current CVE listing. You will know - right on the default dashboard - if something has an outstanding vulnerability.
In our experience, 99% of these are rectified by upgrading the affected software to the latest version - simple. But now youâll know just how many affected programs are on your estate!
One thing though - we have had to increase the minimum level of supported Linux distributions. Open-AudIT 6.0.0 requires Debian 12, 13, Redhat 9, 10 or Ubuntu 24.04. Also, Windows Server 2025 is now supported as well.
See below the table for more details.`
Version | Type | Collection | Description |
|---|---|---|---|
Enterprise | New Feature | Vulnerabilities | Vulnerability Detection |
All | New Feature | News | News Feeds for updates. |
Enterprise | New Feature | Standards | Standards Reporting (ISO 27001 at the moment). |
All | Improvement | GUI | Multiple languages now supported. |
All | Improvement | GUI | Improved HELP in the GUI. |
Enterprise | New Feature | Certificates | Certificate Management and Reporting. |
All | Improvement | Devices | Filters for OS and Type on the Devices List page. |
All | Improvement | Devices | Manufacturers logos shown on the devices list. |
All | Improvement | Discoveries | Native PowerShell auditing. |
All | Improvement | Discoveries | Hyper-V guest VM auditing. |
All | Improvement | Discoveries | Cisco license retrieval. |
All | Improvement | Discoveries | Redhat license details. |
All | Improvement | Integrations | Improved NMIS integration. |
Enterprise | Improvement | Benchmarks | Added Benchmarks (RH10, Ubuntu 24.04). |
Enterprise | Improvement | Agents | Agents for MacOS and Linux. |
Enterprise | New Feature | Logging | Log to syslog in Common Event Format for several different events. |
Vulnerabilities
Our new feature, Vulnerabilities, works by your Open-AudIT install reaching out to our server and downloading a list of vulnerability definitions. These are then used each time device data is processed to return a list of affected items.
On our side, we reach out to the CVE feed provided by NIST, process the data, enrich it using some AI, then create a suitable SQL query for your use.
As a result - you send us some data, and we send you some data in return. Your Open-AudIT install will require access to the internet. The Vulnerabilities feature can be disabled.
What data do you send us? Iâm glad you asked. We have nothing at all to hide and if youâre not comfortable (or legally not able) sending us some basic data, we understand. Hence the ability to disable the feature. When you view the Vulnerabilities list page, click on the Help icon and youâll see exactly what we send of your data. Not âwe send some of thisâ - we will show you the exact data we will send.
âBut what is it?â I hear you ask.
Well we only send the minimum amount of data and nothing of a sensitive nature. We send our license data (name, type, etc), our application data (name, version, platform, timezone, etc), any logged errors, a count of device types and a count of the features used. Any environment has devices so we donât consider you having a switch (for example) to be a sensitive thing. Only the type of device and a count. Not the manufacturer, not the model. We send nothing special. No networks. No IP addresses. No OS versions. No software names. The UUID and Server fields are sha256 encoded (so we do not know the real value).
We send just the data we need to improve the product. We hope you see the benefit to all of us with this information. It will provide us guided direction on where to focus improvements and new features in the product and it doesnât give up anything of a sensitive nature.
The same applies to the News feature (below).
If this doesnât fit your needs, you are free to disable the feature, or contact us about alternative commercial arrangements and we will see what we can do. No promises though, weâre just trying to be flexible for both you and us!
Some screenshots. The default Vulnerabilities list page.
The new Default Dashboard.
The Windows security Dashboard.
News Feeds
News feeds allow you to keep up with various Open-AudIT items like updating the Windows latest version numbers in queries, for one. Things like configuration item changes will be sent to you with recommendations. These items are a one-click fix. Read the news item, decide you want it, click âEnableâ and youâre done.
As part of this, and the same as Vulnerabilities above - Your Open-AudIT install will require access to the internet. The News feature can be disabled. And as above, news sends FirstWave various non-sensitive data points.
Screenshots. Viewing an individual news item.
Standards Reporting
At FirstWave, we are ISO 27001 compliant. Our CISO has to review and answer the many questions to satisfy our auditors we meet this standard each year. We decided we could add this into Open-AudIT. Once you have done this for the first year, itâs a simple matter of reviewing, revising where required and extracting the information in an Excel spreadsheet (click the Report button in the GUI) for the auditors.
New Languages
Open-AudIT now has built-in support for the following languages: Albanian, Arabic, Azerbaijani, Bulgarian, Chinese, Czech, Danish, Dutch, English, Esperanto, Estonian, German, Greek, Finnish, French, Irish, Hindi, Hungarian, Indonesian, Italian, Japanese, Korean, Lithuanian, Latvian, Malay, Norwegian, Persian, Portuguese (Brazil), Polish, Portuguese, Romanian, Russian, Slovak, Slovenian, Spanish, Swedish, Thai, Tagalog, Turkish, Ukrainian, Urdu, Vietnamese.
Now I wonât guarantee the translation is 100% perfect (I only speak English!), but we have used the great project over at Libretranslate to accomplish this. If you do find anything you think needs fixing, just email us what is in the GUI and where, and what it should actually say. Weâre only more than happy to include it and send you and updated translation file ASAP.
Help in the GUI
Help has been revised to make it easier to read. The old way looked like the below.
And the new GUI looks like this:
Devices List Page
The devices list page has been revised. We now include on the left the ability to filter based on OS or device type. We also show the icons for the associated manufacturer in the list (if you find a missing icon, please do advise). Donât forget about the Components drop-down section above - this enables you to easily get a list of all instances of a component in your database (software, for example).
Certificate Management
You can now select a certificate found during an audit and mark it to make management (renewal, responsibility, et al) easier. And obviously report on it. Iâm thinking a report at the start of each month detailing which certificates will expire in the next 45 days, including who need to renew them (if they arenât auto-renew). Easy to do in a couple of clicks.
Discoveries
We have changed a few things in discovery - the largest this being the deprecation of the VBscript to audit Windows. We now use a PowerShell script. This has all the property retrieval of the deprecated VBScript with the exception of local device group policies. This will be added in time. We also return Cisco license info using "show licenses" via SSH. And Redhat subscription details. As well as auditing Hyper-V hosts. We have also revised the page where you read a discovery details. This might be revised again - we will see how it goes. Let us know if you like it!
New Icons
Those eagle eyed amongst you might have noticed the line icons are slightly different. We have changed from FontAwesome to Lucide icons. There are just a few more we can use, without having to worry about a commercial license. We still love FontAwesome though!
Agents
We now have agents for MacOS and Linux. As usual, they are simple scripts used to check-in with the Open-AudIT server each day and (usually) audit and send the details. No need for remote access at all if you donât want to enable that on your machines.
Benchmarks
New Benchmark definitions for Redhat 10 and Ubuntu 24.04 have been added.
Integrations
We have done some work on Integrations with NMIS to make them even better and more robust.
Syslog in CEF format
There are now new configuration options to log certain events to syslog (on Linux) using the Common Event Framework format. These are all disabled by default. CEF formatted logs are consumable by software outside Open-AudIT, like Splunk, etc.
A typical CEF formatted entry in syslog for an access event will look like below.
CEF:0|FirstWave|Open-AudIT|6.0.0|5|Access|1|Info|collection=devices action=collection user=admin
This corresponds to:
Cef:Version | Vendor | Product | Product Version | Event ID | Event | Severity Number | Severity Text | Details
Event IDs are:
New Device
Component Added
Vulnerability Detected
Component Removed
Access
An event that does not change data will be severity 1, others (that change data) will be severity 5. Generally, an access log to something that is not changing data (the Device List, for example) is the only severity 1. Everything else will be severity 5.
The following configuration items are available:
feature_syslog_access feature_syslog_components feature_syslog_devices feature_syslog_vulnerabilities
Access logs each time a user calls a page.
Component logs each time any device component is added or removed. It is not recommended to set this, except in specific circumstances.
Devices logs each time a new device is found.
Vulnerabilities logs each time a vulnerability is detected.