Read Foundstone 6.7 Release Notes text version

Foundstone 6.7 Release Notes

Welcome to Foundstone 6.7. These notes contain descriptions of new features, known issues, and fixed issues reported from earlier versions.

What's New in Foundstone 6.7

This release makes it easier than ever to customize network policy scripts for compliance reports. New features include the following: · Integration with ePolicy Orchestrator (ePO): Foundstone has a Foundstone ePO extension that allows Foundstone data to be imported into the ePO database (requires an extension separate from the Foundstone installation). XCCDF and OVAL: Foundstone 6.7 provides a number of SCAP defined capabilities, including FDCC scanning, Configuration scanning, and Vulnerability scanning. · Foundstone has scanning probes for the following operating systems: o o o o o o · Red Hat Enterprise Linux versions 4, 5 Sun Solaris versions 8, 9, 10 Windows NT Windows XP Windows 2003 Windows Vista

·

To view the McAfee SCAP content generated date, look for the Status Date in the XML file. Login to the Foundstone Enterprise Manager as the Global Administrator, then select MANAGE > XCCDF/OVAL. Click View XML and look for the Status Date. To view the OVAL content generated date, look for the oval:timestamp in the XML file. Login to the Foundstone Enterprise Manager as the Global Administrator, then select MANAGE > XCCDF/OVAL. Select the OVAL tab. Click View XML and look for the oval:timestamp tag. When generating vulnerability reports, the CVE Last Modified Date is included on the report summary page. When a benchmark or vulnerability report is generated, a reportconfiguration.xml file is created The file is located in the HTML folder of the benchmark report files. Use the reportconfigurartion.xml file to find the following benchmark information: o o o o CPELastModifiedDate - shows when the CPE content was last imported into <product>. CPEGeneratedDate - shows when the CPE content was created. CVELastModifiedDate - shows when the CVE content was last imported into <product>. CVEGeneratedDate - shows when the CVE content was created.

·

· ·

·

When viewing the OVAL results in a benchmark report, if the report contains CCE data and you want more details on the CCE data, open the benchmark results file.

o

For example, if you used the FDCC Win XP benchmark: Download or locate the report file, go to the folder of the scanned host (...[scan name]\[scan number]\HTML\XMLData\[host]). Open the fdcc-winxp-xccdf.xml file. Search for the CCE-ID.

·

The CPE naming can be found in the machine readable output files that are available in the XMLData folder for the generated benchmark report. o For example: \[scan name]\1\HTML\XMLData\[host]\fdcc-winxp-xccdf.xml \[scan name]\1\HTML\XMLData\CPE.xml o For unauthenticated vulnerability scans: \[scan name]\1\HTML\XMLData\discoveredHosts.xml

Note: The compressed benchmark file from the NIST website may actually contain two copies of

FDCC benchmarks, which causes errors when Foundstone tries to import the file. To resolve this, uncompress the benchmark file and then recompress only one of the FDCC benchmark folders. You should then be able to import the recompressed benchmark file. · · · Late Binding: Resolving IP addresses to asset at scan run time instead of during scan configuration. Credential Sets: Credential Sets allows you to create sets of credentials outside of a scan configuration and give it a unique name. Credential sets can then be used when configuring a scan. Asset Tagging: Foundstone allows asset tagging of scanned assets on your network. Foundstone will put a unique identifier (GUID) on an asset when it is scanned. This will increase the accuracy of asset reconciliation. Asset Tagging is disabled by default. Removal of the FoundScan Console: Now you don't need to have a Primary Scan Engine on your network to coordinate the data flow to your other Foundstone components. With an API server coordinating the data flow, you can now have your scan engine scanning your network instead of monitoring other scan engines.

·

2

Known Issues

The following list shows the known issues in this release. · Foundstone documentation states that the Java Runtime Version installed by Foundstone is JRE 1.6.0_02. The JRE version installed with Foundstone 6.7 is JRE 1.6.0_07. o To update the JRE to a later version, you need to modify a setting in the Foundstone Enterprise Manager config.ini file. The config.ini file is located at ...\Program Files\Foundstone\portal\include on the server running the portal. Open the config.ini file, find the java_use_dynamic_jre_versioning setting and change it to true. You can now manually install a later version of the JRE on each system that access the Foundstone Enterprise Manager. · With Foundstone reports, you can select the number of data rows to view in the report, up to 200 rows. Some reports, like benchmark reports, have large data sets and can cause Internet Explorer to run out of memory when trying to view a large number of data rows. Choosing to display fewer data rows may resolve this problem. If the DHCP server does not properly propagate DNS names to the DNS server, the fully-qualified domain name (FQDN) may not be stored properly. A blank page is displayed when attempting to log into the Foundstone Enterprise Manager. o To fix this during installation, remove the DNS suffix for all Foundstone components if the host machine is not part of that domain. To fix this after installation, modify the config.ini file by removing the DNS suffix from the Foundstone Enterprise Manager, Scan Engine, and Report Server.

·

o

·

The Benchmark Results page in a benchmark report has a Target Platform field under Target Information. The target platform may display the program or operating system being targeted by the benchmark (examples: Windows 2003; Microsoft Internet Explorer 7). While logged in as a Root Organization administrator, if the administrator opens a report from the portal, uses the Switch to Global Admin function, and then tries to navigate to a different page in the report, an error message will display. This is caused by the current session being a Global administrator and not the Root Organization administrator. To view the report, switch back to the Root Organization administrator and open the report. If Foundstone is upgraded from 6.0 to 6.5 and then from 6.5 to 6.7 before running FSUpdate, Foundstone 6.7 may not install. If upgrading from Foundstone 6.0 > 6.5 > 6.7, be sure to run FSUpdate at least once while Foundstone 6.5 is installed. HTML reports for XCCDF scans include XCCDF and OVAL output. If validation fails during import for an XCCDF or OVAL file, details about the failure are in the log file. The Upload Time for SCAP content represents when the content was loaded into Foundstone. This date will change when new or updated content is loaded into Foundstone using FSUpdate. It is possible that SCAP content will have different upload times based on when each content item was added or updated. CVSS scores in Foundstone are imported from McAfee Avert Labs ­ CRD. It is possible that the CVSS score in the CRD has not been properly updated when compared to current CVSS scores. CVSS scores are not supported by benchmark scans.

·

·

· · ·

· ·

3

·

The Foundstone Enterprise Manager portal has a memory limit of 384MB for any portal activity (for example: viewing or downloading reports). Exceeding this limit may cause a blank page to appear when viewing reports (for example: multiple users downloading large reports at the same time). In the Foundstone Configuration Manager, if the report server Use Custom HTTP/HTTPS port checkbox is enabled (Tools > Preferences > Report Server tab) but the port number is left as a default (80 or 443), then the next time this tab is displayed, the checkbox will be unchecked. This checkbox will remain checked if a non-default port number is entered (any port other than 80 or 443). In the Foundstone Configuration Manager, when using the Run Now checkbox (Tools > Preferences > Database), the checkbox remains accessible (is not grayed out) when the Run Now is applied. In the config.ini file, HTTPS is enforced by default. Foundstone Default Scans will be set to Internal by default. This setting is on the Report Tab of the scan editor (Scans > New Scan or Scans > Edit Scans). McAfee provides some McAfee standard SCAP content. McAfee standard SCAP content cannot be deleted from Foundstone. If the Foundstone help window is open and you attempt to open a different help file using the Help icon, the help window does not automatically refresh the help content. The user must manually refresh the help window. During the creation of a new asset report template, options for delta reports (Report Type tab) disappear when the template is saved. Data Synchronization log files have been removed. When upgrading from a previous version of Foundstone, the API Server must be installed on the same server that hosted the FoundScan Console (Primary Scan Engine). When changing database or API server settings in the Foundstone Configuration Manager Console Properties dialog box, the Foundstone components must be manually restarted for the changes to take affect. If your Foundstone installation requires an updated JRE but you receive a blank page when trying to install, you may need to adjust your Internet Explorer security settings to allow the launching of an executable. When switching between organization administrator and global administrator logins, any open report windows will not function properly while logged in as a global administrator. You can either close the report window or wait until you switch back to your organization administrator login. For Benchmark reports, XCCDF and OVAL output are included in the HTML report. CPE values assigned by McAfee cannot be overwritten. The API server settings can be changed in the Foundstone Configuration Manager Console after installation is complete. When running a scheduled scan, the Start and Duration times are not properly displayed. The Start time will show the date the scan is scheduled to begin, but the time will display as midnight of that day. The scan will run at the scheduled time. The Duration time will show the actual time it took to run the scan plus the time between midnight and the scheduled scan time. To find the actual scan duration time, remove the time between midnight and the scheduled scan time. When using Foundstone online help, the help window does not automatically refresh if it is left open. Either close the help window before clicking on a different help icon or refresh the help window. When creating a new Delta Report template, the Delta Report options are unavailable after saving the template. 4

·

· · · · ·

· · · ·

·

·

· · · ·

· ·

· · · · · ·

When running a UNIX compliance scan against a Solaris machine that has a customized prompt, the scan may take too long, resulting in a timeout error due to the TCP connection being closed. For XCCDF schema validation, Foundstone uses 1.1.4. When saving valid custom values for an external FoundScore (0-100), an error message will display. The valid custom values are saved to the database. If you edit a scan with a monthly schedule and select a day later in the month, the scan may not run until the following month. In a Discovery scan, the effective IP pool may not be calculated. OVAL files can be referenced by file name in a benchmark, so it is best not to update OVAL files to use a new file name. If you must update an OVAL file to a new file name, then all affected benchmarks must also be updated. When two users (i.e. an organization administrator and the global administrator) try to download threats from the same threat feed, a deadlock on locked resources can occur and one of the download tasks will fail. When creating a scan, if you enter a number as a host name, the result will be interpreted as 200.0.0.0. When logging into the Foundstone Configuration Manager console, using the wrong credentials could result in an Unable to check EULA acceptance error message. For Foundstone 6.7, the Foundstone Configuration Manager console (FCM) is a required component. When adding an ePO data source to Foundstone, if there are special characters in the data source name, the characters are sanitized to prevent errors in SQL. For example: "Foundstone's" is sanitized to "Foundstone's". If you use SSO and upgrade Foundstone, you must login at least once for SSO to function properly. When using the CVSS calculator, if the metric in the calculator do not update properly, click the Apply Vector button to update the metrics in the calculator. Foundstone does not support Windows 2008. When logged into Foundstone as a Global Administrator and deleting a custom template, the wrong message might be displayed. When updating the XCCDF file, if a different file is used to attempt the update, an error code might display. When creating organizations, workgroups, or asset groups, the names should be unique. Tailored values for a benchmark are properly used by Foundstone for an audit, but may appear in the report as the original values. If Policy Auditor writes CPE entries to the dictionary, the dictionary is modified and the CPE Modified Date updates accordingly. Benchmarks that cannot be scanned (i.e. no runnable rules) will not be available for selection in XCCDF scan configurations. When scheduling a scan configuration to run on a monthly basis, the scan status may appear as Paused. The scan is not in a paused state, the scan is simply waiting for the scheduled time to run.

·

· · · ·

· · · · · · · · · ·

5

Fixed Defects

The following list shows the changes and updates for Foundstone 6.7. This application installs only the patch needed to update the Foundstone system. · On the Summary and Discovered Host pages of a report, the following note has been added: o Note: Foundstone uses a customizable rule-based system to track individual assets; hence it is possible that multiple discovered hosts match a single asset based on currently configured rules. For this reason, the number of Active Systems (assets) displayed in the Discovered Hosts or Asset Summary section can be less than the total number of Hosts Found in the scan status page.

·

When managing data source, dragging asset groups with multilevel subgroups would not work properly. Foundstone 6.7 now resolves asset names and IP addresses when a scan is run, not when a scan is created. Now dragging an asset group will display the group name and the subgroups will be resolved when the scan runs. When editing an ePO data source, the ePO database name is also editable. If a session timed-out while on the Asset Reports tab (REPORTS > GENERATE REPORTS > Asset Reports), a blank page was displayed. This has been fixed in Foundstone 6.7. For remediation tickets, a tooltip warning has been added to the Calendar button that notifies the user that the due date cannot be modified until the ticket is assigned. On the Scan Status page, if the Number of Scans per Page is set to ten and there are only ten scans, the Next button remains inactive. Only the Global Administrator can adjust the default engine settings.

· · · · ·

6

Information

Foundstone 6.7 Release Notes

6 pages

Report File (DMCA)

Our content is added by our users. We aim to remove reported files within 1 working day. Please use this link to notify us:

Report this file as copyright or inappropriate

1336716