BeyondInsight and Password Safe 6.9.0 Release Notes

April 16, 2019

New Features and Enhancements:

  • General:
    • Added Support for Sailpoint System for Cross-domain Identity Management (SCIM), including a new SCIM management API and a new certified Sailpoint SCIM integration.
    • Rebranded the installer, configuration tool, BeyondInsight Console, and Analytics & Reporting.
    • Updated company name and EULA.
    • Added an Endpoint Privilege Management Agents grid.
    • Added an Endpoint Privilege Management Events grid.
    • Added an Endpoint Privilege Management Policy grid.
    • Added an Exclusions Menu for Privileged Desktop Management.
    • Added the ability to clear the .NET cache using the BeyondInsight configuration tool.
  • Analytics & Reporting:
    • Added an Endpoint Privilege Management suite of reports and pivot grid data points.
    • Added "Is Zero Day" as a single-select parameter, "Severity" and "Vendor Name" as multi-select parameter, and "Software" as a partial text match parameter to the Executive Trend Dashboard.
    • Added "Is Zero Day" as a single-select parameter, "Mitigation Type" and "Vendor Name" as multi-select parameters, and "Software" as a partial text match parameter to the Executive Risk Dashboard.
    • Added "Is Zero Day" as a single-select parameter, "Audit Group", "Mitigation Type", and "Vendor Name" as multi-select parameters, and "Software" as a partial text match parameter to the Vulnerability Scorecard.
    • Added "Severity", "Mitigation Type" and "Vendor Name" as multi-select parameters and "Software" as a partial text match parameter to the Executive Environment Summary.
    • Added "Is Zero Day" as a single-select parameter, "Severity", "Mitigation Type", and "Vendor Name" as multi-select parameters, and "Software" as a partial text match parameter to the Vulnerabilities by Operating System report.
    • Added "Audit Group", "Severity", "Mitigation Type", and "Vendor Name" as multi-select parameters and "Software" as a partial text match parameter to the Extended Executive Summary.
  • Password Safe:
    • Added support to manually enter domain fields and disable automatic password management for Directories.
    • Added import and export of Password Cache configuration and data.
    • Implemented performance improvements to Password Safe console.
    • Added authenticated proxy support for the Azure connector.
    • Access Policy Name maximum character length has been increased from 20 to 256.
  • BeyondInsight and Password Safe API:
    • GET Aliases/{id}: Returns a requestable Managed Account Alias by ID.
    • Synced Accounts support:
      • GET ManagedAccounts/{id}/SyncedAccounts: Returns a list of subscribed or synced Managed Accounts by Managed Account ID.
      • POST ManagedAccounts/{id}/SyncedAccounts/{syncedAccountID}: Subscribes and syncs a Managed Account to the Managed Account referenced by ID.
      • DELETE ManagedAccounts/{id}/SyncedAccounts: Unsubscribes and unsyncs all Managed Accounts from the parent Managed Account by ID.
      • DELETE ManagedAccounts/{id}/SyncedAccounts/{syncedAccountID}: Unsubscribes and unsyncs a Managed Account from the Managed Account by ID.
    • GET Aliases, GET Aliases?name={name}: Significantly improved performance.
    • GET ManagedAccounts: Now allows searching on any one of type, systemName, accountName, ipAddress, applicationDisplayName, or workgroupName.

Issues Resolved:

  • Resolved a data issue for Operating System information within the various grids of BeyondInsight.
  • Resolved an issue with Central Policy processing.
  • Resolved an issue with deleting a local user on an asset.
  • Resolved an issue with the All Assets Smart Rule generating a warning message.
  • Resolved an issue with loading the Credentials Manager .
  • Resolved an issue with sending scheduled jobs to Host Scanners.
  • Resolved an issue with RADIUS Two-Factor Authentication NAS Identifiers.
  • Resolved an issue with SAML login failures.
  • Resolved an issue with RADIUS server failover.
  • Corrected a display with the Asset details "Member Of" column.
  • Resolved a login issue with Okta SAML.
  • Resolved an issue with the HP ArcSight connector.
  • Resolved an issue with scheduled scans using the Host Scan template.
  • Resolved an issue with LDAP using SSL returns.
  • Resolved an attribute issue with Smart Rules.
  • Resolved an issue with missing event data being forwarded via connectors.
  • Resolved an issue with the Smart Rule editor.
  • Resolved an issue adding an Active Directory user to a local BeyondInsight group.
  • Resolved a display with Endpoint Privilege Management IPS custom rules on Asset Details.
  • Resolved an issue with credentialed scans.
  • Resolved an issue with using credentials for directory queries.
  • Resolved an issue when using SNMPv3 for Event Forwarding.
  • Resolved a display issue for IP Addresses in the Assets Grid.
  • Resolved an issue with adding an Address Group.
  • Resolved an issue with the test functionality of the Azure Connector.
  • Resolved an issue with SNMP Connector MIB Formatting.
  • Corrected a typo on Credentials page.
  • Resolved an issue with CVSS Scores.
  • Resolved an issue with the ServiceNow Connector Asset export test.
  • Resolved an issue with updating scans status.
  • Resolved an issue with configuring the BeyondSaaS Connector.
  • Resolved a performance issue with the BeyondInsight Vulnerability Export Report.
  • Resolved a configuration issue with Analytics & Reporting.
  • Resolved an issue with the Password and Session Activity report.
  • Resolved an issue with Analytics & Reporting Reports associated with Global Smart Rules.
  • Resolved an issue with inactive users in the Entitlement by User Report.
  • Resolved an issue with the Mitigation Information field under multiple reports.
  • Resolved an issue with the Analytics & Reporting daily job.
  • Resolved an issue the Password Reset on Release report.
  • Resolved an issue with CVSSv2 scores in various reports.
  • Resolved a data issue with Password Safe Session Monitoring.
  • Resolved an issue with configuring "Enable for API access" for Password Safe Managed Accounts.
  • Resolved an issue with Password Safe Smart Rule Processing of Managed Accounts.
  • Resolved an issue with validating duration for Password Safe OneClick users.
  • Resolved an password change issue for Password Safe Oracle accounts.
  • Resolved a password change issue for Password Safe Sybase accounts.
  • Resolved an issue with SAML logout.
  • Resolved an issue with changing passwords for Password Safe OneClick users.
  • Resolved an issue X11-enabled Password Safe SSH sessions.
  • Resolved an issue with Password Safe SSH Sessions.
  • Resolved an issue with the Smart Rule editor.
  • Resolved an issue with displaying Mainframe accounts on the Password Safe Portal.
  • Resolved a permission issue with a Password Safe Requestor user.
  • Corrected a display issue on the Password Safe Portal for Session Reviewer users.
  • Resolved an issue with Password Safe Managed Bind Accounts.
  • Resolved a database performance issue.
  • Resolved an issue with DSS Auto Key rotation when asset has been onboarded via smart rule user accounts added via psrun2.
  • Resolved an issue with using a proxy server with the BMC Remedy connector.
  • Resolved a login issue for Smart Card users.
  • GET Organizations/{id}/SmartRules?title={title} now properly returns the expected response.
  • GET Organizations/{id} now properly returns only a single matching Organization.
  • In GET Organizations/{id}, {id} is now case insensitive.
  • When using a new credential to bind to the directory, POST UserGroups - groupType=ActiveDirectory now properly creates a new credential before the bind.
  • GET ManagedAccounts?systemName={systemname}&accountName={accountName} no longer returns directory-based accounts when a domain is not specified in {accountName}.

Notes:

  • BeyondInsight requires Adobe Flash Player 22.0 or higher.
  • The MD5 signature is: bdd9ef81b087231f1a156395a4137b5c
  • The SHA-1 signature is: 69d80e471a7a9cabe870dde38ecf0f38745090d1
  • The SHA-256 signature is: 94509c830471457290649aa6ea023937915d52dec8b624eade5745878c31574f