Features Released in January 2021 - 1.0 - Cortex XPANSE - Cortex - Security Operations

Cortex Xpanse Release Notes
Product
Cortex XPANSE
Version
1.0
Creation date
2022-08-25
Last date published
2023-01-10
Category
Release Notes

The following table describes new features in the Cortex Xpanse January 2021 release.

Feature

Description

New Issue Policies

  • OpenSSL—Low – OpenSSL is a commonly used toolkit and cryptography library for TLS and SSL protocols. This issue identifies OpenSSL strings in HTTP, FTP, and SSH data.

  • VMware vSphere—Medium – VMware vSphere is an enterprise virtualization platform for managing fleets of servers, virtual machines, and ESXi/ESX hypervisors. This issue identifies vSphere administration clients that are exposed to the internet.

  • Cisco Secure Web Appliance—Medium

  • Unclaimed S3 Bucket—High – Amazon Simple Storage Service (or Amazon S3) is a service offered by AWS that provides object storage through a web interface. S3 buckets serve as the containers for objects, similar to file folders, and can also be configured for website hosting to serve static content as web servers. S3 buckets are bound to a particular domain. When a domain name (CNAME record) points to an S3 bucket that is not defined, anyone can register the S3 bucket, place content there and masquerade as the company. This is one instance of what’s known as subdomain hijacking.

  • JetBrains TeamCity Server—Medium – TeamCity is a continuous integration/continuous delivery (CI/CD) platform used to automatically test and build software from a source code repository. Compromise of a TeamCity deployment or other CI/CD service could allow an adversary to compromise the software being built to create a downstream security risk, access source code, or pivot elsewhere within a target network. As a result, TeamCity servers generally should not be exposed to the public Internet.

  • Default Apache Tomcat Page—Low – This issue shows that a default Apache Tomcat landing page has been found. This can be a proxy for finding the Tomcat Management Portal as the landing page contains a button with a link to the management app. While the discovery scan does not actually “click the button” to download and run the management app, it flags the presence of the button displayed on the default landing page. Compromise of a Tomcat landing page could allow an adversary to connect to the management portal, change the configuration, upload new applications, or run arbitrary code on the server.

Issues Overview Dashboard

This dashboard introduces many new charts and filters for monitoring your network risk and progress remediating Issues. As with our other new Dashboard pages this view supports an array of filter options and includes a button for sharing your current page and filter set with other users of the same Expander network.

Dashboard Time Series Export Options

Users can now export Expander dashboard time series charts as png, svg, or csv.

Add “No Risk” Progress Status

Users now have an additional Progress Status within the Closed sub-category to classify Issues determined to have mitigating controls or valid policy exceptions without declaring them to be Acceptable Risk or Resolved.

Settings Page Redesign

Users can now find their Issues digest and change password settings within a top-level tab in Expander.

Bug Fixes

Resolved Issue that prevented the Provider value from appearing on the Issues detail page.