The following table describes new features in the Cortex Xpanse March 2021 release.
New Issue Policies
VMware vCenter Admin Page—This policy identifies an administrative login page for VMware vCenter, which is critical network infrastructure.
Fortinet Device—This policy identifies a variety of Fortinet devices that are exposed to the internet. It is not available by default for all customers.
F5 BIG-IQ Server—This issue enumerates the F5 BIG-IQ login portal. F5 BIG-IQ Centralized Management provides a unified point of visibility and control to manage policies, licenses, SSL certificates, images, and configurations for F5’s BIG-IP family of products.
F5 BIG-IP TMUI—Updates to the existing policy.
HPE ProLiant Server—This policy detects HPE ProLiant Servers. It is off by default.
Insecure SIP Server—This is a new policy specifically to detect insecure SIP servers. It is a subset of the previously existing SIP Server policy. It is off by default
Microsoft Exchange, OWA—We improved detection of our existing Microsoft Exchange and Outlook Web Access (OWA) policies.
Insecure Microsoft Exchange Server—This issue flags on-premises Microsoft Exchange Servers that are vulnerable to the zero-day exploits described by Microsoft in March 2021 and used by the Hafnium threat actor (HAFNIUM targeting Exchange Servers with 0-day exploits – Microsoft Security). The vulnerabilities identified by Microsoft are CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065. It is on by default.
Dashboards: Services Count and Providers Chart Now Include Drill-through
Users can now click on the summary Services count or the Go to... link in the Providers chart in the Attack Surface Overview dashboard in order to review more details about the relevant Services within the List View.
Update to Issues List view
Based on user feedback that the First Added column was occasionally confusing, we have replaced it with the column First Observed.
Dashboards: Y-axis adjustments
Updated the Y-Axis of all trend widgets on both the Issues Overview and Attack Surface Overview dashboards to better emphasize the actual trend and changes in data.
Dashboards: Map View
Released the Map view on the Issues Overview Dashboard.
IP Details Page
The new IP Details page has shipped. This page allows users to pivot around a single device (IP address) and look for all the related issues, services, certificates, domains, etc.