New Policies in March 2022 - 1.0 - Cortex XPANSE - Cortex - Security Operations

Cortex Xpanse Release Notes

Product
Cortex XPANSE
Version
1.0
Creation date
2022-08-25
Last date published
2023-01-10
Category
Release Notes

The following Cortex Xpanse issue policies apply to both Cortex Xpanse Expander and Cortex Xpanse Assess. These policies were introduced or updated in March 2022:

  • Adobe Commerce—This policy identifies indicators for both Magento Open Source and Adobe Commerce. Version numbers are not identified.

  • Apache Shiro

  • Argo CD

  • APC Smart-UPS

  • ForgeRock Access Management (AM) Server

  • Gitea

  • Github Enterprise

  • HashiCorp Vault

  • IBM Planning Analytics

  • Insecure Cisco Small Business RV Series Router—This policy was updated to detect CVE-2019-1653.

  • Insecure SolarWinds Orion Platform policy has been updated to mark versions 2020.2.6 or earlier as vulnerable

  • Microsoft OWA policy has been updated to identify numbers

  • MongoDB Mongo-Express

  • NetGear ProSafe—NetGear ProSafe under Software identified in BOD 22-01

  • Okta SSO

  • OpenVMS Operating System

  • Puppet Infrastructure

  • SAP NetWeaver Application Server—This policy was updated to enable version numbers to be extracted under certain circumstances.

  • Services Hosted in Adversary Country policy updated to include On Prem assets only

  • Sophos SG Series Firewall—This policy identifies a Sophos SG Series firewall, model and serial number are identified where available.

  • Sophos XG Series Firewall—This policy identifies a Sophos XG Series firewall, model number is identified where available.

  • Sophos XGS Series Firewall—This policy identifies a Sophos XGS Series firewall, model and serial number are identified where available.

  • Zabbix IT Monitoring Software

  • Zoho ManageEngine ADManager

  • Zoho ManageEngine Desktop Central

  • Zoho ManageEngine Desktop Central MSP—This policy identifies the presence of Desktop Central MSP on a host; the web UI may also be surfaced.

Refer to the Cortex Xpanse User Guideor Cortex Xpanse Assess User Guide for more information about policies.