Frontline Web Application Scanning (Frontline WAS)
August 2023
Version 6.5.6.0
August 30, 2023
New Features
- This version of Frontline Web Application Scanner introduces several enhancements for the PCI Self Service feature
- Initial Support for RNA Upgrade Pipeline to Install Ubuntu 20.04
Enhancements
- PCI Self Service:
- Scan Groups now support dynamic auto-creation of WAS scans from VM scans that detect webservers
- Support file attachments for PCI Disputes
- Support assignment of PCI disputes to selected PCI analyst
- System generated WAS Audit policy created for PCI Compliance Scans
- Enforce PCI workflow parameters in scans created for Scan Groups with applied settings
- New notifications added to ensure assigned PCI analyst is notified whenever a dispute comment is made
- New PCI Vulnerabilities CSV Export report
- Generate PCI Compliance Reports sections as reports and ZIP
Fixes
- PCI Self Service:
- Disable ability to dispute on scans older than 90 days
- Revert to original vuln status when disputes sent back to pending
- Revert status (Pass or Fail) on expired disputes when rescanned
- Set dispute expiration to end of quarter
- Prevent PCI Compliance Report for only WAS scans
- Correctly note WAS webapps not found during scan in section 4c of PCI Compliance Report
- PCI Compliance Report Scan Summary part 3b needs to show most recent note
- Scan Groups:
- New Scan Group button forwards to link with query information on url
- Sorting by "Next Period Start" sort does not sort correctly
- Intermittent failures recrypting scanner credentials
- Scans attempting to launch on artificial RNAs error out immediately
July 2023
Version 6.5.5.2
July 7, 2023
Enhancements
- This version of Frontline Web Application Scanner introduces various bug fixes and enhancements to improve overall usability and quality.
- One-Time Scans: Add OTS configuration for IBM i DDM Service Unauthenticated RCE One-Time Scan.
Fixes
- One-Time Scans: Updated verbiage for consistency and grammatical correctness.
- PCI Self -Service: Fix the incorrectly filtered global view of the PCI dispute list.
- Multi-scan reports potentially error from setting value on incorrect field.
May 2023
Version 6.5.4.1
May 31, 2023
Fixes
- PCI Compliance Reports marked incorrectly as "Failing"
Version 6.5.4.0
May 31, 2023
New Features
- WAS Security Seals
- Linux Agent Support
Enhancements
- PCI Self Service: Update our PCI ASV number and POC in PCI Compliance Report
- PCI Self Service: Support PCI reporting on undetected hosts
- Add "status" support for completed Scan Group runs to Scan Group Template controller / page
Fixes
- Update package dependency versions
- Fix max CVSS scores displayed in the Vulnerability Dictionary
- Miscellaneous filters
- WAS vuln assessment workflow unavailable on accounts with on the Web Application Scanning subscription
- Console Error when resetting password
April 2023
Version 6.5.2.5
April 7, 2023
Enhancements
- Internal improvements for tracking metrics and maintaining stability in Frontline.
Version 6.5.2.4
April 3, 2023
Enhancements
- Internal improvements for tracking metrics and maintaining stability in Frontline.
June 2022
Version 6.4.4.0
June 11, 2022
New Features
- Edge Network support increases the scalability and responsiveness of our scanning communication network.
- Implementation of Business Groups.
- Reports enhancements with support for scheduled and emailed reports.
- Added a Global Vulnerability Search for MSP accounts.
Enhancements
- Business Group Column in active view display (Ticket 18151).
- Auth Scan Config: Add a "Test Your Config" button (Ticket 20422).
-
Dynamic Labels used as Rules for Business Groups (Ticket 18019).
-
Preserve access to historical scans / reports after Business Group access levels change (Ticket 20046).
-
Report Scheduler (Ticket 17363 and 1456).
-
Vulnerability Age Report (Ticket 17601).
-
Added the ability to save report filters for future use (Ticket 19099 and 1457).
-
Included an Authenticated Creds Test button (Ticket 19473).
-
Enterprise Admin Group able to view other groups dashboard (Ticket 19635).
-
Custom Report Templates - Data Filters (Ticket 20275).
-
Frontline WAS Business Group capability (Ticket 21396).
-
Change how we manage IP restrictions for Business Groups (Ticket 22207).
-
Custom email lists for scanning notifications (Ticket 22633).
-
Added the ability to enable recurring reports (Ticket 23319).
-
Made Scan Description variable visible in UI (Ticket 23827).
-
Fulfilled request for NVD Reporting Functionality (Ticket 24517).
-
Choose what reports automatically generate after a scan (Ticket 24885).
-
Sending reports (Ticket 25073).
-
Added Business Group column to Scanners page (Ticket 18553).
-
Added support for a Microsoft patches only report (Ticket 1831).
-
Auth Scan / Credential PDF Detailed Status Report (Ticket 1094).
-
Add support for emailing reports to users (Ticket 1514).
Fixes
-
Fixed subject for some automated emails to match email content (Ticket 25212).
-
Updating Business Group shows IPs as not associated to Scanner Profile (Ticket 24695).
-
Email headers do not match email content (Ticket 25212 and 25289).
-
Graphs & Trending - "Asset Rating Counts" not displayed in DDI Asset Rating colors (Ticket 658).
-
Asset Rating not viewable with NVD/PCI (Ticket 1072).
-
Executive Summary Report does not respect NVD/PCI options (Ticket 1082).
-
Managed Accounts Reports not available in WAS (Ticket 1320 and 1608).
-
Input fields for AV Window Size and SLA Days are active (Ticket 1323).
-
AV Summary incorrectly processes non-default options (Ticket 1369).
-
CIS CSV Export defaulting to PDF format (Ticket 1486).
-
Several filters have multiple entries in the Vuln Dictionary and Vuln Trend filter sets (Ticket 1502).
-
Clicking on 'Vuln Definition' on scan results causes loading the accounts page removes the active context and takes to the account page (Ticket 1548).
-
Vulnerabilities have multiple unique instances in agent scans (Ticket 1658).
-
Spelling error in DB/OS Tooltip (Ticket 1725).
-
Unable to delete manually added labels to Assets (or Vulnerabilities) (Ticket 1822).
January 2022
Version 6.4.3.2
January 26, 2022
Enhancement
- Moved additional logs into Loki logging subsystem for Frontline.Cloud.
Fixes
- Fixed Managed Accounts Users for CSV Export failures in cases related to deleted user roles.
- Fixed Trial accounts on TryFrontline.Cloud that automatically spin down shortly after being created.
- Added clarity to Managed Accounts Security GPAs CSV Exports sort order by including owner field in CSV export.
- Corrected the spelling error in "Approved management access request user" filter.
Version 6.4.3.1
January 19, 2022
Fixes
- Added multiple fixes to Frontline TAP threat intelligence feed processing for Threat Rank.
- Frontline.Cloud infrastructure fixes related to expiring certificates.
Version 6.4.3.0
January 12, 2022
New Features
- Includes a comprehensive suite of management reports targeted specifically for MSPs utilizing Frontline.Cloud.
- Reports include CSV reports, PDF reports and email alerts that allow MSPs to effectively manage their customer based and understand usage and trends.
Enhancements
- Added ability to see raw request data for all users.
- Added delay-time-period before automatically spinning down Trail accounts (Bug 25048).
- Added support to filter scan results by a list of CVEs (Bug 23333).
- Changed default RNA Access Request time to be 8 hours.
- Deprecated Oracle Image Virtual RNA download.
- Introduced report review workflow into Frontline.Cloud (Bug 20672).
- Allowed Trial account options to be set during Trial account creation as an option.
- Removed per-account limits for Virtual RNA appliance tokens.
- Replaced Digital Defense, Inc with Digital Defense by HelpSystems.
- Improved support for NVD / PCI rating schemes within Frontline.Cloud (Bug 23934, 25071).
- Added suite of MSP / Super account management reports (Bug 24793, 20040, 20517).
- Replaced logo with favicon for themes list.
- Various infrastructure improvements and security updates.
- Added WebApp Scan Export API.
Fixes
- Fixed slow speed on Manage RNAs list page.
- Corrected broken links to help pages on new account Dashboard (bug 24931).
- Fixed incorrect body text in RNA Access Approved email.
- Fixed display of report options in report's options appendix.
- Updated super account usage metrics that failed in some instances.
- Trial accounts can be upgraded to General accounts (Bug 25253, 25060).
- Corrected various bugs for reports including grammar, spelling and style fixes.
- Fixed Virtual RNAs that could not be downloaded on TryFrontline.Cloud due to trade.gov API changes (Bug 25299).