Fortra Vulnerability Management (Fortra VM)

NOTE: Formerly known as Frontline Vulnerability Manager (Frontline VM).

July 2024

Version 7.0.3.0

July 27, 2024

New Features

  • Standard mode in Create a Scan (VM only – WAS coming soon)

    • Standard mode allows users to run a scan quickly and easily with simplified settings. Simply enter your target IPs and/or hostnames, set a schedule if desired, and run. The traditional Create a Scan experience is now Advanced mode, which has the classic options for organizations with more complex use cases such as custom report auto-generation, business groups, and multiple scanner profiles. There is a toggle in user preferences to default to Advanced mode if desired.

  • New login experience

    • This release standardizes the Fortra VM login experience, allowing for smoother handling for organizations using Fortra IdP or custom SAML configurations. This reduces the frequency of UI errors due to session handling. In the new experience, users enter their email address and select “Next” to be redirected to the next step based on their configuration (password, their organization’s single sign-on, or Fortra IdP). Custom theming is supported with this feature.

  • PCI-ASV scanning: track progress toward compliant scans

    • For PCI-ASV scans, this new widget provides visual representation of how close a PCI-ASV scan is to being compliant. This widget is found on the Scan Overview tab for VM scans and the Details tab for WAS scans. It tracks vulnerabilities that require action to receive a compliant scan: PCI Failures, which require a dispute or remediation; and PCI Requires 3b Notes, which require additional documentation in accordance with PCI-DSS standards. Users can select PCI Failures or PCI Requires 3b Notes to be taken to the list of relevant vulnerabilities.

  • PCI-ASV scanning: auto-generate Attestation of Compliance

    • PCI-ASV self-service customers can now automatically generate an Attestation of Compliance report upon scan completion when using a scan group. From a new or existing scan group with PCI workflow, toggle on Auto-Generate Reports and fill out the PCI Report Details and PCI Scope Details (make sure to Save!) to use this feature.

Enhancements

  • PCI Self Service:

    • Added the ability to auto-generate PCI Compliance reports from Scan Group – see New Features section

    • Information from previous disputes is now prefilled

    • Removed warning that a dispute is going to expire

    • PCI progress bar in VM and WAS – see New Features section

  • Dashboards:

    • Removed dashboards for Checklist only view

    • Added Release Notes at the bottom of checklist on Getting Started dashboard

  • Web Application Scanning:

    • Added better handling for ad-hoc webapps / webapp asset groups

  • Scan Groups:

    • Improved workflow to-from Scan Group -> Add/Edit scan

  • Vulnerability Dictionary:

    • Added a new sort 'date_created'

  • Unified login for Fortra VM – see New Features section

  • Handle themes in app-based login

  • Standard mode scanning for VM – see New Features section

  • Change default trial subscription

Fixes

  • PCI-ASV Scanning:

    • Text Overlaps in PCI Scan Results

    • Need to change PCI DSS requirement 11.2.2 to 11.3.2 in PCI compliance reports

    • Added "Wordpress Unsupported Version" to EOL list

    • Added several vuln dictionary items to non_auto_fail lists

  • PCI Self Service:

    • Non-PCI WAS scans are in drop-down list of available scans for multi-scan PCI reports

    • PCI Non-Compliance Summary Report fails if only WAS scans are used

    • PCI scope loading slowly in report module

    • User must make edit to compliance report despite all additional info saved to scan group

  • Reports:

    • Managed Account Overview CSV report errors with unknown cause

    • Selecting PCI report templates on Report Templates list not setting correct report type

    • Managed Account Overview CSV has Internal and External GPAs displayed for WAS Security GPA

    • Managed Accounts Overview CSV Export values should be rounded to whole numbers

  • Scan Groups:

    • Cloning a group with completed VM and WAS scans schedules the WAS scan for incorrect date

  • Vulnerability Dictionary:

    • Sort by "Is New" needs update

  • Web Application Scanning:

    • Partial scan results are no longer displayed when a WAS scan is errored

    • Error attempting to rescan a recurring WAS scan

  • Allow underscore character in hostname entry fields

  • Typo in recurring scan definition, missing space

  • Unable to fit business group name when greater than 50 characters

  • Unable to delete themes - 403

  • Several typos on the theme manager page in the From email section

  • MSP account unable to change theme

  • Default Rating Scheme not sticking

  • Custom Permissions Role - Asset Labels Issue

  • Queued status does not display properly, shows grey bars and no text to indicate scan state

  • User "avatar" missing in comments / notes

  • Cannot set 'Can View Restricted Vulnerability Classes' to 'True', value is not saving

  • Site footer not showing version

  • PCI Lite subscription blocks Build a Report in Scan Activity

June 2024

Version 7.0.2.0

June 1, 2024

New Features
  • This version of Fortra VM introduces rerun and clone options for scans, scan groups, and reports. These options allow the user to easily recreate reports and scans with less manual work.
  • Added additional filter options and a “Group by vulnerability” button to the PCI tab for easier dispute and 3b special note entry. The new filter options allow the user to filter for failing vulnerabilities or for vulnerabilities requiring 3b notes without having to create a filter query manually. PCI reporting options were also extended to include a new PCI Non-Compliance Summary report and allow for individual generation of the reports included in the PCI Compliance Report bundle (PCI ASV Scan Attestation of Scan Compliance, PCI ASV Scan Report Summary, and PCI ASV Scan Vulnerability Details Report).
Enhancements

  • PCI Self Service:

    • Issues noted for "official certification" should be better displayed

    • Ability to store the Details/Additional Information Required needed to generate a PCI Compliance report

    • Skip review process for certified PCI reports

    • ASV "Discovery" and Scope Validation - Handling "Redirects" to components not scanned

    • Changes to dashboard experience for PCI Lite subscription customers

    • Added text to explain that scans scheduled in scan groups cannot be edited after creation

    • Added PCI Non-Compliance Summary Report

    • Added “Group by” to PCI Tab in VM and WAS with all bulk actions supported (bulk dispute/3B note entry)

    • Added view PCI fail / view needs 3b notes view filters

    • Split out PCI Scanning Compliance Report into 5 separate reports

    • Fixed certification warning message for domains not scanned in WAS

  • Scan Groups:

    • Added “Run now” and “Clone” options for scheduled scans and scan groups

    • Expanded scan group filtering options

    • Deleting a scan group template should delete all associated scan group templates

  • Reports:

    • Rerun / clone report history / schedule reports

  • Updated documentation referencing the navigation under the "System" menu

  • Display child account name associated with each scan in super account’s Scan Activity

  • Added the ability to calculate CVSSv4.0 score based on a CVSSv4.0 vector

  • Added support for the AWS real-time document translation API for short documents

  • Increased speed of update Role

  • Removed unused features – engagements, Approved IPs

Fixes

  • PCI Self Service:

    • Vulns with accepted disputes display as Fail in Scan Summary Digest view, but Pass when not in digest view

    • ASV Scan Summary Report - Include "path" in the Component for WAS components in Part 3B

    • ASV Scan Vulnerability Details - decrease pages used to create report

    • Special Note (3B): required' and 'Special Note (3B): N/A' should be displayed with lowercase 'b'

  • PCI:

    • DNS Server Zone Transfer Enabled should be auto-fail

  • Scan Groups:

    • Include the scan group number in the title of auto-generated scan group reports

    • Scan Group Template list page shows "No further group runs scheduled" when scans are/should be scheduled

    • Scan group detail scan status spinner icons not spinning

    • Scan group templates show inaccurate notification when deleted from the definition page

  • Fortra SSO:

    • Logging in to an inactive session loses engagement

  • Reports:

    • Managed Account Overview CSV report errors with unknown cause

    • Report review upload fails if Review Workflow is not selected

    • Reports using too many resources - remove multi-processing

    • PCI 3b Documentation Requirements Reports contains misspelling

    • Some reports cannot be deleted

  • Update Service Subscription Page (Remove unavailable offerings)

  • Production scans are very slow to launch - additional fixes

  • Export OVA RNA with VMX-7 support

  • Account owner resets when account class is changed

  • System messages cannot be deleted

  • VM scans erroring out with "Scan is loading" status details

  • Fix 500 error: Account matching query does not exist

  • Too many redirects accessing UK account from the account picker with Chrome browser

  • Links in accounts list trigger full page reload

  • Enabling 'Self Managed PCI Disputes' does not enable top-level owner account's Scans > PCI Disputes menu item

  • Account switcher does not change regions properly

  • Typo in Original Name account filter

  • Breadcrumbs missing in User Detail

  • Account switching - Multi-account user is unable to log in when one account is disabled

  • Issues with clusters failing to scan: "ERRORED Scan does not have a scanner"

  • CVSS Vector Risk filter for vulnerabilities is/or logic broken

  • Error message when generating some non-English reports - Switch to AWS Translate ES/PT

  • "Getting started" checklist needs an update to where the appliance tokens are located

  • Issue saving themes

  • Portuguese accent marks in client name causes new user invite email to fail to send

March 2024

Version 7.0.1.0

March 30, 2024

New Features

  • This version of Fortra VM introduces new vulnerability severity and CVSS risk matrix items to the Threat Summary dashboard.

  • The left side navigation bar has been updated for improved visibility. This includes moving the Threat Summary and Remediation dashboards into the navigation bar under VM Dashboards and splitting Scan Settings and Account into separate dropdown menus.

  • Added CPE information to the vulnerability dictionary and allows for searching and filtering by CPE within the vulnerability dictionary.

Enhancements

  • Dashboard Improvements:

    • Added vulnerability severity and CVSS risk matrices

    • Matrix items are now clickable

  • Navigation:

    • Threat Summary and Remediation Overview dashboards are now more visible

    • System has been split into Scan Settings and Account

    • Account switching and account context are now more visible

  • PCI Self Service:

    • Added “scanned by mistake” as reason option for out-of-scope target

    • Removed hard coded text under auto-generate reports

    • Added 'Out of Scope' option for WAS scope

    • Removed out of scope items from view in WAS PCI Tab

  • PCI:

    • Path and Embedded Link added in Section 1.1 of the 3B Documentation Requirements report

    • Components scanned by Ad Hoc Hostname use hostname instead of IP address in ASV Scan Report Summary

  • Changed the default agent deactivate to 365 days

  • Improved load balancing on external RNAs to reduce scan queue time

  • Added filter for provider/source to the vulnerability dictionary

  • Changed links under Support in left navigation bar

Fixes

  • PCI Self Service:

    • Improvements for File Attachment

    • When using Scan Immediately, an asset from Ad Hoc Hostname is rescanned using Ad Hoc IPs & Ports instead

  • PCI:

    • Out of scope host still fails report with 3b item

    • Color coding on manually added vulnerabilities using PCI as default rating scheme

    • NIST import is causing incorrect data for PCI rating

    • NIST import fails to import CVSS 3.0 data

    • ASV Vulnerability Details Report: Compliance should be by asset not by reference/vuln

    • Compliance reports not correctly displaying report creator in section A5 (ASV Attestation)

    • Web apps set to out of scope still appear in ASV Scan Vulnerability Details report

  • Scan Groups:

    • Scan group scheduling not updating

    • Disable on click or debounce the Create New Scan Group Template template's Save button

    • Duplicate web apps/web app groups created when Auto Generate WAS Scans was enabled

  • WAS:

    • Unable to set custom time zone on new scan template

  • Navigation:

    • Navigating from Scheduled Scans to Scan Activity displays yellow status bars until page fully loads

    • Issue navigating to Asset Details

    • Electing to edit an account from Client Ops>Accounts redirects to user's default landing page

    • Unable to open scan definition from scan summary

  • Reports:

    • Report Template links not populating new report page correctly on multi-region lineups

    • Report template type not populating in Create a Report for some super accounts

    • Illegal characters allowed in Build Report name field

  • Missing results in global vulnerability search

  • Account Switcher sometimes lists accounts twice

  • Error renaming scanner profiles

  • Upcoming Weekly Scans email not going out to clients

  • Support adding hostname-based rules for ad-hoc targets when rescanning assets dynamically

  • Request URL for integration edition definitions is malformed

  • Updated branding on Maintenance Page to Fortra VM

  • Updated branding on Release Notes section of At a Glance Dashboard

  • Page footer needs URL to Privacy Policy updated and copyright link is broken

  • Error response from initial account selector using IdP authentication

  • Fixed miscellaneous links

  • Issue update theming on MSP theme

  • Change password is broken

  • VM scans erroring out with "Scan is loading" - lower number of processes

February 2024

Version 7.0.0.0

February 28, 2024

New Features
  • This version of Fortra Vulnerability Management, formerly Frontline Vulnerability Manager, introduces new Fortra VM branding and integration with Fortra's platform.
  • Users will soon have access to Fortra IdP to simplify login, Fortra Support Portal access to support ticket submission and tracking, along with knowledge base articles and FAQs. '
  • Frontline VM users will be seamlessly transitioned to Fortra VM over the coming months with the opportunity to opt-in to Fortra's platform with native SSO version once eligible.
Enhancements
  • Branding alignment:
    • Removed 'Frontine' verbiage throughout UI and reports
    • Theme changes for branding alignment
  • PCI Self Service:
    • CVSS Score of 4.0 assigned to auto-fail vulns with no associated CVE-ID.
    • Changed "3b note" to "Special Note (3b)"
    • Limited SSL/TLS auto-fails to a list of known vulnerabilities
  • Updated agent documentation on help site
  • Improvements added to vulnerability dictionary (additional information and filters)
  • Added support for switching account via API request
  • Allowed nested General accounts
  • Allowed entry of multiple phone numbers in a theme
  • Report auto-scaling for improved report generation speed / capacity
  • Account level settings to manage Fortra IdP eligibility and active status
Fixes
  • File upload requests redirect to login in platform
  • Build Report in Active View errors and fails to show dialog box

January 2024

Version 6.5.9.0

January 6, 2024

New Features
  • Support for 'ephemeral' vulnerabilities.
Enhancements
  • PCI Self Service:
    • List vulnerabilities by all CVE-IDs in part 3a of the ASV Scan Summary.
    • Add verbiage for auto-failures per ASV Program Guide 4.0r2.
    • Ensure "Special Notes" align with ASV Program Guide 4.0r2.
  • Delay report server shutdown until all current reports have completed.
  • Support physical devices for RNA Conversion pipeline.
Fixes
  • PCI Self Service:
    • Passing and Failed vulns are mixed when sorting by severity.
    • Components for 3b notes are maintained and displayed when not required.
    • ASV Scan Vulnerability Details report is consolidating vulnerabilities that are not the same.
    • ASV Scan Report Summary's Exceptions column needs to be on the same row as corresponding columns.
  • Correct the Agents CSV Export report errors.
  • Japanese translation error in Appendix D False Positive statement.
  • Scan Groups "+ Add Scan" disabled in WAS App when "Auto Generate WAS Scans" is enabled.
  • Custom path manually added pagevulns not carried forward in AV.
  • Shared user role not available to use for new accounts created in nested account tree.
  • WAS Scan Template Tuning Policies always shows default policy.

December 2023

Version 6.5.8.1

December 18, 2023

Enhancements
  • This version of Frontline Vulnerability Manager introduces various bug fixes and enhancements to improve overall usability and quality.
Fixes
  • PCI Self Service:
    • PCI Compliance report failing with accepted dispute for WAS URL Redirection vulnerability.
    • PCI Compliance report not displaying ad-hoc hostname targets.

August 2023

Version 6.5.6.0

August 30, 2023

New Features
  • This version of Frontline Web Application Scanner introduces several enhancements for the PCI Self Service feature
  • Initial Support for RNA Upgrade Pipeline to Install Ubuntu 20.04
Enhancements
  • PCI Self Service:
    • Scan Groups now support dynamic auto-creation of WAS scans from VM scans that detect webservers
    • Support file attachments for PCI Disputes
    • Support assignment of PCI disputes to selected PCI analyst
    • System generated WAS Audit policy created for PCI Compliance Scans
    • Enforce PCI workflow parameters in scans created for Scan Groups with applied settings
    • New notifications added to ensure assigned PCI analyst is notified whenever a dispute comment is made
    • New PCI Vulnerabilities CSV Export report
    • Generate PCI Compliance Reports sections as reports and ZIP
Fixes
  • PCI Self Service:
    • Disable ability to dispute on scans older than 90 days
    • Revert to original vuln status when disputes sent back to pending
    • Revert status (Pass or Fail) on expired disputes when rescanned
    • Set dispute expiration to end of quarter
    • Prevent PCI Compliance Report for only WAS scans
    • Correctly note WAS webapps not found during scan in section 4c of PCI Compliance Report
    • PCI Compliance Report Scan Summary part 3b needs to show most recent note
  • Scan Groups:
    • New Scan Group button forwards to link with query information on url
    • Sorting by "Next Period Start" sort does not sort correctly
  • Intermittent failures recrypting scanner credentials
  • Scans attempting to launch on artificial RNAs error out immediately

July 2023

Version 6.5.5.2

July 7, 2023

Enhancements
  • One-Time Scans: Add OTS configuration for IBM i DDM Service Unauthenticated RCE One-Time Scan
Fixes
  • One-Time Scans: Updated verbiage for consistency and grammatical correctness
  • PCI Self-Service: Fix the incorrectly filtered global view of the PCI dispute list
  • Multi-scan reports potentially error from setting value on incorrect field

May 2023

Version 6.5.4.1

May 31, 2023

Fixes
  • PCI Compliance Reports marked incorrectly as "Failing"
Version 6.5.4.0

May 31, 2023

New Features
  • Linux Agent Support
Enhancements
  • PCI Self Service: Update our PCI ASV number and POC in PCI Compliance Report
  • PCI Self Service: Support PCI reporting on undetected hosts
  • Add "status" support for completed Scan Group runs to Scan Group Template controller / page
Fixes
  • Update package dependency versions
  • Fix max CVSS scores displayed in the Vulnerability Dictionary
  • Miscellaneous filters
  • WAS vuln assessment workflow unavailable on accounts with on the Web Application Scanning subscription
  • Console Error when resetting password

April 2023

Version 6.5.2.5

April 7, 2023

Enhancements
  • Internal improvements for tracking metrics and maintaining stability in Frontline.
Version 6.5.2.4

April 3, 2023

Enhancements
  • Internal improvements for tracking metrics and maintaining stability in Frontline.

March 2023

Version 6.5.2.3

March 17, 2023

Enhancements
  • Allow scoping PCI multi-scan reports by specific quarters as windows to query selectable scans.
Fixes
  • Fix asset matching functions in multi-scan reports and provide report option to opt-out.
  • Dates displayed in the interface are not reflecting DST timezone offset.
  • Japanese translated report cover page displays broken HTML.
  • Theme files on report generating task workers aren't always in sync as expected.
  • Business groups incorrectly being associated to AV hosts outside of AV window on insert.
Version 6.5.2.2

March 3, 2023

Enhancements
  • Japanese exception list for translation service.
  • Allow the instant translation service to handle HTML document.
Fixes
  • Themed reports are not working; consistently falling back to the default theme.
  • Theme data cannot be viewed in the UI.
  • PCI Self Service: All items from WAS scan not showing up in PCI compliance report using multi scan.
  • PCI Self Service: 3B items that are changed are not showing the most recent entry in compliance reports.
  • Multi-process functions from stats gerneation are exceeding task worker resource capacities.
  • Hide PCI / PT workflows in WAS when no sub.
  • Add 'Max webapp count' field to 'Web Application PCI Compliance Scanning'.
  • Restricted accounts display partial menus when engaged by Global Admin.
  • Partial scan results are no longer displayed when a WAS scan is errored.
  • Console error opening Scanner Profile detail page.
  • WAPT Subscription - icon missing and moved to bottom of list.
  • Incorrect resource ACL inheritance from Business Groups of Scan Source.
  • Scanner-side update to set WAS scan blocks to 'completed' are causing scans to complete without reconciling.
  • VM insert error from saving JSON object with null byte value in it.

February 2023

Version 6.5.2.1

February 22, 2023

New Features
  • This version include Windows 11 CIS Benchmark checks.
Enhancements
  • Improve scan execution efficiency in SPARKS.
  • Add PCI workflow backend support to WAS.
  • Create dedicated app server type for external users.
  • Add AWS instant translation to translation service.
  • PCI Self Service: Create a CRON to remove old validated disputed_accepted vulns.
  • Create new WAS Tuning Policy for PCI.
  • PCI Disputes should trigger notifications to analysts.
  • Improve logging in the RNA activation controller.
  • Use caching to improve account ownership functions.
  • PCI Self Service: Add ability in PCI tabs to remove a dispute.
  • PCI Self Service: When an official report is created and sent in review all PCI analysts are notified.
  • PCI Self Service: Add sorting/filtering for 3B notes.
  • Enable Windows 11 CIS reports in Frontline.
  • Create standard PCI WAS scanning policy.
Fixes
  • Performance fixes for stats generation.
  • Fix PCI Tab default sorting.
  • Fix Recurring Reports that run on different days. Only the most recent report appears to be available.
  • Creating multi-scan VM / WAS Compliance Report includes All Active View.
  • Trigger reconciliation of WAS scan where scan is marked completed, but has not reconciled.
  • PCI Self Service: PCI dispute page not displaying UI control for individual line items.
  • PCI Self Service: UI elements to Accept or Reject a PCI Dispute are present for a MSP Global Admin.
  • PCI Self Service: PCI Scans Show Analysis tab when managed workflow is not being used.
  • PCI Self Service: When hostname scanning the IP Address that the hostname is being resolved to is brought forth when attesting.
  • Fix VM scan results PCI tab to allow re-dispute.
  • Show Customer svope in PCI Attestation.
  • VM scan links have a value appended to them.
  • Spelling error in WAS > PCI tab > Dispute button.

January 2023

Version 6.5.1.9

January 27, 2023

Enhancements
  • Added a new command in RNA utils to grab scan status from RNAs.
Fixes
  • PCI Self Service: Reports - Assets with different IPs and same DNS Name is not being reported.
  • Error generating Language localization Reports with size that exceeds the limit.
  • Creating new Business Groups will not allow assigning Group Members.

December 2022

Version 6.5.1.5

December 22, 2022

Enhancements
  • PCI Self Service: Send notifications on disputed approved/denied.
  • PCI Self Service: Provide a way to override PCI Vulnerability instances.
  • PCI Self Service: Hide PCI related notes from Vuln instance expanded row on Results vulns tab.
  • PCI Self Service: Unhide override pass tools.
  • PCI Self Service: Add filter for 3B/disputes.
  • PCI Self Service: Use Hostname from Scan Template in reports for VM Scans.
Fixes

  • PCI Self Service: If a vulnerability is discovered on both a VM and WAS scan, the PCI Compliance report incorrectly puts the WAS dispute note on the VM vulnerabiliy.

  • PCI Self Service: Dispute Page - Scan Type is blank for VM and WAS vulnerabilities.

  • PCI Self Service: PCI Compliance report formatting issue.

  • PCI Self Service: No report data source displayed for PCI Compliance Reports.

  • PCI Self Service: Hide PCI tab in Container and Agent Scans.

  • PCI Self Service: Additional PCI dispute comments are not showing on Dispute Management Page.

  • PCI Self Service: PCI Dispute Page does not show override value.

  • PCI Self Service: Hide Update PCI Value button unless permission is granted.

  • PCI Self Service: Require 3B Documentation value always set to off when editing vuln dictionary.

  • PCI Self Service: Part 3 Component Compliance summary can fail to list some passing components.

Version 6.5.1.4

December 17, 2022

Enhancements
  • PCI Self Service: Add additional infromation for WAS in vuln details in the Vulnerability details section of the PCI Compliance Report.
  • PCI Self Service: Add out-of-scope items in the PCI Compliance Report.
  • PCI Self Service: Users should be able to re-dispute a culn where previous dispute is rejected.
  • PCI Self Service: Provide a way to allow customers to enter Out-of-Scope Components.
  • PCI Self Service: Provide a way to override PCI Vulnerability Instances.
  • PCI Self Service: Make PCI Component editable in vulndictionary.
  • PCI Self Service: PCI Reports available on WAS new scan template.
  • PCI Self Service: Remove attestation for uncertified PCI Compliance Report.
Fixes

  • PCI Self Service: Include the IPs that were added in the additional required pop-up for Part 4A in PCI Compliance Report.

  • PCI Self Service: Error attempting to add a 3B note as a client account admin.

  • PCI Self Service: Error attempting to Dispute a WAS Vuln.

  • Fix Vuln dictionary CVSSv2 and CVSSv3 incorrect info.

  • PCI Self Service: Error attempting to add a comment to a disputed vuln that had a comment deleted.

  • PCI Self Service: Client cannot re-dispute vulns with rejected vuln disputes.

  • PCI Self Service: Filter PCI Compliance report out of Report template list when an Agent or Container scan is selected as the scan source.

  • PCI Self Service: Add additional information requested for section A4 and Part 3B.

  • PCI Self Service: Remove dispute modal display button that reads 'Dispute'.

Version 6.5.1.3

December 14, 2022

Enhancements
  • PCI Self Service: Add option to send to the official certification workflow.
  • PCI Self Service: Removed Unofficial from PCI Reports.
  • PCI Self Service: Add more WAS details in our PCI Compliance Report.
  • PCI Self Service: Add new permission for PCI Analyst.
  • PCI Self Service: Allow users to move a pending Dispute back to Undisputed.
  • PCI Self Service: Support scan name filtering on /disputedvulns endpoint.
  • PCI Self Service: Add controls for analyst override of PCI values.
  • PCI Self Service: Add PCI Required Remediation report to multi-scans.
  • PCI Self Service: Add Attestation date to A4 of the Attestation of Compliance in PCI Compliance Report.
  • PCI Self Service: Update report "Officially certified" toggle to use Modal
Fixes

  • PCI Self Service: Unable to dispute a vulnerability as a client account admin.

  • PCI Self Service: Report erroring on hidden dictionary entries.

  • PCI Self Service: Include Resolved toggle does not display as active or not until page refreshed.

  • PCI Self Service: Electing to dispute multiple VM scan vulnerabilities fails - no vulns displayed as being Disputed.

Version 6.5.1.2

December 10, 2022

Enhancements
  • PCI Self Service: Capture analyst overrides for various PCI items
  • PCI Self Service: Allow MSPs to view Disputed List Page
  • PCI Self Service: PCI Tab add 3B note status badge in PCI Tab
  • PCI Self Service: Add PCI assessment administration permissions
  • PCI Self Service: Add link to PCI Disputes page
  • PCI Self Service: Show 3B notes on vuln row in Scan Results tabs
Fixes
  • PCI Self Service: Accepted vulns still showing as Failing in PCI Reports
  • PCI Self Service: PCI Compliance reports errors with multiple accounts

June 2022

Version 6.4.4.0

June 11, 2022

New Features
  • Edge Network support increases the scalability and responsiveness of our scanning communication network.
  • Implementation of Business Groups.
  • Reports enhancements with support for scheduled and emailed reports.
  • Added a Global Vulnerability Search for MSP accounts.
Enhancements
  • Business Group Column in active view display (Ticket 18151).
  • Auth Scan Config: Add a "Test Your Config" button (Ticket 20422).

  • Dynamic Labels used as Rules for Business Groups (Ticket 18019).

  • Preserve access to historical scans / reports after Business Group access levels change (Ticket 20046).

  • Report Scheduler (Ticket 17363 and 1456).

  • Vulnerability Age Report (Ticket 17601).

  • Added the ability to save report filters for future use (Ticket 19099 and 1457).

  • Included an Authenticated Creds Test button (Ticket 19473).

  • Enterprise Admin Group able to view other groups dashboard (Ticket 19635).

  • Custom Report Templates - Data Filters (Ticket 20275).

  • Change how we manage IP restrictions for Business Groups (Ticket 22207).

  • Custom email lists for scanning notifications (Ticket 22633).

  • Added the ability to enable recurring reports (Ticket 23319).

  • Made Scan Description variable visible in UI (Ticket 23827).

  • Fulfilled request for NVD Reporting Functionality (Ticket 24517).

  • Choose what reports automatically generate after a scan (Ticket 24885).

  • Sending reports (Ticket 25073).

  • Added Business Group column to Scanners page (Ticket 18553).

  • Added support for a Microsoft patches only report (Ticket 1831).

  • Auth Scan / Credential PDF Detailed Status Report (Ticket 1094).

  • Add support for emailing reports to users (Ticket 1514).

Fixes

  • Fixed subject for some automated emails to match email content (Ticket 25212).

  • Updating Business Group shows IPs as not associated to Scanner Profile (Ticket 24695).

  • Email headers do not match email content (Ticket 25212 and 25289).

  • Graphs & Trending - "Asset Rating Counts" not displayed in DDI Asset Rating colors (Ticket 658).

  • Asset Rating not viewable with NVD/PCI (Ticket 1072).

  • Executive Summary Report does not respect NVD/PCI options (Ticket 1082).

  • Input fields for AV Window Size and SLA Days are active (Ticket 1323).

  • AV Summary incorrectly processes non-default options (Ticket 1369).

  • CIS CSV Export defaulting to PDF format (Ticket 1486).

  • Several filters have multiple entries in the Vuln Dictionary and Vuln Trend filter sets (Ticket 1502).

  • Clicking on 'Vuln Definition' on scan results causes loading the accounts page removes the active context and takes to the account page (Ticket 1548).

  • Vulnerabilities have multiple unique instances in agent scans (Ticket 1658).

  • Spelling error in DB/OS Tooltip (Ticket 1725).

  • Unable to delete manually added labels to Assets (or Vulnerabilities) (Ticket 1822).

April 2022

Version 6.4.3.4

April 22, 2022

Fixes
  • Fix incorrect vulnerability count when using asset labels.

March 2022

Version 6.4.3.3

March 2, 2022

Fixes
  • Increase logs disk size to 180Gb.

January 2022

Version 6.4.3.2

January 26, 2022

Enhancements
  • Moved additional logs into Loki logging subsystem for Frontline.Cloud.
Fixes
  • Corrected failure of some cases related to deleted user roles in Managed Account Users CSV Export.
  • Fixed the automatic spin down of Trial accounts on TryFrotnline.Cloud shortly after creation.
  • Fixed missing owner filed in CSV export of Managed Accounts Security GPAs.
  • Fixed spelling error in "Approved management access request user" filter.
  • Removed Test Credentials button from Credential management pages.
Version 6.4.3.1

January 19, 2022

Fixes
  • Fixed Asset and Scanner Profile IP address "is (or)" and "is not (or)" filtering that did not work properly.
  • Multiple fixes to Frontline TAP threat intelligence feed processing for Threat Rank.
  • Frontline.Cloud infrastructure fixes related to expiring certificates.
Version 6.4.3.0

January 12, 2022

New Features

  • Introduced comprehensive authenticated scan status and credential validity management.

    • See the success or failure of authenticated scans at all levels of scan results and reports.

    • Identify which credentials were used in each scan and if they are valid or not.

  • Added a comprehensive suite of management reports targeted specifically for MSPs.

    • Includes CSV reports, PDF reports and email alerts.

    • Manage customer base and understand usage and trends.

Enhancements

  • Added ability to search for vulnerabilities by authentication method (Bug 25256).

  • Added ability to supply custom trending intervals for reports (Bug 20480).

  • Added delay-time-period before automatically spinning down Trial accounts (Bug 25048).

  • Added support to filter scan results by a list of CVEs (Bug 23333).

  • Changed default RNA Access Request time to be 8 hours.

  • Deprecated Oracle Image Virtual RNA download.

  • Included authenticated scan status within reports (Bug 24978).

  • Introduced Asset Rating Trends Report.

  • Introduced SSL Certificates Report.

  • Introduced report review workflow into Frontline.Cloud (Bug 20672).

  • Introduced scoped credentials for authenticated scanning (Bug 24886).

  • Allow Trial account options to be set during Trial account creation.

  • Removed per-account limits for Virtual RNA appliance tokens.

  • Replaced Digital Defense, Inc with Digital Defense by HelpSystems.

  • Display authentication detect method on-hover for vulnerabilities (Bug 23369).

  • Improved support for NVD / PCI rating schemes within Frontline.Cloud (Bug 23934, 25071)

  • Introduced suite of MSP / Super account management reports (Bug 24793, 20040, 20517)

  • Replaced logo with favicon for themes list.

  • Implemented various infrastructure improvements and security updates.

Fixes

  • Removed rounding for Active Risk Score in some locations within Frontline UI and reports.

  • Fixed the incorrect inclusion of tag with Container scanning license when calculating usage.

  • Fixed Core Impact scan exports that could not be filtered by date range.

  • Corrected the mistake allowing the Credential PGP cipher text.

  • Fixed dysfunctional filtering on Frontline Agent list page.

  • Fixed IP Address filter that did not properly respect quoted search terms (Bug 25297).

  • Fixed slow speed on Manage RNAs list page.

  • Broken links to help pages on new account dashboard are resolved (Bug 24931)

  • Fixed performance for statistics object management.

  • Corrected body text on RNA Access Approved email.

  • Populated data in reports based on container scans.

  • Fixed error in scan insertion when ping-type is not defined (Bug 25011)

  • Fixed report options that are not displayed in the report's options appendix.

  • Updated super account usage metrics in instances of error.

  • Allowed additional groupings for Threat Landscape reports.

  • Corrected inability to upgrade Trial accounts to General accounts (Bug 25253, 25060).

  • Fixed various bugs for reports including grammar, spelling, and style fixes.

  • Fixed Virtual RNAs that could not be downloaded on TryFrontline.Cloud due to trade.gov API changes (Bug 25299).

Back to Fortra Products