VulnDetect

Tom

It seems that the Flexera guys didn't like that we, as a new user, posted about the VulnDetect project, despite them discontinuing the beloved Secunia PSI.

We would very much appreciate if you would gently the spread the word and a few links to vulndetect.org / https://vulndetect.com/?1, it is much needed, so we have a lot of testers once the alpha is ready.

We also feel that it is important to invite all the PSI forum users to come here and join the VulnDetect forum.

We are also very open to creating new Categories and Sub-categories here, where different, related subjects can be discussed and provide moderator privileges to those who want to contribute.

/Tom

Tom

group multiple instances of a vulnerable program in the listing and allow me to expand that section when I want

Suggested by @CTaylor

Tom

Nitro PDF Reader and Nitro Pro has been added.

You should note that version 5 went End-of-Life long ago and should be considered insecure.

Tom

This thread is a summary of all user contributed suggestions that were posted in this forums.
It will be updated with links to new suggestions and also reflect the status of suggestions.

Please make one new thread for each feature suggestion were other users can vote and discuss about the suggested features.
Thank you for sharing your ideas!

Notes:

At the time of writing (May 2018) the SecTeer Personal CARMA is only in Tech Preview. A beta version is not due before late 2018.
Inclusion on this list does not imply that we will implement it, nor does it indicate any sort of priority.
We may rewrite suggestions (titles) to fit with the terminology that we intend to use or to fit how we believe that feature should be designed.

List of Applications:

Configuration:

Local Agent / app:

Application detection:

Other:

Business Users:

Tom

Hi,

With this post, I’d like to encourage everybody to share and discuss their views on subjects related to IT-security and privacy.

One thing that I personally have spent a lot of time refining over the past years, is my handling of the ever increasing number of services and apps that I rely on, and the credentials used to authenticate with these.

I don’t believe that I have the perfect solution, if such a thing ever will exist. However, I’ve aimed for a reasonable compromise between usability and security. Too often, the two don’t go well hand-in-hand, but I am growing increasingly pleased with my own little semi-homegrown solution.

But before we go on to that, I want to ask you, if you ever checked whether your credentials were exposed somewhere online?

One good site to check this is (feel free to suggest others):
https://haveibeenpwned.com/

The intentions behind the site seems legit and genuine, the guy behind it is Troy Hunt.

One of my email addresses is currently listed as breached from 3 well known sites.

Fortunately, I’ve never used any of these three services for anything I deem sensitive, nor did I reuse my credentials, so I am pretty sure that the risk of this having any further impact on me, is very limited.

One easy way to avoid reusing credentials is to let your browser remember usernames and passwords for the sites you visit.

Personally, I HATE that concept.

Why do I hate this?

Well, I like technology, and I like to be free. If I use one browser to store my credentials, then I am stuck, at least with the browser, perhaps even with both the Operating System and the browser.

Yes, I do know that most browsers are so nice and offer to share your settings (and credentials) between devices, and today you can even get Edge for Android, Firefox and Chrome (Chromium) is on all platforms I use, so is Opera. Yet, I would risk being stuck with one browser or having to import / export between them. No fun.

Also, what is the most exposed piece of software on your rig or device? The browser! So not a particularly good place to store all your sensitive passwords IMHO.

So, what’s the solution then?

Well, I don’t know what will work for you. But I chose, years ago, to go with a simple old school password manager.

The one I chose, stores all usernames, URL’s, passwords, comments, and even files, encrypted. It’s Keepass 2 or KeePassXC, depending on the platform I use.

There is a bunch of plugins and stuff you can use, to make it run on other platforms or integrate with your favorite browser(s). Personally, I use the plain vanilla editions of the two, with no additional tools.

Because of the encryption, utilized by KeePass, I feel fairly safe, even though I actually share my password database between all my platforms via a (public) cloud drive service.

I will not go into which cloud drive service is better for this purpose, and you may have to play around to find the one that suits your needs best, as not all cloud drives behave equally well, on all devices.

One thing you need to ensure, is that the cloud drive is fast at recognizing changes to the password database and sync it with the cloud.

I’d like to stress one little annoying thing, when it comes to syncing between devices, sometimes you may find that updating on one device overwrites the changes made by another device, if you didn’t load the latest version, before adding a new set of credentials.

I “solved” this, in a reasonably neat way, using a feature in KeePass 2, called “Synchronize” -> “Synchronize with File”. This allows merging / synchronizing two password databases (that share the same password / keyfile).

To support this, I have the following structure of files:
• MyMasterPasswordDatabase.kdbx
• LaptopPasswordDatabase.kdbx
• HomeRIGPasswordDatabase.kdbx
• TabletPasswordDatabase.kdbx

In other words, I have one database file for each device. This ensures that I never accidentally overwrite changes made on another system. The only thing you need to remember, is to close the password database, when you stop using a device, but that ought to be part of your best practices anyway, no need to let all those passwords float unencrypted in memory, when it isn’t needed.

Occasionally, I will open the “master” file and sync it with all the other files. Practically, this ends up being something I do once or twice a week.

Note, you need to sync all of them twice. This way all changes from each file is stored in the master and in turn the changes made in the master is stored in the other files. This operation only takes a few seconds.

At this point I manage a total of more than 500 sets of credentials. I reckon that around 80-100 are used more or less frequently, the remainder may be purely historical and could probably be deleted, however, given the structure and search features of KeePass, I don’t really feel a need to tidy the contents of my database. And sometimes you happen to revisit a service that you haven’t used for years and then it is a great feeling to still have the credentials.

For most people, this may seem tedious and troublesome at first, but I find this much better, and more convenient, than having a few fixed credentials that I use everywhere or keeping a spreadsheet or other insecure document with credentials.

Currently, I remember about 10 sets of credentials, this includes PIN codes, phone screen lock, system passwords, KeePass password, and a few more. These are never stored in my KeePass, because I use them so frequently (that I easily remember them) and I need them to access the systems where I store my KeePass file(s). But the remaining, around 500, they are safely and conveniently stored in my KeePass.

Once you get going with your password manager, then remember to play with the short cuts, you will find that getting the credentials using autotype and similar features is very convenient.

A few extra tips for added security

The default setup is probably good enough for most, and “perfectly” safe, as long as the password you use for your KeePass is unique and fairly strong.

However, I also chose to add the security of a “Key file / provider”. This is a “secret” file, which you need to keep safe and far away from your cloud drive.

My “Key file” has never been on any public system, nor has it been sent via any network. It has only been transferred from device to device using an (encrypted) USB stick. But be aware, if you lose this file, then you will NEVER be able to access your password database again, so this measure is not for the faint of heart.

Another thing I did, was to change the “Key transformation” and increase the number of “Iterations”. This basically means that your password is “hashed” X number of times, before it is used to unlock the master key for the database. The larger the number, the harder it is to brute force your password, but be aware, that if the number is too high, then it will take a long time to open your database. In my opinion, any number that allows the transformation to happen in less than a second is acceptable. In other words, this allows you to have a shorter and more simple password for your database. My password is more than 20 characters long, which may be slightly exaggerated.

Oh, one last thing, DO NOT USE the “Windows user account” option for unlocking. Read the fine warnings to learn why. No matter how convenient or tempting this may sound, then it is only good and useful in enterprise environments or if you are an expert in Windows networking.

I’d love to hear how you deal with your credentials, feel free to comment and suggest alternative approaches.

Tom

LibreOffice has been added. It has been added as one product, since the vendor doesn't seem to support the individual apps with individual updates.

Tom

The agent already has support for this. How we display this, is decided in each rule. Thus, we may treat this independently for each program, but it seems most likely, that we will report individually, since most programs require separate updates for 32 and 64-bit versions.
It is something that we will pay attention to and if you see errors in the results, then it should be reported individually for each program.

Tom

@ted OK, this explains, the agent did not yet do an inspection. With the current schedule it will take 10 hours.
Btw. you may want to delete / modify the picture / comment, since it displays your IP.

Tom

At this point, we believe that we have developed approx. 80% of the core functionality, this includes:

Binary to collect data on the client system
Scheduling of the binary
Data collection and parsing from the binary
Authentication and account management
Backend for curating data about software and vulnerabilities
Infrastructure

ToDo:

Processing of the collected data / matching with the curated data
UI
Optimisation and testing of the binary
Curating data

And loads of more stuff, but first we need to finish the above and get an alpha version out to you.

/Tom

Tom

This is detected because it also is an independent program, which you may download and install.
We will not detect system components that are not accessible as standalone programs.
But I suppose we need to add OpenSSH to the list of products that needs contextual rules, so only the user managed versions will be reported and not the one managed by Windows.
Thank you for highlighting this.

Tom

Pre-2020 release history (due to post length limitation).

SCHME: v1.11.2 2019-12-18

Allow settings product name and title from ops.

VulnDetect backend: v1.6.2 2019-12-11

Improve error handling in the admin part to allow for better error messages in the admin UI.
Pass inspection scope to SCHME.
Minor bugfixes.

VulnDetect backend: v1.6.1 2019-12-10

Improve CAM account permission testing when accessing customer information.
Fix issue with deleting customers.
Refactoring of the login and registration code.

VulnDetect backend: v1.6.0 2019-12-06

Add a permissions system for SPID and CAM accounts and CAM groups to allow for a role-based permission system when accessing customer information.

VulnDetect backend: v1.5.1 2019-11-25

Add capability to define a default group for new agents, to automatically group them by setting installer options and by associating an install-token with a group.

VulnDetect backend: v1.5.0 2019-11-19

Update authentication and session handling to improve isolation and allow simultaneous logins to different services, and potentially the same services across different server instances (prod, test, dev').
Remove some dependencies that were made redundant.

SCHME: v1.11.1 2019-11-19

Post-package inspections should not create new package upgrade tasks.

VulnDetect backend: v1.4.1 2019-11-11

Fix issue with agent taks reporting.

VulnDetect backend: v1.4.0 2019-11-11

Add support for targeted inspections and dynamically generated inspection rules.
Add support for task priorities and exclusive tasks.
Miscellaneous refactoring changes.
Miscellaneous enhancements to internal maintenance tools.
Update dependencies after audit.

VulnDetect backend: v1.3.3 2019-10-18

Minor update to internal maintenance tools.

VulnDetect backend: v1.3.2 2019-10-16

Add support for agent diagnostic tasks.
Update inspection rules with log verbosity and new registry rules.
Show applications matched by testing and internal rules in the UI where appropriate.
Minor updates to internal maintenance tools.

SCHME: v1.10.2 2019-10-16

Insert results into CSDB in chunks to avoid database errors with too many placeholders.
Log retries due to database deadlocks.
In package results, relate install-provider tasks to choco, rather than the package being installed.

Personal: v0.13.0 2019-10-14

Miscellaneous minor improvements.
Update dependencies after audit.

Corporate: v1.4.0 2019-10-14

Miscellaneous minor enhancements.
Update dependencies after audit.

VulnDetect backend: v1.3.1 2019-10-14

Fix issue in agent api.

VulnDetect backend: v1.3.0 2019-10-14

Add better processing of computer names from agent in order to automatically group agents according to Active Directory groups.
CSDB Migration related to computer names and automatically grouping agents.

SCHME: v1.10.1 2019-10-14

Fix crash in schme on invalid Vpf-Approvals.

SCHME: v1.10.0 2019-10-14

Update to support agent name related csdb migration in CARMA.

VulnDetect backend: v1.2.7 2019-10-01

Create task database entries required for report generation for new customers.

VulnDetect backend: v1.2.6 2019-09-30

Turn on report generation by default for new customers.

SCHME: v1.9.4 2019-09-27

Fix issue with the 'testing' account setting not applying correctly.
Add resultUuid to application result to link them to specific inspection processings, and to link update tasks to inspections.
Remove unused caching mechanism which isn't compatible with node 12.
Fix tests to work in both node 8 and 12.

VulnDetect backend: v1.2.5 2019-09-19

Fix incorrect count of updates in dashboard.

VulnDetect backend: v1.2.4 2019-09-17

Fix minor issue with internal tool.

VulnDetect backend: v1.2.3 2019-09-17

Minor Wuzhi-related changes to maintenance tools.

VulnDetect backend: v1.2.2 2019-09-12

Replace customer demo mode with trial mode.
Add migration for Wuzhi release.
Update internal maintenance tool to perform tasks related to Wuzhi.
Update internal libraries.
Miscellaneous minor fixes.
Miscellaneous updates to development environment and coding style.

SCHME: v1.9.3 2019-09-12

Miscellaneous minor fixes.
Miscellaneous updates to development environment and coding style.
Update internal libraries.

VulnDetect backend: v1.2.1 2019-08-20

Hide applications flagged as libraries in the corporate application results.

SCHME: v1.9.2 2019-08-20

Fix issue which caused update tasks to be created even when the update was not required.

SCHME: v1.9.1 2019-08-20

Fix issue which caused updates to apply even when marked as not required.
Update dependencies after audit.

SCHME: v1.9.0 2019-08-20

Add support for the library flag and regression flag in vpfs.
Implement the ..* operator in path matching bundle specifications.
Change the ** operator to match 0 or more directories in path matching bundle specifications.
Add a notification queue to rabbitMQ to send notifications about matches.
Send notification about inspections with applications that are libraries but not bundled.

SCHME: v1.8.0 2019-08-12

Add special schme mode for big inspections.

SCHME: v1.7.3 2019-08-09

Fix duplicate-file issue with mongoDB-to-S3 tool.

SCHME: v1.7.2 2019-08-09

Add tool to copy inspection data from mongoDB to S3.

SCHME: v1.7.1 2019-08-08

Fix issue with auto-approved tasks not superseding existing unapproved tasks.

SCHME: v1.7.0 2019-08-08

Add support for fetching inspections from s3, via the fileService.
Expand the relevant database field to support the s3 path.
Sort channel ids when inserting into channel-agent-xref table to try to avoid deadlocks.
Add code to retry certain transactions that fail due to deadlock detection.
Add --trace-warnings flag to node command-line to better locate unhandled promise rejections.

VulnDetect backend: v1.2.0 2019-08-08

Add support for using S3 file service as a data storage to pass large amounts of data between services.
Update dependencies after audit.

VulnDetect backend: v1.1.3 2019-07-18

Fix issue with reporting tasks to the Schme

VulnDetect backend: v1.1.2 2019-07-18

Add ability to send messages to the Schme through the cli-tool.

VulnDetect backend: v1.1.1 2019-07-17

Fix minor issue with logging package task results.

SCHME: v1.6.13 2019-07-17

Add message and error properties to choco output tables.

SCHME: v1.6.12 2019-07-16

Add pkg_* tables to record choco package results,
Report package results in the CR and receive reports in messages from Carma.

Corporate: v1.3.0 2019-07-16

Implement Hosts Trash to allow two-step deletion of hosts. Hosts are moved to the trash in the Hosts page, and the trash itself is shown and managed in the Configuration page.
Replace the two check-in columns in the Hosts page with a single status icon column.
Join the two Move-to-Group buttons in the Hosts page and instead split the modal group dialog into two tabs.
Update dependencies after audit.

VulnDetect backend: v1.1.0 2019-07-16

Add endpoints to enable, disable and delete multiple agents, to support the Hosts Trash in the UI.
Send list of disabled hosts with configuration to suppor the Hosts Trash in the UI.
Disable demo mode by default for new customers.
Report upgrade package task results to the Schme.
Add the ability to erase group approvals to the internal management tools.

Corporate: v1.2.6 2019-07-10

Fix issue with csv export in Patching Activity page when filters were active.

Corporate: v1.2.5 2019-07-10

Add support for automatic approvals.
Add csv export button to Patching Activity page.

SCHME: v1.6.11 2019-07-10

Add support for automatic approvals.

VulnDetect backend: v1.0.24 2019-07-10

Add support for automatic approvals.

SCHME: v1.6.11 2019-07-10

Add support for automatic approvals.

VulnDetect backend: v1.0.24 2019-07-10

Add support for automatic approvals.

Corporate: v1.2.6 2019-07-10

Fix issue with csv export in Patching Activity page when filters were active.

Corporate: v1.2.5 2019-07-10

Add support for automatic approvals.
Add csv export button to Patching Activity page.

Personal: v0.12.0 2019-06-17

Add 'Inspect Now' button to the Applications page.
Add row expansion indicator to the Applications page.
Add icon to indicate which applications have bundled other applications.
Add icons to all buttons and consolidate their appearance.

VulnDetect backend: v1.0.23 2019-06-17

Add 'Inspect Now' endpoint for personal users.
Minor updates to internal maintenance tools.
Fix tests.

SCHME: v1.6.10 2019-06-13

Avoid circular bundle relationships.
Add architecture bundle tests, and a flag to allow skipping the self-test for a bundle specification.
Extend internal comment field on file entries.

VulnDetect backend: v1.0.22 2019-06-12

Fix regression in Activity endpoints.

VulnDetect backend: v1.0.21 2019-06-11

Add endpoints to enable 'Inspect Now' functionality.
Filter out uninteresting activity events by default, to make the Activity page in the corporate UI more useful.
Miscellaneous enhancements to internal support and maintenance tools.
Update dependencies after audit.

SCHME: v1.6.9 2019-06-03

Fix issue with the handling of tasks and events when agents are disabled or deleted.
Change bundling path specification so that .\ or ..\ is required for specifying relative paths. This allows wildcards to be used at the front of the path spec to match any drive.

VulnDetect backend: v1.0.20 2019-05-28

Add owner and status fields to customer model and export those through the admin endpoints.
Implement the (soft) deletion of customers through admin endpoints, and add this to the cli-tool.

VulnDetect backend: v1.0.19 2019-05-27

Add support for installing agents using install-tokens.

VulnDetect backend: v1.0.18 2019-05-16

Revert chocolatey back to version 0.10.13, since that wasn't the issue with the agents.
Tweak cli support tool.

VulnDetect backend: v1.0.17 2019-05-15

Host chocolatey ourselves to avoid rate-limiting by external servers

SCHME: v1.6.8 2019-05-14

Fix issue with channel evaluation of generic rules.

SCHME: v1.6.7 2019-05-07

Sort results before post-processing for consistency.
Add $cmd.softChannel op to make channel ops more useful.
Fix various issues with bundle evaluation.

VulnDetect backend: v1.0.16 2019-05-01

Save task changes with choco output to mongoDB for reference.

VulnDetect backend: v1.0.15 2019-04-30

Add more capabilities to the internal management tools, including the ability to enable/disable/delete agents.

VulnDetect backend: v1.0.14 2019-04-25

Miscellaneous feature updates and bug fixes for internal management tools.

Personal: v0.11.1 2019-04-08

Fix formatting issue in expanded product section in Chrome browsers.

Personal: v0.11.0 2019-04-04

Show bundled applications in the expanded section of an application.

VulnDetect backend: v1.0.13 2019-04-04

Apply 'internal' account setting when filtering applications in the personal applications endpoint.

VulnDetect backend: v1.0.12 2019-04-01

Fix issue with Activity page.

VulnDetect backend: v1.0.11 2019-03-26

Support the latest version of chocolatey and update the version that we install to that, choco version 0.10.13.
Update include library with changes that instruct the browser to not cache api endpoint responses.

VulnDetect backend: v1.0.10 2019-03-21

Add support for query parameters in the update events endpoint (patching activity).
Cleanup.

VulnDetect backend: v1.0.9 2019-03-16

Fix regression in some models.

VulnDetect backend: v1.0.8 2019-03-15

Filter out applications that have the Ignore flag set, which is set for bundled applications that should be ignored.

VulnDetect backend: v1.0.7 2019-03-07

Add csdb migration with columns for bundling.
Fix incorrect format in inspection rule timestamp.

VulnDetect backend: v1.0.6 2019-03-01

Add registry rules for MS Office 2013.
Fix issue which caused agent domain data to not be saved.

VulnDetect backend: v1.0.5 2019-02-21

Fix issues with fetching and updating group approvals.
Add more registry rules for MS Office entries and update the existing ones.

VulnDetect backend: v1.0.4 2019-02-19

Update registry rule for MS Office entries.

VulnDetect backend: v1.0.3 2019-02-18

Add registry rule for MS Office entries.
Improve logging on agent check-in.
Make database connection pooling more configurable.

VulnDetect backend: v1.0.2 2019-02-07

Update dependencies.
Miscellaneous improvements to the admin endpoints.

Corporate: v1.2.1 2019-01-31

Show detected language and architecture in expanded Application, when available.

Personal: v0.10.2 2018-01-31

Show detected language and architecture in expanded Application, when available.

VulnDetect backend: v1.0.1 2019-01-31

Fix issue with updates not displaying in VulnDetect - Personal.
Update email templates in VulnDetect - Corporate.

Corporate: v1.2.0 2019-01-25

Add pages for showing Approvals and managing them.

VulnDetect backend: v1.0.0 2019-01-25

Implement approvals for updates at a group level.

Corporate: v1.1.0 2019-01-15

Add support for creating groups, grouping hosts and viewing applications by group.

VulnDetect backend: v0.12.0 2019-01-15

Implement groups for hosts, group creation, editing, removal and populating with hosts.
Implement filtering of various endpoints by group.

VulnDetect login page: v0.9.5 2018-12-28

Improve the registration procedure and password reset pages to avoid dead ends in the UI.

VulnDetect backend: v0.11.2 2018-12-28

Fix issue with the local timezone not being applied when sending agents their next inspection time.
Increase the default inspection window from 6 hours to 10 hours.
Enable patching by default when creating new corporate accounts.
Improvements to internal account management and maintenance tools.

VulnDetect backend: v0.11.1 2018-12-21

Fix issue with approving agents to replace existing agents.

VulnDetect backend: v0.11.0 2018-12-20

Add patching/updating to personal VulnDetect.
Miscellaneous improvements to the registration process to make it more straight-forward.
Miscellaneous minor improvements.

VulnDetect backend: v0.10.0 2018-12-20

SecTeer VulnDetect - Personal (Beta)
Implement Patching in the Personal VulnDetect.
Remove the Patching/Updates preview components that were taken from the Corporate VulnDetect.

Personal: v0.10.1 2018-12-20

Update page title from alpha to beta

VulnDetect backend: v0.10.1 2018-12-05

Use axios in command-line admin tool.
Fix regression.

VulnDetect backend: v0.10.0 2018-12-04

Fix various minor coding style issues.
Update application dependencies to newer versions.
Miscellaneous enhancements additions to internal account management and maintenance tools, and to the development environment.

VulnDetect backend: v0.9.3 2018-11-20

Add Updates and Update Events endpoints.

Personal: v0.9.0 2018-11-20

Add Tech Preview of Patching/Updates. The UI part is taken from the Corporate VulnDetect and will be completely redone.

VulnDetect backend: v0.9.2 2018-11-19

Add new task states: Attempting and Skipped.
Prune repository submodules.

Personal: v0.8.7 2018-11-19

Hasher library is now an npm package, rather than a submodule.

SCHME: v1.3.0 2018-11-19

Add more complete processing of registry inspection data, allowing it to be used in package task generation.
Improve package task generation to use variables exported by ops to configuration packages.
Prune submodules from repository.
Add table for logging vpf modification events.
Fix issue with storing registry inspection data.

VulnDetect backend: v0.9.1 2018-11-08

Fix issue with agent check-ins in demo mode.
Create customer-settings data where it is missing, for the admin UI.

Personal: v0.8.6 2018-11-08

Fix issue with Configuration page when user has no agent.
Set relevant keywords in the page header.

VulnDetect backend: v0.9.0 2018-11-07

Clean up agent check-in and fix minor issues with check-ins when in demo mode.
Add endpoints for admin UI.

VulnDetect backend: v0.8.1 2018-11-05

Send tasks to agent checking in, in demo mode and default settings mode.
Cap the number of events sent by the API to 100.

Personal: v0.8.5 2018-11-05

Reject invalid DayOfWeek settings in Configuration page.

VulnDetect backend: v0.8.0 2018-11-02

Create corporate accounts in demo mode.
Add support for tasks and events, which are used in the patching part.
Various additions to the cli internal management tool.
Separate email templates for personal and corporate users.
Fix issue with last inspection time.
Other miscellaneous improvements and bugfixes.

Personal: v0.8.4 2018-11-02

Fix issue with Hour-of-Day of inspection schedule.
Show agent download link if an update is available - #165.

SCHME: v1.2.0 2018-11-02

Add support for pkg definitions in rules, and create tasks from them where appropriate.
Add support for events in the CSDB.
Miscellaneous small improvements and bugfixes

VulnDetect backend: v0.7.5 2018-10-17

Add single configuration endpoint - #142
Add cross corporate/personal security tests - #138
Add some querying admin endpoints
Add tool for handling CSDB migrations

Personal: v0.8.3 2018-10-17

Fetch configuration page as a single request - #142.
Fix issues with agent approval form submission - #77, #80, #86.

VulnDetect backend: v0.7.4 2018-10-04

Add inspection rules with the appropriate API endpoint
Change the format of inspection messages to the SCHME to remove credentials

Personal: v0.8.2 2018-10-04

Enlarge logo and add product name to header.
Remove buttons from the header that hides the sidebar.
Show the full logo when the sidebar is shrunk using the sidebar footer button.

SCHME: v1.1.5 2018-10-04

Update message structure to remove database info from mongoDB and messages.
Instead, look up the info by agent uuid, which is not potentially sensitive information.
Also, support messages with missing account and agent uuids, which then won't generate results for customers but are still useful for internal processing.
Move schme commands code to shared repo

VulnDetect backend: v0.7.3 2018-09-28

Release optimizations - reduce size of deployed package

SCHME: v1.1.4 2018-09-28

Release optimization - reduce size of deployed package

VulnDetect backend: v0.7.2 2018-09-25

Add Dashboard endpoint for corporate
Miscellaneous small changes

VulnDetect backend: v0.7.1 2018-09-18

Add persistent sessions, saved in MongoDB

Personal: v0.8.1 2018-09-18

Refactor code in Applications page, no visible changes.

SCHME: v1.1.3 2018-09-18

Implement proper authentication in MongoDB

VulnDetect backend: v0.7.0 2018-09-17

First release of SecTeer VulnDetect Alpha - Personal

Personal: v0.8.0 2018-09-11

Changed name to SecTeer VulnDetect Alpha.

SCHME: v1.1.2 2018-08-21

Fix missing version in inspection results
Rename column in vpf_channels for clarity
Move display.vilnReferences to stateRefs.vulnReferences

SCHME: v1.1.1 2018-08-15

Fix issue with vulnStatus in found-apps

SCHME: v1.1.0 2018-08-14

Change vuln-status enumeration values to 'Unknown', 'Ok' and 'Insecure'
Add new status flags: Untracked, Prerelease, EoL, Malicious, Suspicious, Testing, Internal, and rearrange them in the flags value
Add vpf-channels
Add registry lookup expression ops

SCHME: v1.0.3 2018-06-20

Minor changes to reduce memory usage.

VulnDetect backend: v0.4.2 2018-06-19

Fix issue in error handling in carma backend.
Add more information fields to found applications.

SCHME: v1.0.2 2018-06-19

Work on vpf products and rules. Implement vpf products with lookups as separate entities. This goes hand-in-hand with SPID work on creating and managing rules.

SCHME: v1.0.1 2018-05-24

Load rules from database, rather than files.
Add rule uuid and relevant flags to matched file entries, for SPID curators.

Personal: v0.7.2 2018-05-18

Fix issue which caused the Configuration page to sometimes be blank.

VulnDetect backend: v0.4.1.2 2018-05-14

Add ability to change or reset a user's password. Case #74.

Personal: v0.7.1.2 2018-05-14

Add ability to re-set a forgotten password: 'Forgot password?' link available via the login page. Case #74.
Add ability to change a user's password: 'Change password' option available under the Configuration page, for a logged in user. Case #74.

VulnDetect backend: v0.4.1.1 2018-05-10

milestone:"Personal Carma Tech Preview Update 1"
Show Application icons in the UI - #73
Add ability to expand results row to see more information - #75
Add last activity and expected next activity times to UI - #76

Personal: v0.7.1.1 2018-05-10

milestone:"Personal Carma Tech Preview Update 1".
Show Application icons in the UI - #73.
Add ability to expand results row to see more information - #75.
Add last activity and expected next activity times to UI - #76.

VulnDetect backend: v0.4.1.0 2018-05-08

First release of SecTeer Personal Carma

Personal: v0.7.0.1 2018-05-08

First release.

SCHME: v1.0.0 2018-05-08

First release of SecTeer Personal Carma, with functional SCHME

Tom

@OLLI_S In the future

It seems I was too fast in confirming 1.4.1, it is 1.4.0 that is the latest, and there is currently no plans for a 1.4.1 release

Tom

@GregAlexandre It will be soon, but not quite yet.

But I am happy to see that you noticed, and I hope that you and many others will do manual upgrade.

After a bit more testing, we will make it the recommended and start upgrading users on a large(r) scale.

Tom

Version updated

Tom

Version updated

Tom

@OLLI_S Happy to hear you knew I would ask.

I see no reason to change it, when the website still publishes other information.

Tom

@OLLI_S Did you find any official references stating that the vendor has changed?

I can see the file, but on the website there is no references to any legal / ownership changes.

Tom

@OLLI_S We will follow the standard protocol of using the versions listed on the websites, as long as they make sense (aren't ambiguous).

Tom

@OLLI_S It is now flagged as EoL.

Tom

@OLLI_S Yes, you can

Tom

@Tom

Best posts made by Tom

Latest posts made by Tom