- Content matrix
- Resolved issues
- Updates - Security Dashboard
- DASHBOARDS-1817: UI updates for the Exclusion (Active/Scheduled) View
- DASHBOARDS-1872: Parameter values for last snapshots and when there are no violations
- DASHBOARDS-1894: Update the RG (1.13.0) tags in Dashboard
- DASHBOARDS-1836, DASHBOARDS-1895: Source and application name in audit trail log
- DASHBOARDS- 1945: Filter parameter details based on selected technology
- DASHBOARDS-1897: Rows per page selection in the Action plan table
- DASHBOARDS-1577: Search feature for module selector
Content matrix
| Version | Summary of content | Comments |
|---|---|---|
| 1.15.x |
| Can be used with:
|
Resolved issues
| Internal ID | Call ID | Summary | Affects Version/s |
|---|---|---|---|
| DASHBOARDS-1887 | 21468 | The list of parameters displayed in the dashboard is limited to 1 | 1.14.0 |
| DASHBOARDS-1892 | 21625 | Cannot see the quality rules parameter values for past snapshots | 1.14.0 |
| DASHBOARDS-1886 | 21588 | Parameters to be displayed for the QRs even when there are no violations present. | 1.14.0 |
DASHBOARDS-1934 | - | IE: Technology drop-down not displaying | 1.14.0 |
DASHBOARDS-1844 | - | Blank page is displaying if you click outside of the server reloading warning dialog box | 1.14.0 |
Updates - Security Dashboard
DASHBOARDS-1817: UI updates for the Exclusion (Active/Scheduled) View
Few aspects of the Exclusion are updated to provide a better end-user experience:
Click to enlarge
In the Action Plan, at the bottom of the violations list, there are improved options for pagination of items.
The SHOWING option allows you to view violations in groups of 20, 100 or all violations:
The arrow icons allow you to move through the violations:
| Return to the very first page of violations. |
|---|---|
| Go back one page, depending on the number of violations chosen for display. |
| Go forward one page, depending on the number of violations chosen for display. |
| Go straight to the very last page of violations. |
DASHBOARDS-1872: Parameter values for last snapshots and when there are no violations
Parameter details
Clicking on Rule displays parameter details section (along with other sections violations, computing details & Rule documentation). This section displays the parameter name, technology, and value for the selected rule.
Parameter details will be displayed for the current snapshot as well as for the previous snapshot if the rule is "parameterized. The parameter detail section also displays the data for a selected rule when no violations.
The parameter details section is available only in the Risk Investigation view.
This section displays a message "No parameter details available" if the selected rule does not have parameter details.
DASHBOARDS-1894: Update the RG (1.13.0) tags in Dashboard
Following reports are added in Security Reports category:
- PCI-DSS-V3.1 Detailed Report
- OWASP-Mobile-2016 Detailed Report
- OMG-ASCQM Security Detailed Report
- OMG-ASCQM Detailed Report
- NIST-SP800-53R4 Detailed Report
- CWE Detailed Report
- CWE (2019) Top 25 Detailed Report
- CWE (2011) Top 25 Detailed Report
- CISQ Security Detailed Report
- CISQ Detailed Report
DASHBOARDS-1836, DASHBOARDS-1895: Source and application name in audit trail log
Source (Client) and application name are now included in the audit trail log file.
- If you are using dashboards in browsers, Source name will be displayed as Security.
- For Rest API WAR, Reportgenerator & etc, source name will be displayed as others.
2020-02-12 06:07:40,948 | UNKNOWN_HOST | INFO | Resource access | http://alpha17:8080/CAST-Security2108/rest/AED4/configuration/snapshots/6/60016 arj [NoGroup, QUALITY_MANAGER] 12 Security | Application - Improvement Testing 2020-02-12 06:07:41,011 | UNKNOWN_HOST | INFO | Resource access | http://alpha17:8080/CAST-Security2108/rest/AED4/configuration/snapshots/6/60016 arj [NoGroup, QUALITY_MANAGER] 330 Security | Application - Improvement Testing 2020-02-12 06:51:10,253 | UNKNOWN_HOST | INFO | Resource access | http://alpha17:8080/CAST-Security2108/rest/ arj [NoGroup, QUALITY_MANAGER] 0 Others |
'Source' and 'Application' fields are added to the existing restapi.audit.log file format.
DASHBOARDS- 1945: Filter parameter details based on selected technology
The technology filter applies to the parameter details section. This section displays the parameter details for the selected technology.
"No parameter details available for selected technology" message will be displayed if the parameter details are not available for the selected technology.
DASHBOARDS-1897: Rows per page selection in the Action plan table
Select all will select only available rows in the current page.
DASHBOARDS-1577: Search feature for module selector
The search feature is now available in the module selector. On search, available modules will be displayed in the module selector.
If a searched module is not available a message will be shown with a message "No module found".
