Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Info
Summary: this page describes the new features and bugs that have been fixed in the CAST Security Dashboard 1.8.0.

Content matrix

VersionSummary of content
1.8.0
  • Default Security tiles have been renamed and now show different content
  • Education and Continuous Improvement introduced
  • Educate option in Advanced search results now available
  • Session time-out re-design

Resolved issues

Internal IDCall IDSituation
DASHBOARDS-564-Dashboard truncates "Rational" text in the violation drill-down page.

New features

SEC-207 - Default security tiles have been renamed and now use different tags

The default tiles CWE and OWASP have been renamed and now use different tags:

Old Name
/
Old Tag
CWE / CWE
New NameNew
Name/
Tag
CWECWECWE-Top25CWE-2011-Top25
OWASPOWASPOWASP-2017OWASP-2017

These tiles display the number of Violations or Critical Violations in the Application for rules that have the selected tag (i.e CISQ-SECURITY, CWE etc.): CWE-2011-Top25 and OWASP-2017). Clicking on these tiles navigates to the Risk investigation view with the specific tag selected at the top of the table . "All Rules" will be selected in the Technical Criteria table and the list of rules displayed will all be tagged with the selected tag:

Click to enlarge

Image Added

DASHBOARDS-559 - Education List now has its own sidebar menu access

The Education List has been separated out from the Action Plan and Exclusions tabs and now has its own sidebar menu access title Education and Continuous Improvement. The Action Plan and Exclusions lists remain in their existing locations:

Education and Continuous ImprovementMonitor Actions and Exclusions

Image Modified

Image Modified

In addition, the Active column has now been replaced with the Action column:

Click to enlarge

Image Modified

Previously the Active column described (via a simple Yes/No) whether the rule would be added to the Action Plan when the next snapshot is run. The behaviour in the new Action column is the same but the wording has been changed:

...

Finally, when adding violations to the Education list, the popup dialog that is displayed has an option that will force the associated violations to be added to the Action Plan. Previously this option was called Active on next snapshot and is now adrop down list with two options: Mark for Action and Mark for continuous improvement (the behaviour is the same):

Click to enlarge:

Image Modified

DASHBOARDS-589 - New Continuous Improvement tile

A new tile has been added to the dashboard home page:

Image Modified

This tile shows the following information:

...

A new Improvement tab has been added to the new Education and Continuous Improvement option in the side bar menu:

Image Modified

What information does this tab provide?

...

Info

Note that when a user has all available roles, the drop down options will be enabled as below:

  • Selector will be disabled if a Rule is added to Educate and violations (belonging to the rule) are added either to Action Plan or Exclusion:

  • Selector will be enabled when violation/rule is added only to Action plan/Exclusion/Educate. But respective drop-down option will be disabled:

DASHBOARDS-739 - Session timeout redesign

In order to comply with security standards, the way the dashboards handle session timeout has been re-designed. Users will now be notified when the dashboard detects a session timeout (i.e. there is no GET or POST activity) with an opportunity to continue the session (if within the timeout period) or log back in (if the timeout period has expired) to the system. The implementation is supported for all possible authentication modes: Default, LDAP and SAML.

...

Code Block
languagetext
%CATALINA_HOME%\webapps\CAST-Security\security\resources\ced.json
For v.≥ 1.18: %CATALINA_HOME%\webapps\CAST-Security\security\resources\ed.json

Add the following line in the "configuration" parentheses, where xx = the number of seconds you want to define before a login is required:

...