|Version||Summary of content|
From 1.8.0 release, the CAST Security Dashboard related WAR files are no longer provided.
CAST AIP Datamart
Introducing AIP Datamart (Beta) - a new way to expose, explore, and integrate AIP data for management reporting, with the following notable features:
- Robust and flexible Data structure that contains almost all key AIP metrics.
- A robust ETL mechanism for faster deployment and less effort to maintain.
- A new set of API services with streaming mode for faster extraction.
- Easier integration with off-the-shelf BI tools.
- Flexibility for users to select data that are relevant for the customers.
- Ability to integrate with external customer data.
- Ability to create derived metrics that aligns with customer business practice.
- Flexibility to customize the data structure that fulfils client reporting needs.
- Support for custom rule groupings.
- Support for various Industry Standard Tags.
See https://github.com/CAST-Extend/com.castsoftware.uc.aip.datamart for more information.
Updates - Security Dashboard
Application Investigation view changes for Impacted Transactions
A new section has been added to the Application Investigation view that lists all impacted transactions for a given object (i.e. all the transactions that the selected object is participating in):
Click to enlarge
The section displays:
- Transaction Name
- Risk Level (i.e. the Transaction Risk Index (TRI) value)
- An icon to provide access to the Transaction Investigation view
Transaction Investigation view redesigned
The Transaction Investigation view has been redesigned as follows:
- Selecting a Transaction in the left hand panel will instantly display two sections in the right hand panel showing the intermediate screens shown in previous Dashboard releases such as Health Measure, Business Criterion, Technical Criterion have been removed:
- the list of rules violated by the selected transaction
- the list of impacted objects for a selected transaction (i.e. all objects that participate in the selected transaction) that are violating at list one rule:
Click to enlarge
Parameter details available for Distribution metrics
For Distribution metrics such as Sizing, Coupling, SQL Complexity, Cyclomatic Comoplexity etc. it is now possible to see detailed information about each Parameter that contributes to the Distribution metric. For a given Distribution in each snapshot, the contributing Parameters are listed, together with the type of technology involved (Object Type Involved) and the number of objects (Parameter Value) classed in that parameter.
Predefined Security reports
The predefined Security reports available in the Report Generation feature have been updated as follows. All reports not listed have not changed.
All the "Industry compliance reports" are now under "Security reports".
New in 1.12.0
The following reports are new in 1.12.0:
NIST-SP800-53R4 Compliance Report
STIG V4R8 Standards Compliance Report
STIG V4R8 Standards Detailed Report
Renamed in 1.12.0
The following reports have been renamed:
|Previous name||Name in 1.12.0|
|CISQ Top 22 Summary Report|
CISQ Security Compliance Report
|CWE Top 25 Summary Report|
CWE Compliance Report
|OWASP 2017 Summary Report|
OWASP 2017 Compliance Report
|OWASP 2013 Summary Report||OWASP 2013 Compliance Report|
New Miscellaneous Report for Top Cyclomatic Complexity changes
A new predefined Miscellaneous Report (available in the Report Generation feature) has been added to provide information about the objects that have the highest Cyclomatic Complexity changes in comparison to the previous snapshot. The report is not available when only one snapshot exists.
Click to enlarge
You can click the icon highlighted in the right hand column to view to view specific information about the object in the Application Investigation view:
Action Plan filtering improvements
It is now possible to use a filter on most columns in the Action Plan:
In addition the behaviour of the search box has been changed - you can now search on the Object Name Location field - i.e. you can search for specific violations (based on the object name location field):
Server Cache reloading
While the server reloads from cache there will be a message in the login page, as shown in the below screen, stating "SERVER CACHE IS REFRESHING. PLEASE WAIT..."
If the user is already logged in, a pop-up message will appear, as shown in the below screen, and block the user activity on dashboard until the server is getting refreshed.