Release Notes Through 2024-09-12
Overview
New Internet Domain/DNS Inspector Email Security Enhancements
We have enhanced the current Internet Domain/DNS Inspector to include more detailed configuration data regarding SPF, DKIM, and DMARC records.
These enhancements improve the accuracy and comprehensiveness of the email-security monitoring data surfaced by Liongard, allowing you to more effectively identify and address misconfigurations that may lead to email spoofing, phishing attacks, and other email-related security threats.
In addition to the new data views pictured below, the platform now features new Actionable Alerts and Metrics sets focusing on email DNS record validity and security.
Notable Enhancements:
- New Assessments: The domain inspector now includes SPF, DKIM, and DMARC assessments to check record validity and identify misconfigurations. These assessments will appear in the data print and the new “Email Security” tab.
- SPF Name Server Lookups: The domain inspector will display all SPF name server lookups, providing comprehensive visibility into your domain's SPF configuration.
- Duplicate Name Server Lookup Detection: The domain inspector will highlight duplicate name server lookups, ensuring streamlined and accurate DNS records.
- Automatic DKIM Selector Discovery: The domain inspector will now automatically discover DKIM selectors for a selection of popular mail server hosts, enhancing ease of setup and accuracy. Below is a list of the DKIM selectors that will be automatically selected upon the configuration of the inspector:
- google (Google Workspace)
- selector1, selector2 (Microsoft 365)
- k1, k2 (Mailchimp, Mandrill)
- ctct1, ctct2 (Constant Contact)
- sm (Blackbaud, eTapestry)
- s1, s2 (Nationbuilder)
- sig1 (iCloud)
- litesrv (mailerlite)
- zendesk1, zendesk2 (Zendesk)
Triggered Change Detections
Please note that as part of this update, we have implemented some data refinement changes that may trigger change detections for the following data-points upon this release:
- NS Records
- SOA Records
- SRV Records
- A Records
- AAAA Records
- TXT Records
Updated Data for EDR Tile in the Cyber Risk Dashboard for Windows Servers
The Endpoint Detection & Response (EDR) for Windows Servers tile in the Cyber Risk Dashboard has been updated to account for more endpoint detection and response solutions. This provides more accurate insights into EDR coverage and details of the EDR product on the tile drill-down table.
Click the link below to view a list of Endpoint Detection and Response solutions that Liongard's Endpoint Inspectors can discover.
Supported EDR Solutions Discovered by Liongard.
Antivirus Detection
Please note that this tile will not recognize A/V (Antivirus) products.
New Rewst MFA Remediation Crate
Rewst has created its first preconfigured crate that uses Liongard to initiate remediation workflows.
This new crate will facilitate faster remediation when identifying users without MFA enforced through conditional access policies, enabling you to manage their vulnerability to attacks better.
When configured, this crate allows for a workflow to be triggered when a change is detected in users without MFA enabled via conditional access policies. Users can choose to remediate an existing MFA conditional access policy by adding users or creating new conditional access policies.
Please watch the video below or visit Rewst's documentation for more information.
Mailbox Rule Data for Child & Parent Microsoft 365 Inspectors
The Liongard Microsoft 365 inspector now returns Mailbox rule data for child and parent inspectors to help you identify and mitigate potential security threats due to email security configuration drift. With this critical data, you can create alerts and reports to ensure email systems run as intended without unauthorized rules.
Key Details
- For Parent & Child Inspectors, the Grant Application Role Access toggle must be enabled on the Parent Inspector Configuration page for the mailbox data to be retrieved.
- Any existing Liongard-created mailbox rule metrics will function as expected as long as the proper configuration settings are in place to retrieve the data.
- As of this release, mailbox rule data is only available on the Microsoft 365 Inspector data print. Upcoming releases will surface this data in additional data view tables.
- Please note, the inspector will not error out but will not return the new mailbox rules data unless the user reauthenticates with the parent inspector using the "Open Microsoft Sign-In" button inside the inspector configuration page.
Additional Updates
- New Version of the Power BI Connector V 1.6.2
- A new version of the Power BI connector that resolved an issue preventing the connector from loading metric and inspector data has been released. This will enable users to continue leveraging Liongard's data in Power BI without errors.
- Agent 4.2.8 Release
- We have released a new Agent (v4.2.8). This will allow the new Active Directory inspector to run on-premise inspections for up to 8 hours to prevent timeouts in larger AD domains.
- Identity Monitoring Inspector, Now Named Dark Web Monitoring
- We've renamed the Identity Monitoring Inspector to Dark Web Monitoring.
Minor Updates and Bug Fixes
Platform and Feature Minor Updates and Bug Fixes
- Fixed an issue with scheduling a report where the calendar date picker was non-functional.
- Fixed an issue with exporting a report to PDF that did not expand all sections of the report.
- Fixed an issue in the Power BI connector that prevented it from loading metric and inspector data.
- Fixed an issue where the "Is Empty" and "Is Not Empty" filters on string values were not functioning properly in the System Detail screen's data view tables.
- Fixed an error preventing the importing of multiple inspectors via bulk CSV upload.
- Fixed an issue in the Cyber Risk Dashboard preventing the Windows Workstation inspector from detecting SentinelOne as an EDR solution in some circumstances.
- Fix an issue where users without MFA enforced by Conditional Access Policies were not being displayed.
- Fixed an issue where the date selector did not appropriately filter the list of agents.
- Fixed an issue when the page crashed when opening certain reports.
- Fixed an issue with exporting reports via Excel after sorting on a metric column that no longer exists.
- Fixed an issue with viewing all notes within a single environment and disabled sorting by the Actions column, as it is not a valid sortable column.
- Fixes an issue with displaying changes when sorting on the "Change Detection" column.
- When editing and adding environments to an environments group, environments should now be added instead of replaced.
- Resolved an issue causing the 'Download CSV Import Template' option on the Inspector page to generate an incomplete Launchpoint import template.
- Improved the loading time for the single environment dashboard.
- Added a tooltip to the archive icon on the Admin > Discoveries screen.
- Fixed an issue that was preventing inspectors from being reassigned to other agents under certain circumstances.
- Resolved an issue that prevented Actionable Alerts from triggering email notifications.
- Fixed an issue causing false positive alerts for 'Internet Domain | Change to NS Record' and 'Internet Domain | Web Traffic Exposure to Sniffing and Lack of Website Validation.'
Integration and Inspector Minor Updates and Bug Fixes
- Agents
- Updated the macOS agent installation script to prevent installations from failing under some circumstances.
- Fixed an issue preventing some agent management actions from working as expected.
- Environments
- Added the ability to specify an environment group when manually adding a new environment.
- Added the ability to see environments and their associated environment groups from the Admin > Environments page.
- All Inspectors
- Resolved an issue causing the 'Download CSV Import Template' option on the Inspector page to generate an incomplete inspector import template.
- Cisco Meraki
- The field for the Organization on the Cisco Meraki inspector configuration page now requires the organization's "ID" instead of its "name."
- Dropbox
- The status message for the Dropbox inspector was updated to provide clearer instructions regarding setup errors caused by attempting to set up the inspector with an expired access token.
- Internet Domain/DNS
- Corrected the logic for the Internet Domain inspector, which previously showed false change detections for CNAME records and an inaccurate list of subdomains.
- Added sorting to reduce false change detections from triggering.
- Fixed an issue where the Internet Domain inspector was not returning the total list of NS records.
- Remediated unnecessary change detections for the Internet Domain inspector by removing the Time to Live (TTL) from impacted metric.
- Corrected logic that was showing fault DKIM validation.
- Fixed an issue causing the Internet Domain inspector to cycle between true and false values for the "DMARC Exists" metric.
- The logic for the Internet Domain inspector has been enhanced to eliminate false change detections in MX record data.
- Junos OS
- Remedied an issue with the Junos OS inspector, resolving the "getJob is not a function" error.
- Microsoft 365
- Updated the Office 365 metric query to correctly return the associated company name.
- Resolved an issue that caused Sharepoint and OneDrive data to be excluded for 'child' Microsoft 365 inspectors.
- Mailbox Rules data returns to the Microsoft 365 inspector datapoint.
- Roar Inspector
- Fixed an issue with the roar inspector not returning agent heartbeat information.
- Sophos Central Inspector
- Removed four Sophos Central metrics that the data no longer exist in the inspector's data print. (Sophos Central: Endpoints Not Seen In Last 30 Days Count, Sophos Central: Endpoints Not Seen In Last 30 Days List, Sophos Central: Endpoints Not Seen in 10 Days Count, and Sophos Central: Endpoints Not Seen in 10 Days List).
- VMWare ESXi
- Enhanced VMware ESXi inspector error handling to provide more accurate error notifications.
- Windows Server
- Fixed an issue in which the Windows Server Inspector did not return any of the Windows installation updates in specific cases.
- Windows Workstation
- Fixed inaccurate RAM capacity calculation.
New Liongard for Account Managers Learning Path in Liongard Academy
Liongard Academy, our learning and resource center, has just released a new Liongard for Account Managers certification learning path.
This learning path is designed for Account Managers and vCIOs seeking to deepen their understanding and proficiency with Liongard's Attack Surface Management. It includes courses covering fundamental knowledge of Liongard's platform and practices for leveraging Liongard for effective risk management, compliance, and customer relationship enhancement.
By completing this certification, Account Managers at MSPs will be equipped to effectively use Liongard to support their roles, drive customer success, and enhance their strategic decision-making processes.
This learning path is composed of 4 essential courses:
-
Introduction to Liongard: Acquire a thorough understanding of Liongard's platform, main features, and functionalities.
-
Cyber Risk Essentials: Understand the basics of cybersecurity risks and how Liongard can help mitigate these risks.
-
Improving Customer Relationships with Liongard: Learn how to use Liongard’s insights and reports to strengthen customer relationships.
-
Get to Data Faster with Metrics and Reports: Become proficient in using Liongard’s reporting and metrics tools for efficient data access and analysis.
Check out our other coursework, including "Troubleshoot Customer Issues faster" and "How to Write a Metric Learning Path." Check out our Team Training documentation for more information on role-specific training.
Sign up today at Liongard Academy.
As always, feel free to share any feedback or questions in the Liongard Lounge, our Slack community, in the #liongard-academy channel!
Liongard Library
Have you checked out the Liongard Library yet? Share custom Metrics and learn best practices from other Partners to get the most out of the platform. Access it in the Support drop-down menu in your instance.
Visit the Liongard Library today!
Updated 2 months ago