Enterprise Recon 2.10.0

ER 2.10.0 Release Notes

The Release Notes provide information about new features, platforms, data types, enhancements, bug fixes and all the changes that have gone into Enterprise Recon 2.10.0.

For a quick view of the changes since the last Enterprise Recon release, see Summary of Changes.

Contents:

  1. Highlights
  2. Important Notes
  3. Enterprise Recon 2.10.0 Changelog
  4. Features That Require Agent Upgrades

New and Improved Features

Mask, Delete or Quarantine Sensitive Data in OneDrive Business and SharePoint Online

You can now mask, permanently delete, and/or quarantine match locations in OneDrive Business and SharePoint Online Targets. These remedial actions give you data protection capabilities that act directly on match locations to modify and secure sensitive data in your organization's OneDrive Business and SharePoint Online environments.

An Agent Upgrade is required to take advantage of this capability in ER2.

See OneDrive Business Remediation and SharePoint Online Remediation for more information.

UI UX Facelift for Investigate and Match Inspector

This release of Enterprise Recon introduces significant improvements to the overall look and user experience of the Investigate page, including the following enhancements:

  • The redesigned Match Inspector window now opens as a right-side panel, allowing you to browse through other locations while the Match Inspector window remains in view. The Match Inspector window can also be resized to a wider view, giving you the flexibility to adjust the width of the window for a more detailed preview of the matches and the match location details.
  • The filter panel can now be conveniently hidden to provide more space for the Results Grid, particularly when viewing the Match Inspector window.
  • The gear icon is now to the left of the Target name in the Results Grid for easier access to Target-specific reports or logs.

See Investigate and Investigate Page User Interface for more information.

New Platform Integrations

Scan and Identify Sensitive Data in Confluence (On-Premises) Environment

NEW Confluence serves as a space for teams to work together, document ideas or content, and drive innovation. As more information is stored in collaboration spaces, the need for strong security measures to protect sensitive data in these locations becomes even more pronounced.

The new Confluence On-Premises Target in Enterprise Recon 2.10.0 enables you to take proactive control of your content within your Confluence on-premises environment. You can scan all or specific spaces, blog posts, and/or pages (along with the associated comments and attachments) when setting up the scan schedule.

See Confluence On-Premises for more information.

Scan and Remediate the Latest macOS Versions

NEW With Enterprise Recon 2.10.0, you can now scan macOS Ventura 13.0 and macOS Sonoma 14.0 workstations and servers.

Both newly added macOS Target platforms support scanning (local scan, agentless scan, and remote scan via SSH), remediation, access control actions, and reporting features.

An Agent Upgrade is required to scan macOS Ventura 13.0 and macOS Sonoma 14.0 Targets.

New and Improved Data Types

NEW Enterprise Recon 2.10.0 has extended the coverage for Singapore-based personal data with the addition of two new data types: Singaporean Bank Account Number and Singaporean Driver License Number.

The new Singaporean Bank Account Number data type allows your organization to detect bank account numbers from the top three banks in Singapore and proactively ensure the safety of your stakeholders' financial information.

With the new Singaporean Driver License Number data type, you can effectively identify unsecured Singapore's driver's license numbers and remediate such vulnerabilities.

This release of Enterprise Recon also brings updates to existing data types. The updated Australian Passport Number data type can now detect the latest R Series passport, aligning with Australia's most recent passport standards and regulations. In addition, the United States Driver License Number data type has been enhanced to support Minnesota's driver's license numbers in the dash separator format.

Early Access

The Early Access stage allows Ground Labs to collect a round of usability and performance feedback before a feature is made generally available.

If you would like to request access to any of the Early Access features, please get in touch with the Ground Labs Support Team for assistance.

Early Access Features

  • Apache Hive - Enables sensitive data discovery on Apache Hive (and Cloudera Hive) database Targets.

Important Notes

CRITICAL: One Way Upgrade to Enterprise Recon 2.10.0

Certain data sets, storage formats and components for the Master Server have been updated in Enterprise Recon 2.10.0. Therefore once the Master Server is updated from Enterprise Recon 2.9.1 (and below) to ER 2.10.0, the datastore is not backward compatible and downgrading ER 2.10.0 to an earlier version is not supported.
Please contact the Ground Labs Support Team for assistance with upgrading the Master Server.

CRITICAL: Upcoming End of Support for CentOS 7 Master Server

CentOS 7, the current host OS for the Enterprise Recon appliance, will reach end-of-life in June 2024. Master Server installations with CentOS 7 as the base operating system will no longer be supported as of Enterprise Recon version 2.11.0.

Future Enterprise Recon releases, starting from version 2.9.1, will be provided as two options.

Option:

  1. UPDATE An appliance running on top of an Oracle Linux 8 operating system (OS).
  2. NEW An RPM software package to be installed on a server running the Red Hat Enterprise Linux (RHEL) 8.6 / 8.8 (LTS) OS.

The upgrade aims to align Enterprise Recon with contemporary industry-standard operating systems, ensuring compatibility and performance optimization.

For more information, please see ER 2.9.1. - Oracle Linux 8 ISO and Red Hat Enterprise Linux (RHEL) 8 RPM.

End-of-Support Platforms and Features in Enterprise Recon 2.10.0

The following platforms and/or features have reached end of support in Enterprise Recon:

  • Microsoft Windows Desktop Targets
    • Windows 8 32-bit
    • Windows 8.1 32-bit
  • Linux Server Targets
    • Fedora 32-bit
    • SUSE 32-bit
  • macOS Workstation Targets
    • macOS Mojave 10.14

Upcoming End-of-Support Platforms and Features

The following platforms and/or features will reach end of support and be removed in a subsequent release of Enterprise Recon:

  • Linux 2.4 Node Agents
    To continue scanning Linux server Targets, install the Linux 2.6 Node Agent instead.
  • Microsoft Windows Desktop Targets
    • Windows 8 64-bit
    • Windows 8.1 64-bit
  • Microsoft Windows Server Targets
    • Windows Server 2008 R2 64-bit
  • Linux Server Targets
    • CentOS 32-bit/64-bit
    • Debian 11 32-bit
    • RHEL 6 32-bit/64-bit
    • SUSE 13.2 64-bit
  • UNIX Server Targets
    • AIX 7.1
    • FreeBSD 12 32-bit/64-bit
  • macOS Workstation Targets
    • macOS Catalina 10.15
    • macOS Big Sur 11.5
  • Email Targets - Exchange Domain
    • Exchange Server 2010
  • Database Targets - Microsoft SQL
    • Microsoft SQL 2008

Changelog

The Changelog is a complete list of all the changes in Enterprise Recon 2.10.0.

What’s New?

  • New Data Types
    • NEW Singaporean Driver License Number
    • NEW Singaporean Bank Account Number
  • New Platform Integrations:

    • NEW Confluence On-Premises
    • NEW macOS Ventura 13.0
    • NEW macOS Sonoma 14.0

Enhancements

  • Improved Features:
    • Updated JavaScript library and other third party library for increased application security.

    • You can now perform remedial actions that act directly on match locations (Mask all sensitive data, Delete permanently, and Quarantine) in OneDrive Business and SharePoint Online. An Agent Upgrade is required to enable this capability in ER2.
    • Increased the max-age parameter value in the HTTP Strict Transport Security (HSTS) response header for increased application security.
    • Improved performance with respect to memory consumption of the Master Server when scanning and performing remediation actions.
    • Lower memory consumption when viewing Targets with a large number of match locations in the Investigate page.
    • Improved handling of inaccessible locations in Exchange Online Targets in the event of HTTP errors.
    • Updated PostgreSQL library to support SSL connections to PostgreSQL database Targets.
    • Minor UI enhancements.

Bug Fixes

  • The Resource Permission Manager window could not be displayed fully on screens with a resolution of 1366 x 768 pixels (or lower).
  • Incomplete or missing Target name or host name for certain Targets that used Distributed Scanning mode would be displayed in the "Source" column ("Last Search" section) of the downloaded Isolated Reports (in PDF format). The complete Target name or host name would only be reflected in the Isolated Reports for Distributed Scans performed after upgrading the Master Server to Enterprise Recon 2.10.0.
  • In certain scenarios, scans for Azure Storage, Dropbox, Google Drive, OneDrive Business, and Rackspace Cloud Targets would stall due to incorrect handling when updating the Agent's internal memory usage limit.
  • Scans for Oracle database Targets with tables containing unused columns could not be completed successfully and would result in the "ORA-00904:<column name>: invalid identifier" error.
  • The Web UI would generate a failure and restart if an incorrect "Host Port" value was entered when setting up a Message Transfer Agent (MTA), and the "Test" button was clicked again before the initial test connection could fail gracefully.
  • Match locations would indicate the incorrect match count, "Masked" operation status, and remediated match count if data type filters were applied when performing the masking remedial action. With this fix, the correct match count and "Partially masked" status would only be reflected upon rescanning of the match locations.
  • The "Operation" column in the Operation Log section of the Consolidated Target and Target Group Reports would incorrectly display “<Remedial action> Required” instead of the successful remediation status for locations remediated by Masking, Deletion, Quarantine, or Encryption. The correct operation status would only be reflected in the Consolidated Reports for match locations remediated after upgrading the Master Server to Enterprise Recon 2.10.0.
  • Added support for Global Filters for Salesforce Targets.
  • "Record ID" metadata information could not be displayed for Standard and Custom Objects match locations in Salesforce Targets.
  • The Web UI would generate a failure and restart when attempting to delete another Agent before Enterprise Recon could finish deleting an Agent in the Agent Admin page.
  • The Master Server index service would generate a failure and result in match locations being displayed as "Unknown" in the Investigate page "Location" column after cancelling an in-progress remediation job (e.g. Masking, Delete Permanently, Encryption, or Quarantine) for a large number of locations. This could occur if remediation failed or if the remedial action was unsupported for any of the nested objects (e.g. a file within a ZIP archive) for the selected match locations.
  • Isolated Reports for Distributed Scans did not contain information about the Global Filters or Data Type Profile Filter Rules that were applied to the scans.
  • In certain scenarios, scans for Exchange Online Targets with inaccessible locations could not be completed successfully and would remain in the "Stalled" state.
  • The results grid would unexpectedly scroll down through the list of match locations after a remediation action was performed in the Investigate page or in the Locations To Be Remediated page.
  • Scans for Google Workspace (Google Drive) Target locations with non-English "My Drive" folder in the location path, and/or scans for files created in Google Workspace (Google Documents, Google Sheets, etc.) that were selected individually as Target locations could not be completed successfully but the "Status" would be incorrectly displayed as "Completed". For this fix to take effect, (i) delete all Google Drive Target locations and scan schedules, (ii) re-add these locations, and (iii) rescan the Google Drive Target.
  • The System menu in the Web UI could not be displayed fully on browsers when the zoom was set to 110%-150% for certain screen resolutions.
  • In certain scenarios, scans for SharePoint Online Targets could not be completed successfully and remained in the "Stalled" state due to the SharePoint Online API call limits.
  • Users with only Scan permissions for specific Targets (i) could not add, edit, and scan Target locations they had permissions for if none of the permitted locations was a pre-existing Target location, (ii) could edit a pre-existing Target location and start a scan for Target locations other than the ones they have permissions for, and (iii) could view the scan schedules that included Target locations they did not have permissions for via the Enterprise Recon Web UI and API.
  • All Target locations were visible in the Targets page to a user who only had Scan permissions to specific paths in the Target.
  • Supported "Act directly on selected locations" remediation options could not be selected for match locations that were filtered (using the Target Types filter) in the Investigate page. This issue would occur when the top-level Target checkbox in the "Location" column was selected when attempting to remediate server Targets with match locations from other protocols (that do not support all remediation actions).

Features That Require Agent Upgrades

Agents do not need to be upgraded along with the Master Server, unless you require the following features in Enterprise Recon 2.10.0:

  • You can now perform remedial actions that act directly on match locations (Mask all sensitive data, Delete permanently, and Quarantine) in OneDrive Business and SharePoint Online.
  • You can now scan macOS Ventura 13.0 and macOS Sonoma 14.0 Targets. Requires macOS Agents.

For a table of all features that require an Agent upgrade, see Agent Upgrade.


Ensuring we are delivering the best technology for our customers is a core value at Ground Labs. If you are interested in future early builds of Enterprise Recon with forthcoming features, please email your interest to product@groundlabs.com.