ER 2.8.0 Release Notes

The Release Notes provide information about new features, platforms, data types, enhancements, bug fixes and all the changes that have gone into Enterprise Recon 2.8.0.

For a quick view of the changes since the last Enterprise Recon release, see Summary of Changes.

Contents:

1. Highlights

   • New Platform Integrations

   • Important Bug Fixes
   • Early Access
2. Important Notes
   • Critical: One Way Upgrade to Enterprise Recon 2.8.0
   • Critical: End of Support for KCT Datastore Format
   • End-of-Support Platforms and Features in Enterprise Recon 2.8.0
   • Upcoming End-of-Support Platforms and Features
3. Enterprise Recon 2.8.0 Changelog
   • What’s New?
   • Enhancements
   • Bug Fixes
4. Features That Require Agent Upgrades

New Platform Integrations

Scan and Identify Sensitive Data in Microsoft OneNote and Microsoft Teams

The suite of Microsoft 365 apps supported by Enterprise Recon has been extended to include Microsoft OneNote and Microsoft Teams.

The Microsoft OneNote Target enables you to scan all or specific notebooks, sections, folders, files, and or pages in your organization’s domain. With Microsoft Teams, you can search for sensitive data in the channel conversations and private chat messages for all Microsoft 365 groups, teams, and user accounts.

Configuring Microsoft OneNote and Microsoft Teams is straightforward as both Targets utilize the app authentication (OAuth 2.0) method, similar to other Targets supported in Enterprise Recon.

An Agent Upgrade is required to take advantage of this capability in ER2.

See Microsoft OneNote and Microsoft Teams for more information.

Important Bug Fixes

Unable to Upgrade Master Server due to Insufficient Space on Boot Partition

Who Needs To Upgrade

Install Enterprise Recon 2.8.0 using the ISO installer if you are unable to perform a YUM update for your Master Server instance due to insufficient disk space errors on the boot partition.

What Are The Changes In This Release

New installations of Enterprise Recon using the ISO will allow only two versions of the same package to be installed on the Master Server, and the boot partition size will be increased from 256 MB to 512 MB.

What Needs To Be Done

Existing customers are recommended to:

1. Create a backup of their existing Master Server,
2. Install a new instance of Enterprise Recon from the ISO, and
3. Restore the Master Server backup to the newly created ER2 instance.

Workaround

Please contact the Ground Labs Support Team if you wish to upgrade your Master Server using the YUM update method.

Unable To Scan Specific Paths for Oracle Database Targets

Who Needs To Upgrade

Upgrade to Enterprise Recon 2.8.0 if you added specific locations (e.g. schemas, tables) for Oracle database Targets that could be probed but could not be scanned successfully. This impacts the Enterprise Recon Web UI and API.

What Are The Changes In This Release

Case-sensitivity of Oracle database paths are validated before they can be added and probed successfully.

What Needs To Be Done

Customers with existing Oracle database locations are required to:

1. Delete all Oracle database Target locations (and scan schedules) that were added with invalid case-insensitive paths,
2. Re-add these locations with proper case-sensitive paths, and
3. Rescan the Oracle database Target.

Early Access

The Early Access stage allows Ground Labs to collect a round of usability and performance feedback before a feature is made generally available.

If you would like to request access to any of the Early Access features, please get in touch with the Ground Labs Support Team for assistance.

Early Access Features

• Apache Hive - Enables sensitive data discovery on Apache Hive (and Cloudera Hive) database Targets.

Important Notes

CRITICAL: One Way Upgrade to Enterprise Recon 2.8.0

Certain data sets, storage formats and components for the Master Server have been updated in Enterprise Recon 2.8.0. Therefore once the Master Server is updated from Enterprise Recon 2.7.0 (and below) to ER 2.8.0, the datastore is not backward compatible and downgrading ER 2.8.0 to an earlier version is not supported.
Please contact the Ground Labs Support Team for assistance with upgrading the Master Server.

CRITICAL: End of Support for KCT Datastore Format

From Enterprise Recon 2.0.28, new installations of Enterprise Recon utilize CentOS 7 and RDB datastore format, which features improved reliability, better performance, and reduced internal fragmentation.

If your existing Master Server installation is based on CentOS 6 or utilizes the KCT datastore format, please upgrade to CentOS 7 and migrate your datastore to RDB format before upgrading to Enterprise Recon 2.8.0 to continue using Enterprise Recon without interruption.

The Ground Labs Support Team is available to assist customers who wish to upgrade and migrate existing installations of Enterprise Recon.

End-of-Support Platforms and Features in Enterprise Recon 2.8.0

The following platforms and/or features have reached end of support in Enterprise Recon:

• Email Targets - Microsoft Exchange (EWS)
• Microsoft 365 - Exchange Online (EWS)

Please see End-of-Support Platforms for more information.

Upcoming End-of-Support Platforms and Features

The following platforms and/or features will reach end of support and be removed in a subsequent release of Enterprise Recon:

• Linux 2.4 Node Agents
  To continue scanning Linux server Targets, install the Linux 2.6 Node Agent instead.

Changelog

The Changelog is a complete list of all the changes in Enterprise Recon 2.8.0.

What’s New?

• New Platform Integrations:

  • NEW Microsoft OneNote
  • NEW Microsoft Teams

Enhancements

• Improved Features:
  • (i) Reduced the number of versions of the same package that can be installed on the Master Server from five to two, and (ii) increased the Master Server boot partition size from 256 MB to 512 MB. For the changes to take effect, you must reinstall the Enterprise Recon appliance using the ER 2.8.0 ISO installer. See Download the Installer and Creating Backups for more information.
  • (i) Added support for scanning files in RAR5 (.rar) format, and (ii) overall improvements to the handling of RAR archive formats.
  • The Salesforce module has been updated to use the Enhanced Domains URLs for authentication. Active scans for previously added Salesforce Targets that use My Domain URLs will fail; this will impact Salesforce sandbox environments. To continue scanning Salesforce (sandbox) Targets without interruption, enable enhanced domains for your Salesforce organization. See Enhanced Domains for more information.
  • Improved performance by optimizing the mechanism for reading records from the Enterprise Recon datastore.
  • Updated regular expressions library to improve the handling of longer and more complex expressions for Global Filters, including filtering of nested locations.
  • Minor UI enhancements.

Bug Fixes

• Restarting an Oracle database server during a scan would result in the "Caught Platform Exception 0xc000005" error.
• The Investigate page would only display one match location if sensitive data matches were found in more than one email message within the same DBX (.dbx) file.
• Mouse scrolling was not working for (i) the "Agent Name" column in the Agent Admin page, and (ii) the list of running and/or scheduled scans in the Agent <Agent Name> Details page.
• In certain scenarios, running Distributed Scans would result in errors where (i) sensitive data matches could not be properly detected, or (ii) the Investigate page would not display all match locations for impacted scan locations.
• Running Distributed Scans across many locations would result in errors where (i) Target locations could not be probed successfully, (ii) sub-scans did not start successfully, (iii) the scan schedule would be stuck at the "Scanning" state, or (iv) the Web UI would generate a failure and restart when hitting the system memory usage limit.
• Invalid case-insensitive paths for Oracle database Targets could be added and probed via the Enterprise Recon Web UI and API but would subsequently fail when scanned. For this fix to take effect, (i) delete all Oracle database Target locations (and scan schedules) that were added with invalid case-insensitive paths, (ii) re-add these locations with proper case-sensitive paths, and (iii) rescan the Oracle database Target.
• File contents could not be properly decoded and could cause the issue where match locations are not properly detected when scanning solid archives in RAR (.rar) format.
• Pausing the scan of an Oracle database Target for longer than the IDLE_TIME or CONNECT_TIME session limits would result in the "Caught Platform Exception 0xc000005" error.
• Invalid Microsoft 365 domains specified in the OneDrive Domain field for OneDrive Business Targets could be added via the Enterprise Recon Web UI and API but would display an empty list or a list of security groups when probed.
• Adding Exchange Online Targets with a large number of users or groups would result in errors where (i) Target locations could not be probed successfully, or (ii) scans for Target locations that could be probed successfully would return a "Caught platform exception 0xc0000005" error.

Features That Require Agent Upgrades

Agents do not need to be upgraded along with the Master Server, unless you require the following features in Enterprise Recon 2.8.0:

• NEW Users can now scan notebooks and file attachments in Microsoft OneNote.
• NEW Users can now scan the conversation history for chats and channels in Microsoft Teams.

For a table of all features that require an Agent upgrade, see Agent Upgrade.

Ensuring we are delivering the best technology for our customers is a core value at Ground Labs. If you are interested in future early builds of Enterprise Recon with forthcoming features, please email your interest to product@groundlabs.com.