Enterprise Recon 2.0.29

ER 2.0.29 Release Notes

Highlights

For a complete list of all the changes in this release, see the Changelog below.

Improved Support for Amazon S3

With ER 2.0.29, you can now configure Amazon S3 Targets based on AWS user accounts. This updated approach greatly simplifies the scanning of Amazon S3, allowing you to automatically include all accessible Buckets within a given AWS user account or alternatively select specific S3 Buckets. This will be particularly useful to customers who possess a large number of S3 Buckets that require ongoing monitoring for sensitive data.

This user-based approach also allows recurring scheduled scans to detect and include any new Buckets that were created since the last scan without reconfiguration provided there are sufficient Amazon S3 Bucket licenses available.

The capability to scan Amazon S3 Buckets protected by Amazon Server-Side Encryption methods remains fully supported.

See Amazon S3 Buckets for more information.

Customisable Tombstone Message

ER2 provides multiple options to remediate locations where sensitive data is found, and using the Delete Permanently or Quarantine option leaves a Tombstone text file in place of that location. With the new Customisable Tombstone Message feature, Global Admins or System Managers have the flexibility to customise the contents within the tombstone file to supply helpful information when there are attempts to access these remediated files. Tombstone text can be utilized to notify users as to why a file has been permanently deleted, or provide advice on how to proceed when a file has been quarantined.

See Customise Tombstone Message for more information.

Detailed Report Enhancement

While detailed reports provide granular insight into sensitive data locations discovered across a given Target, certain information available in these reports may be deemed confidential and only intended for privileged readers. In this ER 2.0.29 release, users can now choose to exclude location metadata (e.g. file owner, date, schema name etc…) from a saved detailed report so they contain only essential location information for a Target. In addition, the UI workflow for generating detailed reports has been updated for an improved user experience.

See Target Report for more information.

System Management Enhancements

Several upgrades have been made related to Users and Security.

For accounts with Two-factor Authentication (2FA) enabled, authenticator apps will now display a unique Master Server identifier alongside the user name and Master Server host name. The new label allows multiple users to register 2FA accounts on the same mobile device for a single Master Server. This identifier also enables a user to register 2FA accounts for multiple Master Server instances with identical host names on the same mobile device.

ER2 user account management has been enhanced to allow adding of users with the same login name across multiple domains. Furthermore, users can verify the digital integrity and security of downloaded Node Agent installation packages with the inclusion of the MD5, SHA1 and SHA256 values in the Web UI.

On the Web UI front, notification alerts are now clickable for remediation failures and certain search-related events. These clickable notifications enable users to easily navigate to the relevant pages and take the necessary action to manage these events.

Global Filter activities are now captured in the Activity Log so you can monitor all the comings-and-goings of the Global Filters.

The Dashboard graphs have finer precision to offer a clearer understanding of the historical match data across all Targets, while the Match Inspector has been tweaked for improved reporting of scan results for Microsoft Exchange, Exchange Domain and Office 365 mail Targets to display complete email addresses across several fields.

A host of bug fixes are also included in ER 2.0.29 relating to scanning, probing, Agents, and in particular the Target details page. For a complete list of issues that have been resolved, see Bug Fixes.

Improved Data Types

Improvements have been made for detection of Romanian Numerical Personal Code and United Kingdom telephone numbers.

Changelog

What’s New?

  • Added:
    • Users with Global Admin or System Manager permissions can now customise the contents of the tombstone text file for Delete Permanently and Quarantine remedial actions. See Customise Tombstone Message for more information.

Enhancements

  • Improved Data Types:
    • United Kingdom Telephone Number
    • Romanian Numerical Personal Code
  • Improved Features:
    • You can now configure Amazon S3 Targets based on AWS user accounts. This updated approach greatly simplifies the scanning of Amazon S3, allowing you to automatically include all accessible Buckets within a given AWS user account or alternatively select specific S3 Buckets. This will be particularly useful to customers who possess a large number of S3 Buckets that require ongoing monitoring for sensitive data. See Amazon S3 Buckets for more information.

    • The Windows Node Agent application name has been updated to indicate the architecture version of the installed Node Agent. The 64-bit and 32-bit Windows Node Agent will now be displayed as "Enterprise Recon 2 Agent (x64)" and "Enterprise Recon 2 Agent (x32)" respectively. The new naming feature requires version 2.0.29 of the Windows Node Agent.
    • Improved reporting of scan results in the Match Inspector for Microsoft Exchange, Exchange Domain and Office 365 mail Targets to display the full email addresses in several fields.
    • From ER 2.0.29, authenticator apps display a unique Master Server identifier along with the user name and Master Server host name for accounts set up with two-factor authentication (2FA).
    • The precision of the graph in the Web UI has been enhanced to provide a more detailed picture of the historical match data across all Targets for the 3-month and 6-month view.
    • All actions that are performed for Global Filters through the Web UI or API can now be monitored via the Activity Log.
    • Notification alerts in the Web UI are now clickable! Clicking on the Target name in the notification leads you directly to the details page for selected events. See Notifications and Alerts for more information.
    • The MD5, SHA1 and SHA256 checksum values for Node Agent installation packages are now available in the Web Console, allowing you to verify the digital integrity and security of the downloaded files.
    • Users have the option to exclude Metadata information (e.g. file owner, email recipients, column names) from the generated Target and Target Group Reports. See Reports for more information.
    • ER2 user account management has been enhanced to allow adding of users with the same login name across multiple domains. ER2 identifies users by the "username" for manually added user accounts, and "domain\username" for users imported from Active Directories. See How User Identification Works for more information.
    • Users can now install Agents in a custom location on HP-UX machines.

    • Clearer messaging for errors related to the Active Directory when probing or scanning an Exchange Domain Target.
    • Clearer messaging for errors related to corrupted scan results.
    • Minor UI updates.
  • Changes:
    • From ER 2.0.29, absolute paths are required when executing Node Agent commands for AIX Agents. For example, '/opt/er2/sbin/er2-config' and '/etc/rc.d/init.d/er2-agent'.

Bug Fixes

  • Scanning Oracle database Targets containing an excessive number of matches could cause a scanning engine failure.
  • Clicking on certain types of match locations in the Target details page would cause the list of match locations to scroll and jump to another entry.
  • If the original Proxy Agent was deleted after a scan was scheduled, the scan would be executed using an incorrect Proxy Agent even though a new Proxy Agent had been assigned to the scan schedule.
  • Changes in the IP address for a Node Agent host would immediately generate the error "Agent key already in use at <IP address>" when the Node Agent attempted to automatically reconnect to the Master Server. With this fix, up to two reconnection attempts from Node Agent hosts with new IP addresses are allowed within a 1 hour period to account for Node Agents in a DHCP environments.
  • Checkboxes become unchecked when selecting match locations to be remediated if any remediation is in progress for the Target.
  • United Kingdom telephone numbers were not properly detected as matches when preceded by certain types of prefixes.
  • If data type filters are selected in the Target details page, sorting the match results using any column (e.g. Location, Owner, Types, Status) would reset the filters. With this fix, data type filters are maintained even when match results are sorted.
  • In the Target details page, when one or more match locations were selected for remediation, the Remediation button would become disabled if any location was clicked to open the Match Inspector window.
  • The web UI would generate a failure and restart when the "Export Log" button is clicked in the Remediation Log page for Targets that contain errors in the remediation status.
  • In certain scenarios, if multiple data type filters were selected and deselected in the Target details page, the list of displayed match results did not correspond to the data type filters that were enabled.
  • Rescanning a Target that contained remediation errors would cause these error statuses to be removed from the Target details page.

  • Installing the AIX Node Agent RPM package in a custom location using the '--prefix' command would cause a "Path is not relocatable for package er2-2.0.xx-aix61-power.rpm" error.
  • German Telephone Number was incorrectly labeled as an Austrian data type in the Web UI.
  • Scanning or probing a newly added SharePoint Online Target may result in a "Remote host address could not be resolved" error.
  • The Schedule Manager page displayed the incorrect Status for newly created recurring scan schedules.
  • MySQL database Targets could not be scanned using credentials with a password length of more than 31 characters.
  • After restarting the Master Server, paused scans did not have the "Resume" option and the scan Status would be incorrectly displayed as "Interrupted" on the Schedule Manager page.
  • Upon creating a scan schedule with a pause interval defined, the scan would start and run on a single file before being paused. This only occurred if the scan start time was scheduled within the scan pause window.
  • Personal Names data was not being properly detected in certain types of XLSX files.
  • Scanning IBM DB2 database tables that consisted of columns with mixed case column names would result in the "SQL0206N <column name> is not valid in the context where it is used" error.
  • Scanning Microsoft Azure Blobs could result in the "400 One of the request inputs is out of range" error.

Features That Require Agent Upgrades

Agents do not need to be upgraded along with the Master Server, unless you require the following features in ER 2.0.29:

  • The Windows Node Agent application name has been updated to indicate the architecture version of the installed Node Agent. The 64-bit and 32-bit Windows Node Agent will now be displayed as "Enterprise Recon 2 Agent (x64)" and "Enterprise Recon 2 Agent (x32)" respectively. The new naming feature requires version 2.0.29 of the Windows Node Agent.
  • Installing the AIX Node Agent RPM package in a custom location using the '--prefix' command would cause a "Path is not relocatable for package er2-2.0.xx-aix61-power.rpm" error.
  • Scanning Oracle database Targets containing an excessive number of matches could cause a scanning engine failure.

For a table of all features that require an Agent upgrade, see Agent Upgrade.