Release Notes Comply (Version 2.6)
Important Notes
Starting with Tanium Comply 2.6.16.0007, the Comply workbench will no longer warn users when they have reports that were created in versions prior to Comply 2.0 as this migration is no longer necessary.
Starting with Tanium Comply 2.6.3.0003, the Comply Tools actions will be updated with the latest Tools packages when you upgrade Comply. This change simplifies the upgrade process, reduces the probability that the Comply Tools are not updated with the module, and aligns with standard upgrade workflow used by other Tanium modules.
- Comply Tools packages are separate from the larger Comply Engines packages, which are not affected by this change.
- Comply Tools actions will continue to fire based on their customer configured schedule and targeting.
- Customers are no longer required to manually update the latest Comply Tools packages using the Update Outdated Tools Deployments feature.
Tanium Comply 2.6.267.0000
Release Date: December 3, 2020
Bug Fixes
- Changed the timeout and the Saved Question expiration to be 30 minutes for Exports.
- Fixed issue where endpoint does not return results for a Compliance Report.
- Fixed issue when the endpoint does not return the version for a Compliance Report.
Tanium Comply 2.6.263.0000
Release Date: November 17, 2020
Bug Fixes
- Added missing function isPidRunning to install-scan-engine.vbs.
- Fixed RBAC issue with Loading Trends Boards.
- Ensured that Export Vulnerability Results include First Found and Last Found dates.
- Fixed .lock file containing NULL Value preventing scans from running.
- Fixed broken vulnerability scans with CIS-CAT 4.0.23.
- Fixed memory leak that was causing some reports to not load in the workbench.
Other Enhancements
- Optimized compliance reports to use the Aggregate By Value feature which should help with compliance reports with a large number of endpoints.
- Changed "Nothing to Display" in the Top 10 Missing Patches by Aggregate CVSS Score Chart to say "No patch results are applicable."
Tanium Comply 2.6.253.0000
Release Date: October 6, 2020
Bug Fixes
- Fixed display of the Most Vulnerable Computers By Severity Summary when Zero Results.
- Fixed Vulnerability Reports only showing "Current" results.
- Better Progress display for Compliance and Remote Vulnerability Reports.
- Fixed Select All for Vulnerability ID Mappings.
- Fixed Upload Vulnerability ID Mapping tooltip.
- Fixed performing scans with JAVA_TOOL_OPTIONS environment variable set.
- Fixed issue where imported Saved Questions were being marked as needing to be overwritten when the Saved Question had not failed. This fixes the issue where the saved question seemed to only display current results.
Other Enhancements
- Added resilience around downloading files by retrying the download multiple times before failing.
- Added all SLES and openSUSE O/S Versions for Vulnerability Reports.
- Allow JVM Heap Size of 128 MB.
- Increased Distribute Over Time to be a maximum of 48 hours.
- Added better progress display for Compliance and Remote Vulnerability reports.
Tanium Comply 2.6.242.0000
Release Date: September 15, 2020
Bug Fixes
- Fix getting results in large environments where paging is necessary
- Display results from endpoints even if hash collisions exist
- Prevent concurrent execution of plugin schedule tasks
- Prefer Joval-Utilities over joval4tanium if both are present on disk
- Expire lock files after 1 hour
- Make sure a vulnerability scan has completed before reporting "No Vulnerabilities Found"
Other Enhancements
- Added "maintain_management_rights" setting. This is set to false by default. When this is set to true, the management rights of a report's original creator are preserved when the saved action for the report is recreated.
- Connect export will include empty result explanations
- Allow multiple retries to upload files to the tandem server
- Keep old scan results until a new scan is completed
Tanium Comply 2.6.228.0000
Release Date: August 25, 2020
Bug Fixes
- Improved performance when loading large question result sets.
- Retrieving paged question result sets can fail under high volume.
- Improved performance of Comply home page.
- Added High Vulnerabilities sensor to support Comply trends metrics.
- Comply Coverage Trends Board description updated.
- Removed unnecessary info from some Tanium API responses.
- Custom checks not executing on Solaris.
- Report list loading performs too many API calls.
- Reports created by default configuration could to run too close together.
- Default configuration resilient to download errors.
- Vulnerability HTML export chart incorrect.
- Report Reviewer role unable to view reports created by default configuration.
- Compliance report summary not loading on Homepage.
- Custom Vulnerability Source UI missing source/upload dialog.
- Remote Vulnerability report shows as 'Never' last run.
- Outdated Reports notification applies to unscheduled reports.
Other Enhancements
- Improved Homepage loading time.
- Normalize Coverage Trends metrics for cross-product consistency.
- Hide report Question percentage when threshold reached.
- Improved handling/logging of Permissions errors.
- Improved logging for homepage API operations.
- Ability to set logging level through workbench settings.
Tanium Comply 2.6.16.0007
Release Date: July 14, 2020
Bug Fixes
- Report list loading performs too many API calls.
- Reports created by default configuration could to run too close together.
- Default configuration resilient to download errors.
- Vulnerability HTML export chart incorrect.
- Report Reviewer role unable to view reports created by default configuration.
- Compliance report summary not loading on Homepage.
- Custom Vulnerability Source UI missing source/upload dialog.
- Remote Vulnerability report shows as 'Never' last run.
- Outdated Reports notification applies to unscheduled reports.
Other Enhancements
- Improved Homepage loading time.
- Normalize Coverage Trends metrics for cross-product consistency.
- Hide report Question percentage when threshold reached.
- Improved handling/logging of Permissions errors.
- Improved logging for homepage API operations.
- Ability to set logging level through workbench settings.
Tanium Comply 2.6.13.0007
Release Date: June 23, 2020
New Features
- Improvements to report list loading times
Bug Fixes
- Vulnerability database and engine file downloads retried automatically after initial failure
- Report metrics overviews better represent full results
- Report metrics display properly without refresh
- Content set is properly created when importing Comply metrics into Trends
- Vulnerability report end date saves correctly
- Remote scan profiles allow exclusion range notation in line with what Discover uses
- Adding zone service IP exclusion to a remote vulnerability profile no longer fails with a network validation error
- Oracle OVAL definition can be imported in the bz2 format
- Last run date for vulnerability report is reported correctly after the schedule changes
- Solaris and AIX benchmark processing handles invalid characters
- The "Has Scanned" question is asked less often
- The error "GetResultData error for question 36231 after 5 attempts" has been resolved
- Improvements to initial install process
Other Enhancements
- Additional Trends metrics
Security Update
This release includes security updates. For details, including affected versions and mitigation information, see the Tanium Support Portal, or contact your TAM.
Tanium Comply 2.6.8.0001
Release Date: June 2, 2020
New Features
- Compliance reports are now created during default module configuration.
- Ability to configure IP based exclusions for Remote Vulnerability scan profiles.
Bug Fixes
- DoT setting is not retained when updating deployment actions on upgrade.
- Homepage Recent reports view displays reports without results.
- Report title incorrectly cleared when adding second Profile to Compliance report.
- Unable to select SCC 5.2 as the engine for deployments.
- Error displaying solution links for some product's CVEs.
- Compliance Report summary/statistics header out of sync with report details under certain conditions.
- Comply Trends gallery not imported correctly when Comply is installed before Trends.
- Results Older Than sensor does not consider all error conditions.
- Remote Vulnerability Report summary/statistics header out of sync with report details under certain conditions.
- Unable to filter Most Vulnerable Computers summary view.
- Platform selection not auto-filled when creating Compliance report from Solaris benchmark.
Other Enhancements
- Improved time to acquire results with default configuration.
- Reordered homepage sections to prioritize value metrics
- Moved homepage 'Best Practices' section into new tab in Help view.
- Improved Reports listing view to indicate when reports have not yet executed.
- Ensured All Computers is the first entry in group selection when creating reports.
- Changed notification text to 'Update Now' where actions relate to an update vs a fix.
- Improved default configuration to be resilient to previous failure.
- Reduced overall size and file count of Comply service installer.
- Added support for the CIS-CAT 3.0.66 scan engine.
- Updated Tanium Scan Engine to JovalCM 6.2.0.
Tanium Comply 2.6.3.0003
Release Date: April 28, 2020
Bug Fixes
- Connect exports configured with CVE details only return no results under specific conditions.
- Comply workbench will not render in IE11 when Discover is installed.
- Homepage message about Service Account setup is misleading.
- API documentation is incorrect for POST /v1/bundles REST endpoint.
- Deployments with no endpoints reporting cause spurious service error logs.
- Unable to edit Compliance report containing *only* custom checks.
- Vulnerability report report creation fails under specific conditions.
Other Enhancements
- Improved coordination of default configuration deployments and report scheduling
- JRE packages can now be distributed to Solaris SPARC endpoints.
- Comply Tools actions are updated with the latest packages on upgrade.
- Support bundle format/contents are consistent with other modules.
- Improved format & printable view of HTML exports.
- Redirect export process logs to correct location (comply-service-files/logs).
Tanium Comply 2.6.0.0067
Release Date: March 31, 2020
New Features
- Tanium Comply now integrates with Tanium Trends to show Comply charts through the Trends initial gallery (Requires Tanium Trends 2.4 or later).
- Released new & updated CIS benchmark content into Comply:
- CIS Microsoft Windows Server 2019 Benchmark 1.0.1
- CIS Microsoft Windows Server 2019 Benchmark 1.1.0
- Service Metrics now available to Health Check.
- Tanium Certified Compliance Benchmarks automatically downloaded from content.tanium.com.
- Deploy IBM JRE to AIX 6.1.
- Improved configuration of saved question page size.
Bug Fixes
- Improved report statistic gathering performance.
- Inconsistent platform selection between forms.
- Unable to display Vulnerability Results with missing solution links.
- Escaped markup appearing in Compliance HTML exports.
- Fixes to /etc/passwd <-> /etc/group correspondence checks in all CIS Linux Benchmarks.
- Action progress indicator for reports was incorrect.
- Vulnerability reports require refresh to see updated stats.
- No Results when filtering by CVSS & Missing Patches.
- Unable to load more results when filtering Compliance Report.
- Improved error messaging related to report statistics.
- Excluding severity levels would cause incorrect CVEs to appear in Vulnerability Report.
Other Enhancements
- Preliminary support for the CIS-CAT v4.0.19 engine. In this preliminary support stage, the CIS-CAT v4 engine should only be used for testing purposes in a lab environment. The CIS-CAT v4 engine does not successfully assess multiple supported operating systems. Therefore, it is strongly recommended that the CIS-CAT v4 engine is not deployed or used in any production environments.
- Improved Tanium package creation performance.
- Enhanced Compliance scan output for easier result analysis.
Security Update
This release includes security updates. For details, including affected versions and mitigation information, see the Tanium Support Portal, or contact your TAM.
Supported Tanium Platforms
Tanium Server 7.2, 7.3, 7.4