Skip to main content

Release 24.10

Platform Updates

CrowdStrike Integration – Enhancements

What to Expect:

  • Xshield can now manage and configure zero trust policies on servers with CrowdStrike agents, eliminating the need for an Xshield agent and accelerating deployment.

Ability to Sync Firewall Policies for CrowdStrike Firewall Host Groups

  • Synchronize firewall policies for CrowdStrike Firewall Host Groups.
  • Support added for enabling/disabling policies and initiating sync operations.

"Managed By" Field for Assets

  • Introduces a "Managed By" field to indicate whether an asset is managed by ColorTokens (default) or CrowdStrike.

Why this Matters:

  • Improved Efficiency: Streamlines policy management for CrowdStrike Firewall Host Groups.
  • Enhanced Visibility: Provides better organization and control of asset management.

Asset-Specific Alert Filtering

What to Expect:

  • Introduces alert filtering based on specific assets or tags, ensuring relevant and actionable notifications.

Key Features:

  • Customizable Alerts: Configure alerts for critical assets (e.g., production servers, crown jewels).
  • Reduced Noise: Minimize unnecessary notifications for non-critical assets.

Why this Matters:

  • Improved Relevance: Ensures faster response times for critical assets.
  • Operational Efficiency: Reduces alert fatigue.
  • Enhanced Control: Allows for custom alerting behaviors.

Event & Alert Support for Traffic Flows to Named Networks

What to Expect:

  • New event and alert types monitor traffic flows to and from pre-configured Named Networks.

Key Features:

  • Traffic-Based Alerts: Trigger events and alerts for traffic interactions with Named Networks.
  • Precondition Compliance: Alerts are generated only if Named Networks are assigned to assets.

Why this Matters:

  • Enhanced Monitoring: Tracks traffic to critical/sensitive Named Networks.
  • Customizable Setup: Allows granular configuration for Named Networks.

Other Enhancements

What to Expect:

  • Vulnerability Report Download: A CSV download option added to the Asset Vulnerabilities drawer.
  • Correlation of Ports & CVEs: Displays ports impacted by a CVE discovered on an asset.

Why this Matters:

  • Informed Policy Deployment: Helps customers apply correct security policies for affected ports.

Appliance Updates

CPE Tracking for Unmanaged Devices

What to Expect:

  • CPEs are now stored & displayed alongside CVEs for unmanaged devices.
  • Feature extended to server agents as well.

Agent Updates

Firewall Coexistence Support for Agents

What to Expect:

  • Xshield firewall policies now coexist with other firewall applications.
  • Users can enable/disable this feature from the agent’s page and apply changes via "Push to Firewall".

Why this Matters:

  • Eliminates policy conflicts, ensuring compatibility across firewall solutions.
  • Prioritizes Xshield firewall rules while respecting other application rules.

Support for Huawei Cloud EulerOS 2.0

  • The Xshield agent is fully supported on Huawei Cloud EulerOS 2.0.

MacOS Policy Tampering Prevention

What to Expect:

  • Firewall integrity checked every 30 seconds.
  • Unauthorized firewall changes trigger alerts & auto-revert.

Why this Matters:

  • Ensures consistent firewall security.
  • Prevents unauthorized modifications.

User Segmentation Updates

User & User Groups Filters for Paths Page

What to Expect:

  • SCIM-based filters enhance user & group filtering on the Paths page.

Key Capabilities:

  • Filter by Group Name & IdP.
  • Advanced Filtering: Combine users, groups, ports, sources, destinations, etc..
  • Asset Page Enhancements: View inbound, outbound & user group paths.

Why this Matters:

  • Improved Usability: Enables efficient path navigation & filtering.

Resolved Issues

Ports Export Operation Fails

Problem:

  • Exporting ports data occasionally failed due to timeout errors.

Resolution:

  • Optimized export process, supporting larger data volumes.

CT Agent Not Removed from Control Panel After Decommission

Problem:

  • Agent continued to appear post-decommission due to leftover registry entries.

Resolution:

  • Fixed registry cleanup to ensure full agent removal.

Rules Absent from Enforced System

Problem:

  • Missing rules in nftables after synchronization.

Resolution:

  • Fixed rule programming crash, ensuring proper policy updates.

Public Internet IP Misclassification Issue

Problem:

  • Public Internet settings were not retained after agent restart.

Resolution:

  • Fixed config persistence, preventing conflicts.

Asset Not Getting Added to Segments

Problem:

  • Incorrect segment mappings prevented assets from being added.

Resolution:

  • Fixed segment mapping logic, ensuring smooth tag-based segment assignment.

Known Issues

Agent on Linux Server Showing Offline

Problem:

  • Concurrent writes caused zero-content agent files, marking them as invalid.

Workaround:

  • Run ct-agent remove, delete config files, and re-register the agent.

Missing IPs in Attached Named Network

Problem:

  • Filtering issues caused inconsistent search results.

Workaround:

  • Remove filters before selecting an asset.

Removed Tag-Based Templates Not Updated in Assets

Problem:

  • Templates persisted after Tag-Based Policy (TBP) removal.

Workaround:

  • Delete templates first, then remove TBP.

Traffic Logs Not Reported from Assets

Problem:

  • Traffic logs were missing in enforced states for agent 24.4.5.

Workaround:

  • Upgrade to agent version 24.8 or later.