Software Updates

Database Security Knowledgebase Update 6.39

Written by | Dec 13, 2023 8:17:33 PM

Trustwave Database Security Knowledgebase (ShatterKB) 6.39 is now available. It introduces new checks for Redis, Cassandra and Microsoft Azure SQL Database.

 

New Checks - Cassandra

  • Latest patch not applied
    Description    : Verify that the latest patches are applied to the database.
            Risk    : High

New Checks - Microsoft Azure SQL Database

  • Audit records for successful attempts to execute privileged activities
    Description    : Check if audit records are generated for successful attempts to execute privileged activities or other system-level access.
            Risk    : Medium

  • Discretionary access control over defined objects
    Description    : Verify that permissions on database objects are configured correctly.
            Risk    : Medium

  • Audit records for changes to the configuration of Azure SQL Database
    Description    : Check if audit records are generated when enforcement of access restrictions associated with changes to the configuration of Azure SQL Database(s).
            Risk    : Medium

  • Audit records for unsuccessful attempts to execute privileged activities
    Description    : Check if audit records are generated for unsuccessful attempts to execute privileged activities or other system-level access.
            Risk    : Medium

New Checks - Redis

  • Verify non-admin users with admin level privileges
    Description    : Verify which users have admin level privileges ('default' account is excluded).
            Risk    : Medium

New Policies

  • DISA-STIG Redis EDB 6.x V1R2 - Audit (Built-In)
    This policy has been created with the guidelines mapped out in the DOD Security Technical Implementation Guide(s) "Redis Enterprise 6.x Security Technical Implementation Guide V1R2"
  • DISA-STIG SQL Server 2016 Y23M04 Audit (Built-In)
    This policy has been created with the guidelines mapped out in the DOD Security Technical Implementation Guides "SQL Server 2016 Database STIG - V2R6" and "SQL Server 2016 Instance STIG - V2R9"
  • DISA-STIG Oracle 12c V2R7 - Audit (Built-In)
    This policy has been created with the guidelines mapped out in the DOD Security Technical Implementation Guide(s) "Oracle 12c Checklist Security Technical Implementation Guide V2R7"

 

Availability

  • Available to all AppDetectivePRO and DbProtect customers with maintenance (subscription or perpetual) in good standing at no additional cost.
  • Download SHATTER Knowledgebase from the Trustwave Support Portal. (https://www.trustwave.com/Company/Support/ and select AppDetectivePRO or DbProtect)
  • AppDetectivePRO customers can use the Updater within the product as well

 
View full post