Trustwave Database Security Knowledgebase (ShatterKB) 6.33 is now available. It introduces new checks for Cassandra and Cassandra.
New Checks - Cassandra
- List all users
- Description: Reports list of all users.
- Risk: Informational
- Credential Verification
- Description:
- Risk: Informational
- Ensure client encryption is enabled
- Description: Verify that 'client_encryption_options' is enabled.
- Risk: Medium
- Ensure Audit logging is enabled
- Description: Verify Audit logging is enabled.
- Risk: Medium
- Ensure Cassandra Authorizer is enabled
- Description: Verify the Authorizer parameter is set to 'CassandraAuthorizer'.
- Risk: Medium
- Ensure server encryption for internode is enabled
- Description: Verify that 'internode_encryption' option under 'server_encryption_options' parameter is not set to 'none'.
- Risk: Medium
- Ensure Data at rest encryption is enabled
- Description: Verify that 'transparent_data_encryption_options' option is set to 'true'.
- Risk: Medium
- Cassandra - CVE-2021-44521
- Description: Check the database version to determine if the patch for CVE-2021-44521 is missing.
- Risk: High
- List all super users
- Description: Reports list of all super users.
- Risk: Medium
- Ensure password authentication is enabled
- Description: Verify the Authenticator option is set to 'PasswordAuthenticator'.
- Risk: Medium
- Ensure cassandra network authorizer is enabled
- Description: Verify that 'network_authorizer' is set to 'CassandraNetworkAuthorizer'.
- Risk: Medium
- Credential Verification
- Description:
- Risk: Informational
Availability
- Available to all AppDetectivePRO and DbProtect customers with maintenance (subscription or perpetual) in good standing at no additional cost.
- Download SHATTER Knowledgebase from the Trustwave Support Portal. (https://www.trustwave.com/company/support/ and select AppDetectivePRO or DbProtect)
- AppDetectivePRO customers can use the Updater within the product as well