SPHEREboard 6.8 Release Notes

December 20th, 2023


What's New:


Cassandra and MongoDB Connectors

We're keeping the database connectors coming with Cassandra and MongoDB! These connectors discover accounts and entitlements from their respective database management systems.

MongoAccounts

View access reports in the Accounts module, customize and apply controls, and use ARM to campaign and collect feedback from account owners. 

🗝️ These connectors are also fully integrated into the CyberArk workflow so you can monitor whether the accounts collected are properly onboarded. Accounts that are not onboarded, but should be, can be automatically added to CyberArk using SPHEREboard's virtual worker.


CyberArk Connector Enhancements

In this release, we have made significant enhancements to the CyberArk connector to improve its performance and scalability. These improvements allow for a smoother and more efficient integration with CyberArk, ensuring that it can handle larger environments with ease.

In addition, some advanced configuration settings have been added to allow SPHEREboard administrators to further tune the CyberArk connector based on their environment. These include:

  • PartialAccountScan - This setting defaults to false but can be set to true to only collect accounts from CyberArk that have changed since the last time the CyberArk connector was run. This will make the connector faster, with the tradeoff that accounts deleted from CyberArk cannot be properly updated in SPHEREboard.

Tip:

If you'd like to use this setting we recommend setting up a schedule where you conduct a full scan less frequently (weekly for example) and do a partial scan more frequently (daily for example). This optimizes performance and accuracy in larger environments.

  • CollectAccessTime - This setting is true by default to collect the last access time for an account in CyberArk. SPHEREboard comes with two controls that rely on this time stamp; "Password rotated 1 Hour after use" and "Password rotated 12 Hours after use". If you have these controls disabled, you can set CollectAccessTime to false for additional performance improvements when collecting CyberArk data.

 

Bug Fixes and Minor Enhancements

  • Improved performance of the Controls Engine processing violations for accounts
  • Resolved an issue where the Account Type Rules engine was timing out when running in very large environments
  • Resolved an issue where the Unix connector was not properly handling some line breaks in the sudoers file
  • Resolved an issue where the CyberArk worker was not able to remove some Oracle accounts from CyberArk
  • Resolved an issue where users were able to select disabled platforms to onboard CyberArk accounts into
  • Resolved an issue where incorrect instance counts were being displayed for some users in the end user review page in ARM
  • Resolved an issue where the "Is Privileged" column in an end user review in ARM was displaying incorrectly for some users
  • Updated quick help links that weren't navigating to the correct section of the user guide