SPHEREboard 6.9 Release Notes

March 19th, 2024


What's New:


ARM Bulk Reviews

We're adding the ability to perform reviews of asset ownership and retirement status in bulk this release!

bulkacceptdeny

We received feedback from users that reviewing many assets one at a time can be tedious, and have addressed that by creating a bulk review process in ARM. With this new feature you can confirm or reassign ownership and keep or retire assets in bulk.

This is just the first of a handful of upcoming enhancements that will help streamline your processes for addressing your most pressing security concerns, so stay tuned for more!


Redis Connector

We're rolling out another database connector this release to continue to expand SPHEREboard's account collection capabilities.

RedisConnector

The Redis connector collects Redis accounts and the commands that each account is permitted to execute on the Redis instance. 

Dig into the details for each instance scanned in the Accounts module. Similar to our other account based connectors, you can view the list of accounts that have access to the instance in the Instances page and then dive deeper into each account to view its Access Routes.

redisaccessroutes
For Redis accounts, the Access Routes panel will show the list of commands that the account has access to in the Function column. If the account has access to the command via a command category, the category is displayed in the Role column.

 


Service Dependencies

Services dependent upon your service accounts are of the utmost concern when working on your organization's Identity Hygiene.  That's why we've improved our Windows connector, Account reporting, Account Controls, and CyberArk Worker to help you gain further insights into managing those assets. 

servicedependencies

Collecting Service Dependencies and Accounts Reporting

The Windows Connector now has the option to collect data on Windows Services, Scheduled Tasks, and IIS Application Pools. When enabled and run, that data will appear in several new Service Dependencies tables across the Accounts module such as the accounts granular details, server instances, account details, server details, and more!

🗒️Note

For IIS Application pool data to be collected, IIS and "IIS Management Scripts and Tools" must be installed on the target server.


Controls and Onboarding

We're adding additional controls to the Accounts module which will indicate whether an account has had its service dependencies onboarded to CyberArk or not, and if the account should have services dependent on it at all.

These controls will help you more quickly identify which accounts are of higher importance for your organization. 

Once you have identified the most at risk accounts, account owners can perform reviews of those accounts with the new Onboard Services Dependencies campaign step to decide whether those dependencies should be onboarded to CyberArk or not.

The CyberArk Virtual Worker has also been updated with the ability to take those campaign results and automate the process of onboarding the accounts and their service dependencies to CyberArk!


Updated Table Functionality

SPHEREboard's granular tables contain lots of great information to provide insights into your environment. In this release we're excited to introduce enhanced functionality to several of our granular tables.

With advanced filtering you can more easily find the data most important to you.

advancedfiltering
The new group by functionality allows you to drag and drop column headers to reorganize the data into groups based on that column.

groupbyupdated

Use these new features to create a view of the data tailored to you and then save that view for easy access.

customviews
We'll continue to implement these features across more tables throughout the application to allow you to really dive deep into your data with confidence, and effortlessly uncover insights and trends to drive informed decision-making.

 


Bug Fixes and Minor Enhancements

  • Improved performance of ARM's administrative and review pages
  • Improved CyberArk connector speed and stability
  • Improved CyberArk connector logging when finding a low MaxDisplayedRecords setting in a CyberArk configuration
  • Resolved an issue where the group type field was inaccurate for some Azure AD groups
  • Expanded character set support with the Sybase connector and improved error handling
  • Expanded support for special characters in MySQL connector account passwords
  • Resolved an issue collecting MySQL permissions that include wildcard characters
  • Resolved an issue where longer API keys where causing the Confluence cloud connector to have errors
  • Resolved an incompatibility issue with hosting SPHEREboard on MSSQL Server 2016
  • Resolved an issue with the MSSQL connector collecting users from case sensitive instances
  • Improved reporting on functions associated with default roles in MSSQL
  • Resolved an issue where the managedby field in the AD Groups module was not being properly updated after a change
  • Resolved an issue where the Unix connector was failing to read sudoers.d files without elevated permissions
  • Resolved an issue where default account types were not mapped to the correct controls
  • Resolved an issue with control violation stock and flow for the weekly and monthly views
  • Resolved an issue where pagination was not displaying properly in the Controls page
  • Improved Teams connector to collect Team owner information