Trustwave Database Security Knowledgebase (ShatterKB) 6.26 is now available.It introduces new checks for MariaDB and MongoDB.
New Checks - MariaDB
Vulnerability in MariaDB Server - CVE-2022-21595
Description: Check the database version to determine if the patch for CVE-2022-21595 is missing.
Risk: Medium
New Checks - MongoDB
Ensure collections have validators set
Description: Verify that database collections have schema validation enabled and set.
Risk: Low
New Policies
- DISA-STIG MongoDB EA 4.x V1R1 - Audit (Built-In)
This policy has been created with the guidelines mapped out in the DOD Security Technical Implementation Guide(s) "MongoDB Enterprise Advanced 4.x Security Technical Implementation Guide V1R1"
- DISA-STIG PostgreSQL EDB V2R2 - Audit (Built-In)
This policy has been created with the guidelines mapped out in the DOD Security Technical Implementation Guide(s) "PostgreSQL EDB Advanced Server Security Technical Implementation Guide V2R2"
- DISA-STIG Crunchy Data PostgreSQL V2R1 (Built-In)
This policy has been created with the guidelines mapped out in the DOD Security Technical Implementation Guide(s) "Crunchy Data PostgreSQL Security Technical Implementation Guide V2R1"
- DISA-STIG PostgreSQL 9.x V2R3 - Audit (Built-In)
This policy has been created with the guidelines mapped out in the DOD Security Technical Implementation Guide(s) "PostgreSQL 9.x Security Technical Implementation Guide V2R3"
Availability
- Available to all AppDetectivePRO and DbProtect customers with maintenance (subscription or perpetual) in good standing at no additional cost.
- Download SHATTER Knowledgebase from the Trustwave Support Portal. (https://www.trustwave.com/en-us/company/contact/ and select AppDetectivePRO or DbProtect)
- AppDetectivePRO customers can use the Updater within the product as well