Support2024-07-05T15:31:35-07:00

Getting Started

On-Prem Kubernetes Configuration | ObjectSecurity OT.AI Platform2024-08-22T12:56:08-07:00

This support article provides the requirements for installing an on-premises, air-gapped deployment of the ObjectSecurity OT.AI Platform on a Kubernetes cluster. We will also cover the required system specifications to host the deployment, configuration requirements, and an installation process overview.

The ObjectSecurity OT.AI Platform uses Kubernetes to increase binary vulnerability analysis speed and scalability. This is accomplished by parallelizing the computation required for binary assessment across multiple nodes in a Kubernetes cluster.

Technical Requirements:

To facilitate a successful on-prem ObjectSecurity OT.AI Platform Kubernetes deployment, the following system specifications are recommended:

  • Each node in the Kubernetes cluster has a minimum of 4GB of RAM (recommended 8-16GB), and one node must be a minimum of 6GB.
  • Kubernetes cluster nodes must have a minimum of 80GB of available storage.
  • All remaining nodes in the Kubernetes cluster must have a minimum of 20GB of available storage.
  • Each node in the Kubernetes cluster has a minimum of 2 CPU cores (recommended 4 CPUs).
  • Minimum of 3 nodes in the Kubernetes cluster.

Preparing for an ObjectSecurity OT.AI Platform Kubernetes Cluster Deployment:

Estimated time to completion: two hours

This preparation guide assumes you have multiple virtual machines and bare-metal machines on the same network that the Kubernetes cluster can use.

Preferably, the sole purpose of these machines should be to act as nodes in the ObjectSecurity OT.AI Platform Kubernetes cluster (e.g., the nodes should not be used for other computations). If this is not the case (e.g., you have a pre-configured Kubernetes cluster running pre-existing applications for your organization), then the minimum technical requirements must be increased accordingly. For example, suppose your pre-existing Kubernetes applications consume approximately 4GB of RAM on every node in the cluster. The cluster must have at least 8GB of available RAM to support the ObjectSecurity OT.AI Platform.

Additionally, this guide assumes that a one-time Internet connection can be performed to download the ObjectSecurity OT.AI Platform installer files and container images necessary from the ObjectSecurity Secure SFTP Portal or to run the ObjectSecurity OT.AI Platform Kubernetes deployment. If this is not the case or raises any other concerns, please let the ObjectSecurity Sales and Support Team know. Alternatively, we can send you the installer files and container images that are approved for your air-gapped lab via flash drive, disk, or another offline method.

Cluster Setup and Configuration:

It is preferred that a net-new Kubernetes cluster be configured using MicroK8s (https://microk8s.io/), as the Kubernetes distribution will primarily support the ObjectSecurity OT.AI Platform. Other Kubernetes distributions (e.g., Rancher, K3s, etc.) are also supported.

Instructions for installing and starting with MicroK8s can be found here: https://microk8s.io/docs/getting-started. It is important that the add-ons mentioned in Step 6 of the article be enabled:

$ microk8s enable dns
$ microk8s enable hostpath-storage

Instructions for using MicroK8s to create a multi-node cluster (i.e., adding nodes) can be found here: https://microk8s.io/docs/clustering. Once complete, a Kubernetes cluster containing at least three nodes that meet the required system specs should be running.

Additional documentation for configuring and managing a production Kubernetes cluster can be found here: https://kubernetes.io/docs/setup/production-environment/.

If you are using an insecure docker image registry (e.g., a registry exposed over HTTP instead of HTTPS), you must configure microk8s to be aware of the insecure registry. This can be done by following the instructions here: https://microk8s.io/docs/registry-private. Other Kubernetes distribution may have different requirements for working with insecure registries, so please refer to your Kubernetes distribution’s documentation for details.

Kubectl

A Kubernetes cluster is managed using a command-line tool called Kubectl. Kubectl is used to create, destroy, and update Kubernetes resources. MicroK8s comes with Kubectl pre-installed and can be aliased using the following command (which may be placed in ~/.bash_aliases):

$ alias kubectl='microk8s kubectl'

Alternatively, basic installation instructions for Kubectl can be found here: https://kubernetes.io/docs/tasks/tools/install-kubectl-linux/. Documentation for using Kubectl can be found here: https://kubernetes.io/docs/reference/kubectl/.

Helm

Helm (https://helm.sh/) is a package manager for Kubernetes that installs Kubernetes applications using a packaging format called chartsInstallation. The ObjectSecurity OT.AI Platform is installed as a Helm chart, so it is necessary to install Helm. Installation instructions can be accessed here: https://helm.sh/docs/intro/quickstart/.

Helm uses kubectl to run commands when managing charts. It uses the kubectl config found at $HOME/.kube/config. By default, microk8s does not store its configuration here. This can be remediated with the following command:

$ microk8s.kubectl config view –raw > $HOME/.kube/config

Container Image Registry

A Docker container image registry hosted in (or accessible to) the same network as the Kubernetes cluster is required. This registry can be hosted either inside or outside of the cluster itself. This registry stores the images required to run the ObjectSecurity OT.AI Platform. Instructions for creating and deploying a registry can be found here: https://docs.docker.com/registry/deploying/.

Additionally, it is recommended that your username/password protect this registry. Instructions to do so can be found in the same article: https://docs.docker.com/registry/deploying/#restricting-access.

Network Filesystem Dependencies

The ObjectSecurity OT.AI Platform Kubernetes deployment utilizes a Network File System (NFS) to store binary assessment result data. This NFS does not have to be configured manually and will be installed as part of the Helm chart. However, each node in the Kubernetes cluster needs specific dependencies configured to host/communicate with this NFS. These dependencies can be installed and enabled by running the following commands on each node in the cluster.

$ sudo apt-get install nfs-kernel-server
$ sudo modprobe nfs
$ sudo modprobe nfsd

NOTE: The commands above reflect Debian-based systems. Other operating systems may require a slight tweak.

Installation of the ObjectSecurity OT.AI Platform Helm Chart

Once the Kubernetes cluster has been configured according to the previous instructions, the ObjectSecurity OT.AI Platform may be installed according to the following steps:

1.    Download the following files from the ObjectSecurity Secure SFTP portal:

a.    otai.tgz: The ObjectSecurity OT.AI Platform Helm Chart, exported as an archive file.

b.    otai_install_images.sh: A shell script used to pull the docker images required by the ObjectSecurity OT.AI Platform and push them to a local docker registry.

c.    otai_license: A license used to authenticate the ObjectSecurity OT.AI Platform deployment.

2.    Run the otai_install_images.sh script to push the required docker images to the local image registry. To save storage space, the docker images should be deleted from the host’s set of local docker images (by default, they are stored redundantly in your local image registry):

$ # removes a single image
$ docker rmi -f 
$ # removes all images
$ docker rmi $(docker images -a -q)

3.    One of the nodes of the cluster will be used to store all binary assessment data: this node will run the otai-nfs-server pod. You must specify the node you want to host this pod by running kubectl label nodes  otai-nfs=true.

4.    Install the Helm Chart using Helm install. Helm installation includes the following optional parameters, each of which

should be changed depending on the installation environment:

a.    registry: The URL and port of your local docker image registry.

b.    registryUsername: The username used to access your local docker image registry.

c.    registryPassword: The password used to access your local docker image registry.

d.    memLimit [16]: The amount of memory (in Gi) you wish to make available to the ObjectSecurity OT.AI Platform deployment. Increasing this number will enable more assessments to run in parallel, dramatically increasing the speed of all analyses. The otai-operator pod will consume 4Gi of memory on one of the nodes, so the value of memLimit should be set with this in mind. For example, if you have a Kubernetes cluster with 20 Gi of total memory, you must subtract the 4Gi of memory required by the otai-operator and set memLimit to 16Gi.

e.    hostPath [/var/nfs]: The file path on a host node wherein data will be stored.

f.    nfsIP [10.96.5.74]: The static internal ClusterIP of the otai-nfs-service. This value may change if the default internal ClusterIP (10.96.5.74) is allocated or unallocatable for various reasons.

When running Helm install, these optional parameters can be set using the –set  argument. An example follows:

$ helm install --set registry=registry:5000 --set registryUsername=admin --set registryPassword=password –set memLimit=16 otai otai.tgz

This example installs the ObjectSecurity OT.AI Platform Kubernetes deployment using a container image registry that can be found on the network at registry:5000, wherein this registry is protected with the username admin and the password password. The deployment only uses up to 16GB of RAM across the whole cluster due to the memLimit argument.

5.    Use your license file (otai_license) to validate the deployment by logging into the platform as the SUPERADMIN and uploading the license file on the Settings Page. The settings page can be found at http://localhost:30004/#/settings once the deployment has been installed. Without a valid license, the OT.AI Platform will refuse to start any assessments.

Installed Kubernetes Objects:

A successful installation of the ObjectSecurity OT.AI Platform Kubernetes deployment will install the following Kubernetes Objects (https://kubernetes.io/docs/concepts/overview/working-with-objects/):

  • otai Namespace: This namespace incorporates all the following Kubernetes objects together so that they may be cleanly separated from other applications running on pre-existing Kubernetes clusters.
  • otai-registry-secret Secret: This secret encodes the local container image registry’s username and password such that images may be pulled from it at runtime.
  • otai-nfs-server Deployment: This deployment hosts a Network File System used by other Deployments/Pods running in the cluster.
  • otai-nfs-service Service: This service exposes the otai-nfs-server IP address for use inside the cluster.
  • otai-operator Deployment: This deployment performs the bulk of the ObjectSecurity OT.AI Platform’s assessment orchestration, authentication, extraction, and input handling. It spawns other assessment containers at runtime to perform binary analyses.
  • otai-operator Service: This service exposes the user interface of the otai-operator outside of the cluster as a NodePort (i.e., port 30004).
  • otai-operator-service-account ServiceAccount, otai-operator-role Role, and otai-operator-rolebinding RoleBinding: These objects are used to give the otai-operator deployment permissions to run binary assessment pods within the cluster.
  • otai-pv Persistent Volume, otai-pvc Persistent Volume Claim, otai-nfs Storage Class: These objects are used to wrap the Network File System such that other Deployment/Pods may perform read/writes to/from it.

At runtime, ephemeral Pods are spawned and despawned within the cluster by the otai-operator while performing binary analyses.

Uninstallation

To uninstall the ObjectSecurity OT.AI Platform from the Kubernetes cluster, the following command may be used:

$ helm uninstall otai
How To Use the OpenAPI Integration | ObjectSecurity OT.AI Platform2024-07-29T14:23:19-07:00

To facilitate a transparent user experience and to enable full third-party integration with the ObjectSecurity OT.AI Platform, OpenAPI Initiative functionality is natively integrated into the platform.

The “OpenAPI Page” details the API routes for interacting with the OT.AI Platform. The API routes, corresponding description, and ‘Send” button are all listed on the left panel. Clicking the “Send” button queries the route, producing output on the right panel. Additionally, you may toggle between different API routes via a dropdown menu:

Additionally, some API routes require additional parameters or arguments. These parameters and arguments are listed on the left panel if needed:

External Usage

Our API may also be queried externally from any network connection with access to your deployment. Depending on your deployment type, the URL used to query the routes will differ.

Offline/On-Prem Virtual Machine:

Typically, an Offline/On-Prem virtual machine will be accessible via localhost. In this case, the following URL format will suffice:

https://localhost/rbui/<route>

If your On-Prem virtual machine is hosted on a private network, the following URL format will suffice, with ip_address referring to the IP address of your deployment on your local network.

https://<ip_address>/rbui/<route>

(The here refers to any route described in the Available Routes section.)

Cloud Deployment:

For Cloud Deployments, the API will be accessible from anywhere on the Internet. The following URL will be used, with deployment_name referring to the name of your cloud deployment.

https://<deployment_name>.objectsecurity.io/rbui/<route>

(The here refers to any route described in the Available Routes section.)

Note on bearer token:

Most OT.AI Platform API routes require a Bearer authentication token. You can learn to get this Bearer token under Authentication in the Available Routes section.

You can read more about Bearer tokens here.


Available Routes

This section provides a general overview of the purpose and output of each route. Information regarding the specific parameters and exact output schema can be found in the application itself.

General:

General routes handle the most basic usage of the OT.AI Platform, mainly including fetching data to view.

  • GET /assessor/getassets
    You can use this route to get a list of your assets. Assets have a set of binaries that have each been analyzed.
  • POST /assessor/getbinaries
    Use this route to get the set of analyzed binaries in a given asset.
  • POST /assessor/getresults
    Use this route to get analysis results for a given binary.
  • POST /assessor/getcwe
    Get additional information on specific CWEs.

Assessments & Analysis:

These routes handle the analysis process, including the ability to queue up and start various assessments.

  • GET /assessor/getassetprogress
    Gets the current analysis progress of all ongoing analyses in the user’s current organization. 
  • GET /assessor/listbinaries
    Gets the set of binaries uploaded to the dropzone.
  • POST /saas/addfile
    Uploads a binary to the dropzone. 
  • POST /saas/rmfile
    Removes a binary from the dropzone.

  • POST /saas/start
    Starts the analysis procedure on the binaries in the dropzone. 

Asset Management:

These routes handle the managing of assets after they have been analyzed. Various actions can be taken on assets, including deleting or updating multiple asset fields.

  • GET /assessor/getnumnew
    Gets the number of new assets in an organization. New assets are those that haven’t been viewed yet after being analyzed. 
  • POST /assessor/deleteasset
    Deletes an asset from an organization. 
  • POST /assessor/renameasset
    Renames an asset.
  • POST /assessor/update/assetdescription
    Updates an asset’s description.
  • POST /assessor/updateassettype
    Updates an asset’s type.

  • POST /assessor/markassetviewed
    Marks an asset as viewed.
  • GET /saas/asset/{assetid}/audit
    Gets the audit log for an asset. 

Facility Management:

These routes handle the management of facilities. Facilities each have a location and set of child assets located within the facility.

  • GET /assessor/getfacilities
    Gets all the facilities in the organization. 
  • POST /assessor/createfacility
    Creates a new facility.
  • POST /assessor/updatefacility
    Updates an existing facility. 
  • GET /assessor/getassetsinfacility/{facility_id}
    Get the assets in a facility.
  • GET /assessor/deletefacility/{facility_id}
    Deletes a facility. 
  • GET /assessor/getdefaultfacility
    Each organization has a default facility that cannot be deleted. All assets in an organization are analyzed in this default facility by default.

Authentication:

Authentication routes manage user login, role-based querying, and 2FA.

  • POST /saas/mfalogin
    Gets an “access_token” that may be set as the Bearer Token when calling the “/saas/validate_totp” route. This route acts as the first factor of 2-factor authentication. “/saas/validate_totp” acts as the second factor. 
  • GET /saas/generate_totp
    Generates a time-based one-time password for the current user. This TOTP can be converted into a QR code and scanned with Google Authenticator for 2 Factor Authentication.
  • POST /saas/validate_totp
    Validates a user’s time-based one-time password and returns to them a token that may be set as the Bearer Token when accessing all other routes of the API. This route acts as the second factor of 2-factor authentication, with “/saas/mfalogin” being the first. 
  • POST /saas/auth/user/add
    Creates a new user.
  • POST /saas/auth/password
    Updates a user’s password. 
  • GET /saas/auth/userinvite/user/{user_id}
    Invites a user to the server. Returns a token specific to the “user_id” set in the API route. The token may be redeemed by the user using the “/saas/auth/userinvite/redeem/{invite}” route. 
  • GET /saas/auth/userinvite/redeem/{invite}
    Redeems an invite generated using the “/auth/userinvite/user/{user_id}” route. Returns a token that may be used to set up a new account. 
  • POST /saas/auth/user/eula/accept
    Accepts the EULA for the calling user. 
  • GET /saas/auth/user/{userid}/profile
    Gets a user’s profile.

Organization Management:

These routes handle the managing of organizations. Organizations each have a set of child facilities and a set of child users. Organizations may have multiple administrators. The server SUPERADMIN is a part of every organization, and there may only ever be one SUPERADMIN at a time.

  • GET /assessor/getdashboard
    Gets the data needed to generate the dashboard on the UI. 
  • GET /saas/auth/userall
    Gets all the users in an organization. 
  • POST /saas/auth/user/addroles
    Assigns a user new roles in an organization. This is equivalent to adding a user to an organization, should the user not already have roles in the organization.
  • POST /saas/auth/user/removeroles
    Remove roles from a user in an organization. This is equivalent to removing a user from an organization, should the user not have any remaining roles in the organization after this route has been called. 
  • POST /saas/auth/user/setorg
    Swaps the org a user is currently viewing.  
  • POST /saas/auth/organization/add
    Adds an organization.
  • POST /saas/auth/organization/update
    Updates an organization.
  • GET /saas/org/audit
    Gets the audit log of an organization. The audit log tracks the history of all analyzed assets in the organization. 
How-To Unzip Files Using 7-Zip File Manager | ObjectSecurity OT.AI Platform2024-07-29T14:23:05-07:00

How-To Unzip Files Using 7-Zip File Manager

Certain binary file types are not supported for analysis until decompressed. For example, a .zip file will raise the following error when uploaded for analysis:

If you encounter this, refer to the following instructions on decompressing and uploading these file types for analysis.

The following file types are compressed:

  • .upn
  • .bin
  • .zip
  • .rar
  • .tar

The user must first install a file decompression utility on their device to upload these file types. 

There are some popular, free, and open-source file archivers available (ObjectSecurity is not endorsing any of these tools, nor do we receive any form of benefit from you using these tools.):

PC and Mac compatible options:
7-Zip File Manager – 7-Zip File Manager | download
WinRAR – WinRAR | download

Also available for Mac users is the built-in Archive Utility

For this tutorial, we will be showing how to decompress files using 7-Zip File Manager. However, the process is the same for all tools above. 

1. Once installed, open 7-Zip File Manager. 

2. Within the 7-Zip File Manager, navigate to the location of the compressed binary file. In this example, we are uploading the contents of uconnect.upn for analysis. Once found, double-click the file to unpack.

3. Once unpacked, the file contents will be visible within the active directory. From here, locate the file contents you want to run binary analysis on, select all of the associated files, and right-click.

4. Choose the “Copy To…” option.

5. Choose the location where you would like to copy the files and hit “OK.”

6. Now, navigate to the ObjectSecurity OT.AI Platform and select “Upload Files” on the binary upload prompt. Select your files from the location you chose to copy and upload the binary files.   

How-To Install On-Prem VM | ObjectSecurity OT.AI Platform2024-09-16T12:51:16-07:00

How-To Install the ObjectSecurity OT.AI Platform Offline VM Version in VMware or VirtualBox

To deploy the ObjectSecurity OT.AI Platform on-premises and offline, you need to download the ObjectSecurity OT.AI Platform .ova file and deploy it on a virtual machine.

Before You Get Started:
– Check to make sure your system meets the minimum technical requirements.
– Install 7-Zip File Manager

– Install Oracle VirtualBox (or VMWare)


 

[PART 1] Download and Combine .zip Instructions:

Download the ObjectSecurity OT.AI Platform .ova from the ObjectSecurity secure download portal provided to you.

  1. Enter your unique downloader login credentials provided. Please note that these are not the same credentials as your ObjectSecurity OT.AI Platform login credentials.  If you have not already set up your downloader account, follow the invite link you were provided to create your account and validate your email.

Download each of the .ova fragment files (.001, .002 etc.) and the license file. Downloading the .ova files may take anywhere from 30-60 minutes.

Next, open 7-Zip File Manager and navigate to the file location where the downloaded files are being kept. Within 7-Zip File Manager, right-click on the first file titled “OT_AI_V…_.zip” and select the “Combine files…” option.

Now you will have access to an .ova file called otai.ova. Proceed to the next part of this tutorial for how to import the .ova into your virtual machine platform.

[PART 2] How-To Import the ObjectSecurity OT.AI Platform Using Oracle VirtualBox

Open Oracle VirtualBox and select File>Import Appliance.

Next, select the icon highlighted in red and locate the otai.zip file obtained from the steps listed above in the download portion of this tutorial. Once the file has been selected, click Open and then Next.

Set the configuration, so there are at least 4 Cores for CPU and 16000 MB for RAM. To set the property, double-click on the field and enter the value. Once finished, click Import in the bottom right corner to continue. The Import may take a few minutes. 

You are now ready to log in to the platform! Click Start within VirtualBox to boot up the virtual machine containing the OT.AI Platform. 

[PART 3] How-To Import the ObjectSecurity OT.AI Platform Using VMWare

Open VMWare and select “Open a Virtual Machine.” Next, please navigate to the location where your otai.ova file is stored, ensure it is selected, and click Open.

Next, enter a name for the virtual machine:

Name: ObjectSecurity OT.AI Platform

The storage path will automatically be filled in once you enter a name. 

Once finished, click Import. The Import may take a few minutes.

Once the Import has been completed, click “Edit virtual machine settings.”

Set the configuration, so there are at least 4 Cores for Processors (CPU) and 16000 MB for RAM (Memory). Once finished, click OK in the bottom right corner.

ObjectSecurity OT.AI Platform Offline VM version is ready to be deployed. 

How-To Import a Kibana Dashboard | ObjectSecurity OT.AI Platform2024-07-29T14:22:41-07:00

How-To Import a Pre-Built ObjectSecurity OT.AI Platform Metrics Kibana Dashboard

 

This article will explain importing a pre-built ObjectSecurity OT.AI Platform Metrics Dashboard into Kibana. A sample dashboard will be included towards the end of this article.

This article aims to expedite the process of building a custom ObjectSecurity OT.AI Platform metrics dashboard by showing how to import one that already shows some useful metrics about assets, binaries, and analysis results. For more instructions on configuring Kibana dashboards, please refer to the Kibana documentation.

Importing a Dashboard

  1. First, log in to Kibana. From within Kibana, open the hamburger menu (three lines in the top left corner) and navigate to “Stack Management” under the “Management” settings.

2. On the left side menu, navigate to “Saved Objects” under the “Kibana” settings.

3. In the top right corner, select “Import”.

4. Click in the “Import” section and then select the dashboard file, which can be downloaded from the attachments of this article, then click the blue “Import” button.

5. The dashboard has now been imported and can be viewed under the “Dashboard” section of the hamburger menu in the top left corner. The dashboard will be imported under the name “Demo Dashboard.”

This dashboard can be modified however the user pleases. 

How-To Download Server Logs | ObjectSecurity OT.AI Platform2024-07-29T14:22:31-07:00

How-To Install the ObjectSecurity OT.AI Platform Server Logs and seek help from the support team

If you ever encounter an issue with the ObjectSecurity OT.AI Platform, it may be useful to look through the server logs for any indication of failure. Once you’ve identified an issue with the OT.AI Platform and obtained the server logs covering the time when the issue emerged, you can submit a ticket through the support portal with the server logs attached and request for a team member to take a look. 

Obtaining server logs:
To obtain the server logs, navigate to the right-hand navigation panel, near the logout and knowledge base buttons.

Click on the “Download Server Logs” button.

Once clicked, a download will begin and the server logs will be found in a text file within your downloads.

After you’ve obtained your server logs, submit them to a team member to receive support regarding OT.AI Platform issues

How-To Customize Reports | ObjectSecurity OT.AI Platform2024-07-29T14:22:18-07:00

How to Customize a Report

Some organizations may value the detection of certain vulnerabilities over others. For example, a specific CVE may be considered highly threatening in one organization, whereas the same CVE is considered unimportant in another. For this reason, Report Customization is necessary,

To begin customizing a report, either navigate to the “Reports Page” icon, using the left-side menu bar, or by selecting the “Customize Report” option while viewing a binary assessment on the Binary Analysis page.

After selecting a specific binary to customize a report for, the following screen will appear:

Here, you can see a PDF preview of your custom report on the left, with customization options on the right. Specific vulnerabilities appear listed out in the report like so:

You may toggle report content on or off using the right-side-bar. For compliance reasons, no new content may be added to the report. Report content is simply shown or hidden.

How to Share/Download a Report

Customized reports may be downloaded and then shared via a single button press. Once you have customized the report to your liking, simply press the download button to the right of the report PDF:

This will produce and download a PDF file that may then be printed, emailed, or shared with anyone you like.

How-To Apply a Patch | ObjectSecurity OT.AI Platform2024-07-29T14:21:11-07:00

How-To Apply a Patch to the ObjectSecurity OT.AI Platform Offline VM Version

To apply a patch to the ObjectSecurity OT.AI Platform, you first need to download the ObjectSecurity OT.AI Platform patch files from the ObjectSecurity SFTP download portal. 

Before You Get Started:
– Track down your SFTP download portal credentials, or ask an ObjectSecurity support team member for your login information.

Once you have your ObjectSecurity SFTP login credentials on hand, navigate to the SFTP Download portal here and sign in.

Once you’ve logged in, accept the EULA

Once you’ve accepted the EULA, download all of the patch.zip files from the portal.

Now that you’ve downloaded the patch.zip files, navigate to your OT.AI Platform instance and go to the settings page. From the settings page, go to “Patch Management”. Click “Choose File” to select your downloaded patch file and apply it to your instance.

While the patch applies a spinning wheel will be visible on screen to indicate that the patch is loading. This will take 1-2 minutes.

Once the patch has completed applying, shut down the virtual machine using the “Send the shutdown signal” option.

After shutting down, restart the VM. Once the VM has restarted, the web page UI can be refreshed and the new patch will be active.

How To Set Up the ELK Stack Integration Feature | ObjectSecurity OT.AI Platform2024-07-29T14:20:36-07:00

This article will explain configuring the ObjectSecurity OT.AI Platform to send logs to Elasticsearch, Logstash, and Kibana (ELK) Stack for more accessible logkeeping and parsing.

The ObjectSecurity OT.AI Platform UI provides an excellent interface for viewing results from your analyses. However, sometimes, users would like to search for assessment results with more granularity or create more complicated search queries for their results. This can be accomplished with the assistance of ELK Stack, which provides the Kibana query language interface for finer search support.

TABLE OF CONTENTS

Configuring ELK Stack to Accept Logs from ObjectSecurity OT.AI Platform

To receive logs from the ObjectSecurity OT.AI Platform, the user must first configure a Logstash pipeline to accept logs from the ObjectSecurity OT.AI Platform. To do this, the user will need root access to the computer or server hosting their ELK stack.

  1. Creating a Logstash Config file. First, the user must create a new Logstash configuration file.

    With root access, navigate to ~/etc/logstash/conf. on the ELK server. Once there, the user should create a new configuration file, “objectsecurity.conf,” for ObjectSecurity-specific logs. By default, Logstash reads any file with the extension “.conf” as a valid configuration file. ObjectSecurity OT.AI Platform supports HTTP, UDP, and TCP protocols for sending logs to the ELK stack, so depending on which protocol the user would like to use, they may edit the following configuration file as they wish. Paste the contents below within the file to open ports for receiving logs via all three protocols (the user may delete whichever input blocks they don’t plan on using):

    input {
      http {
        port => 31311
      }
    }
    input {
      tcp {
        port => 31312
        codec => json
      }
    }
    input {
      udp {
        port => 31313
        codec => json
      }
    }
    output {
            elasticsearch {
                    hosts => ["0.0.0.0:9200"]
            }
    }

    This file will create a Logstash configuration file that will receive logs via HTTP at port 31311, TCP at port 31312, and UDP at port 31313. Please note that this configuration expects Elasticsearch to be hosted on port 9200, the default port for Elasticsearch. If you have changed the Elasticsearch location, you must update the port number accordingly. 

    In addition to this, if your Elasticsearch has authentication configured, you will need to update the output fields with the information used to authenticate for your Elasticsearch instance: 

    output {
      elasticsearch {
        hosts => ["0.0.0.0:9200"]
        user => "elasticusername"
        password => "elasticpassword"
      }
    }
  2. Activating a Logstash PipelineThe user must start the pipeline after creating the configuration file for ObjectSecurity OT.AI Platform logs.

    Navigate to the ~/etc/logstash directory on the ELK server. From here, use your favorite editor (vi, vim, or nano for example) to open the “pipelines.yml” file. Add the following lines to the file to enable the pipeline, then save the file. Please note that if you have named your logstash config file something other than “obejctsecurity.conf”, you will need to update the path.config line to agree with your chosen file name.

    - pipeline.id: objectsecurity
      path.config: "/etc/logstash/conf.d/objectsecurity.conf"

    Once these steps have been completed, your logstash configuration file is now active and your pipeline is ready to receive logs at the ports you have enabled in the configuration. Now that this is done, you are ready to configure ObjectSecurity OT.AI Platform settings to point to your ELK stack and begin sending logs. 

Configuring ELK Stack Location within ObjectSecurity OT.AI Platform

To get started using the ELK stack integration feature, the user will need to go to the ObjectSecurity OT.AI Platform settings and insert the information for the Elasticsearch IP and port that will be receiving the logs. To find the ELK stash configuration settings within ObjectSecurity OT.AI Platform, go to Settings > Deployment > Configure ELK Stack. From here, the user must select the protocol they would like to use to send the logs, the IP to send the logs to, and the port which the IP will be receiving the logs.

The protocol you select should agree with the whichever protocols you enabled in the Logstash configuration, which you set within the “Creating a Logstash Config file” step of the “Configuring ELK Stack to Accept Logs from ObjectSecurity OT.AI Platform” section outline above.

Note: The user must configure the port from within the Logstash configuration files (these files are stored at /etc/logstash/conf. d). For more info about how to configure the Logstash and the inputs, please refer to the “Configuring ELK Stack to Accept Logs from ObjectSecurity OT.AI Platform” section above on how to set up Logstash and ELK Stack for the purposes of this feature.

To clarify, the IP entry should be the IP of the instance hosting the user’s ELK stack. Once the information has been entered correctly, select Submit to save the settings for ObjectSecurity OT.AI Platform logging destination.

To verify that the configuration is set up properly, each time the submit button is clicked, a test log will be sent to the configured ELK stack instance. The best way to test the configuration is to modify the fields and click submit until the ELK Stack instance receives the test log.

Getting Started Guide | ObjectSecurity OT.AI Platform | SaaS2024-09-16T12:07:17-07:00

This Getting Started Guide serves to help new users login into the ObjectSecurity OT.AI Platform for the first time. This guide also briefly explains how to analyze your first OT/ICS asset binary files for weaknesses (CWEs), vulnerabilities (CVEs), and unpublished vulnerabilities (Zero-Days).

1. Receiving the first invite link to and navigating to the application.

In order to begin using the application, another user must send you an invitation link.

2. Creating a password.

You will then be prompted to create a password:

Please choose a secure password, and enter the same password twice to continue.

3. Setting up Google Authenticator.

You will then be prompted to set up Google Authenticator. Google Authenticator can be downloaded on your mobile device using one of the following links:

Once you have downloaded the Google Authenticator app on your mobile device, add your account by following the instructions listed below the QR code. Once your account has been added to Google Authenticator, you will see a 6-digit code that updates every second or so. Please enter this code now, as well as when prompted on subsequent logins.

4. Starting your first analysis.

To start analyzing your first asset, please select the big-blue plus button in the top left corner of the screen:

This will then prompt you for information regarding the asset including asset type, name, and a set of binary files:

Binary files can be uploaded using the “Upload Files” button, or by simply dropping any number of binary files onto the page.

Once you are satisfied with your asset, press “Start Analysis” to begin the analysis process. This process may take several minutes. Analysis progress is shown in the top right corner of the screen.

5. Viewing the produced analysis results.

Once your asset has finished analyzing, the following numbered blue icon will appear next to the Binary Analysis Page navigation link:

Please click on this navigation link to navigate to the Binary Analysis Page. There, you will see your newly-analyzed asset displayed:

Click on the asset to view it in detail. The binary files you uploaded with your asset will also appear and may be clicked on to view in further detail.

Congratulations on analyzing your first asset!

FAQ’s

Technical Requirements On-Prem, Offline | ObjectSecurity OT.AI Platform2024-07-29T14:24:01-07:00

Dedicated Compute Machine:

We suggest that the machine being used to host the ObjectSecurity OT.AI Platform On-Prem, Offline VM deployment be dedicated. The host machine should not be used to run any other applications, processes, or services that may cause resource conflicts with the ObjectSecurity OT.AI Platform. This prevents the installed On-Prem, Offline VM from encountering resource restriction issues (e.g., failure to properly access the RAM, CPU, and storage you allocated for it). If a dedicated machine isn’t able to host the ObjectSecurity OT.AI Platform in your environment, we recommend that you make sure the installed VM has access to the computational resources you allocated for it at all times by other means.

Backup:

We suggest that you create a backup/copy of the ObjectSecurity OT.AI Platform On-Prem, Offline VM .OVA file provided to you by ObjectSecurity before proceeding with the installation.

Computer (hosting VM) Specifications:

  • RAM – minimum of 16GB of usable RAM – 32GB to 64GB of usable RAM is recommended
  • CPU Cores – minimum 4
  • Available Storage – minimum 80GB of available space
  • System Type – 64-bit operating system, x64-based processor

Virtual Machine Options:

Note: Other options may be available, but the above have been tested.

[Optional] Multi-Factor Authentication Device:

Note: Organizations may choose to have MFA disabled if they are in an environment where mobile devices/other devices are not permitted. If you need this feature disabled, please email the ObjectSecurity OT.AI Platform Support Team.

How to Secure a Weak Pointer2024-07-29T14:20:15-07:00

A Weak Pointer is any pointer that can be maligned to point outside the bounds to which it was initially allocated in the binary code. An example could be either a stack pointer or heap pointer. When allocated, the Weak Pointer was given a base value and maximum size. It is thought that binary-level vulnerabilities cannot occur without the ability to force a pointer to fall outside the range it was allocated. Other forms of exploitation can happen without it, but it stops the attacker from obtaining control flow.

To secure the Weak Pointer, several steps can be taken:

  1. An automated control flow integrity (CFI) or software fault isolation (SFI) solution is often available from compilers. Just rebuilding with these protections enabled is usually a victory because it eliminates the need for a patch. But, be warned that practically all of these implementations are restricted by their critical neo and do not impose much performance overhead, so they often have glaring holes. Not to impose much performance and do
  2. Another step that can be taken is the data pointer that faulted can be efficiently and effectively masked to prevent it from falling outside its bounds. To do this, a user with source access will modify the source to add a couple of operations to update the pointer to restrict it to within its bounds. If the pointer is already within that, there will be no effect.

An example:

const int SIZE_SMALL = 4;
const int SIZE_LARGE = 131072;

int f(int argc) {
        if (argc > 1) {
          char *dst = malloc(SIZE_SMALL);
           dst[argc]='\0';
        }
}

int main(int argc, char *argv[]) {
        f(argc);
        return 0;
}

This example has several obvious weak pointers. 

ObjectSecurity OT.AI Platform Weak Pointer Analysis finds these successfully; they have a path, and confidence score reports successfully for these.

What exactly can be done for any allocated dst? The following function repairs a pointer given the original and updates the math of the pointer to restrict it before using the Wepointer.

void * repair(void * orig, int size, void * ptr) {
        if (ptr < orig) ptr = orig;
        if (ptr > (orig+size)) ptr = (orig+size)
        return ptr;
}


int f_repaired(int argc) {
        if (argc > 1) {
          char *dst = malloc(SIZE_SMALL);
          char *dst_access = dst + argc;
          dst_access = repair(dst, SIZE_SMALL, dst_access);
           *dst_access='\0';
        }
}

This approach is the same for all Weak Pointers, but remember that you now may need to keep track of the pointer’s bounds up to the point at which the pointer is weak to have the bounds to restrict the pointer. Why point that out? Because the vulnerable pointer is a reassignable data value, the protection can’t be glued to the code that accesses it if it has potentially different values. To make that more clear, here is another example (just in the narrative this time):

  1. A Weak Pointer occurs at an address.
  2. That address accesses a pointer that was passed around as a variable.
  3. Therefore, the correct bound must be looked up for that pointer before it is applied.
How Long Does It Take For An Analysis To Complete?2024-07-29T14:19:49-07:00

Below shows the completion times for a sample configuration with the minimum hardware requirements:

Analysis time predictions (using 8 GB of RAM):

Number of binaries (5MB average size) Average time to complete in the cloud Average time to complete on-prem
1
20 minutes
40 minutes
4
1.5 hours
2 hours
8
2.6 hours
5 hours
16
5 hours
10 hours
32
10 hours
20 hours
64
1 days
2 days
128 2 days 4 days

The times listed above are the estimated completion times when the system is running with 8GB of available RAM. The more RAM is made available to the system, the more the user can expect the times to completion to decrease. 

The times presented only represent average estimates, and analysis times may vary. 

I experienced an import error for the Offline VM version importing the .OVA File to VMWare Fusion, Workstation, or Player? What do I do?2024-07-29T14:19:38-07:00

When importing the ObjectSecurity OT.AI Platform Offline VM .OVA file to VMware Fusion, Workstation, or Player, you may see this error:

The import failed because .OVA did not pass the OVF specification conformance or virtual hardware compliance checks

If you see this error, click “Retry” with lower specifications to relax the specification and restart the import.

For more information, please reference this support article on how to import a VM from the VMWare Support Documentation.

How Do I Obtain My Copy of ObjectSecurity OT.AI Platform? (Offline only)2024-07-05T14:52:34-07:00

To Receive the Virtual Appliance Package File:

  • Via ObjectSecurity Provided Secure FTP – The ObjectSecurity OT.AI Platform Support Team will provide the user with login credentials to access the ObjectSecurity SFTP portal, where the .OVA package can be downloaded from.
  • Via End User Provided Secure FTP – Please provide the ObjectSecurity OT.AI Platform Support Team with the login credentials to upload the .OVA package to your secure file transfer system.
Supported CPU Architectures2024-08-01T12:28:49-07:00

ObjectSecurity OT.AI Platform offers extensive firmware image analysis capabilities. The ObjectSecurity OT.AI Platform development team is always working on expanding coverage. Additional file types and architectures are added to the supported category frequently.

Supported CPU Architectures:
x86-16, x86-32, x86-64, ARM32, ARM64, AARCH64, MIPS16, MIPS32, MIPS64, MicroMIPS, PowerPC, RISC-V, PA-RISC, SPARC 32/64, PIC 12/16/17/18/24, CR16, Z80, 6502, 8048, 8051, ARC, MSP430, AVR8, AVR32, SuperH, V850, Atmel AVR, Motorola 68k and H8, Ricoh 5A22, TMS320Cxxx

The ObjectSecurity OT.AI Platform currently detects ~140 CWEs. 90% of these CWEs are detected on 30 common CPUs, including x86, ARM, MIPS, PowerPC, and SPARC. A majority of the CWE scans extend to cover x86-16, MIPS, AARCH, etc. Approximately 20% of the CWEs are also detected on specialized CPUs (i.e., RISC-V).

Supported File systems, Binary File Types, and Packaged File Types2024-07-29T14:19:29-07:00

ObjectSecurity OT.AI Platform offers extensive firmware image analysis capabilities. The ObjectSecurity OT.AI Platform development team is always working on expanding coverage. Additional file types and architectures are added to the supported category frequently.

Note: Non-standard MIME-type binary files that produce “non-addressable” results.

Supported File Systems:
Ext4, JFFS2, YAFFS, UBIFS, SquashFS, NTFS, FAT, ExFAT, UFS 1, UFS 2, EXT2FS, EXT3FS, HFS, YAFFS2, EnCase, AFF, EPROM

Supported Binary File Types:

Elf, WASM, PE/PE+, SPX, MBN/SBL bootloader, DEX, OMF, COFF, MZ, EXE, QNX, Fatmach-O, Mach-O, DYldcache

Supported Packed File Types (auto-extract and analyze the packed file):

ZIP, TAR, GZIP, BZIP2, XAR, BIN, MSI, MS CAB, ARJ, LZH, LZS, PMA, LZO, UPN, XZ, APK, ISO 9660, BIOS/UEFI

Currently Not Supported (updated 8.29.23):

Source Code, Browser/Interpreted Languages, JIT Languages (e.g., Java Class Files), Image Files (e.g., JPG, PNG, GIF, ART), Non-Executable Binary Files (e.g., TextEase (TE) CT Database Files, SELinux/Type Enforcement Files), Bell Labs Plan 9 EXE (untested)

Troubleshooting

Troubleshooting – Analysis Not Initiating for Offline Distributions | ObjectSecurity OT.AI Platform2024-07-05T14:56:53-07:00

Troubleshooting Options  – An analysis does not initiate after a prolonged period of time on Offline VM Distributions

If you have encountered issues with analyses not beginning after a prolonged period of time on offline distributions, consider trying some of these solutions to resolve your issue. 

Try these solutions in order and move on to the next if one does not work. If you still encounter issues after attempting these solutions, please reach out to an ObjectSecurity OT.AI Platform support team member, or submit a ticket through the ticketing portal.

Solutions:

  1. Sanity Check: Refresh the page, log out and log back in, then attempt to restart the analysis.
  2. Expiration Check: Ensure that the VM isn’t expired. If the VM isn’t expired, it will display a countdown in the bottom right of the page after logging in. The time of the host machine may affect this expiration.
  3. Hardware Check: Turn the VM off and on. Check that the specs are met (# vCPUs, 16GB RAM, 443 port forwarded). Ensure the host machine also meets the hardware specs.
  4. Organization Check: In the Platform, navigate to the Settings Page and create a new Organization. Swap to the new organization from the top navigation bar. Attempt to restart the analysis.
  5. Reinstall: Reinstall the VM. Give the import a new name to avoid any issues that exist in some versions of VirtualBox. Ensure the specs in step 3 are met before ever starting the VM.

Release notes

ObjectSecurity OT.AI Platform | v2.2.0 Release Notes2024-07-05T15:05:27-07:00

TABLE OF CONTENTS

What’s Changed with This Release:

What’s New:

  1. Added the Binary Delta Feature, accessible from a new tab in the user interface.

What’s Updated:

  1. Improved the descriptions of various CWEs. When detected, these CWEs are reported with more context than before.

  2. Added the ability to recover a user’s password via email from the sign-in screen.

  3.  Fixed bugs and performance issues relating to user authentication.

Feature details

New Feature: Binary Delta Feature

The Binary Delta Feature allows you to compare binary assessment results for different versions of the same binary executable or firmware image (e.g., between updates, patches, upgrades, mergers, debloats, remediation, etc.). This can be used to verify that a remediation removed an issue, or that a merger did not introduce new vulnerabilities.

You may select two assets for which to generate a Binary Delta Report. The Binary Delta Report is viewable in the user interface and may be exported to PDF. The Binary Delta Report will report any Binaries that are added, updated, removed, or unchanged between the two assets.

Updated Feature: Improved the descriptions of various CWEs.

When detected, some CWEs are reported with more context than before. 

Updated Feature: Added the ability to recover a user’s password via email from the sign-in screen 

Passwords can now be reset via email directly from the sign-in screen.

ObjectSecurity OT.AI Platform | v2.1.1 Release Notes2024-07-30T14:36:26-07:00

What’s Changed with This Release:

What’s New:

  1. The CWEs tab is now organized according to the parent-child CWE hierarchy defined by MITRE.

  2. [On-prem Offline VM Only] New deployments now allow the user to set the initial SUPERADMIN account credentials.

What’s Updated:

  1. The asset vendor, product, and version text inputs have been turned into dropdowns.

  2. The speed and performance of CPE/CVE detection has been improved.

  3. ThreatAI assessment results now map to CWEs.

  4. Weak Pointer assessment results now map to CWEs.

  5. Various other new detectable CWEs have been added.

  6. The 3D embedded system graph has been replaced with a colored Critical/Vulnerable/Safe grid component.

Feature details

New Feature: CWE Tab Organized by Parent-Child Hierarchy

The CWE tab within the binary analysis page is now organized in a way that allows the user to follow the hierarchy of the CWE from parent to child relationships. Hierarchical organization provides a structured and systematic representation of different types of weaknesses, allowing for a clear and organized view of the relationships between them.
This helps in categorizing and classifying weaknesses based on common traits and characteristics. At higher levels, weaknesses can be broadly categorized, providing an overview. At lower levels, more specific and detailed information about each weakness is available. Users can drill down into specific categories or climb up to see broader classifications.
Users can quickly locate and understand the context of a particular weakness within a broader category. This organizing strategy facilitates the identification of common patterns, root causes, and related weaknesses, aiding in the development of effective countermeasures.

New Feature: [On-Prem Offline VM] New Deployments Allow User to Set Initial SUPERADMIN Account Credentials

When users start up their On-Prem Offline VM for the first time, they are prompted to set their SUPERADMIN login credentials before running analyses. Allowing users to set their login credentials, such as usernames and passwords, promotes user autonomy and security.

Updated Feature: The Asset Vendor, Product, and Version CPE Inputs Have Been Turned Into Dropdowns

This has been updated for ease of use and to improve the user experience when entering CPE information. The user’s entry will auto-complete if ObjectSecurity OT.AI Platform contains CPE data associated with the entry.

Updated Feature: Speed and Performance of CPE/CVE Detection Has Been Improved

The CPE and CVE detection mechanisms have been improved, and the results now return faster, improving the overall analysis completion speeds.

Updated Feature: ThreatAI Assessment Results Now Map to CWEs

ThreatAI assessment results now map to related CWEs, helping the user understand how the different analysis results are connected to the weaknesses of the binary overall.

Updated Feature: Weak Pointer Assessment Results Now Map to CWEs

Weak Pointer assessment results now map to related CWEs, helping the user understand how the different analysis results are connected to the weaknesses of the binary overall.

Updated Feature: Various Other New Detectable CWEs Have Been Added

CWE mappings have been improved upon and the CWEs that are detected are now more specifically mapped to the problems that are present.

Updated Feature: 3D Embedded System Graph Replaced with Colored Critical/Vulnerable/Safe Grid Component

The 3D Embedded System Graph has been replaced with a more readable numerical component. This change was made because the 3D embedded system graph did not provide much utility and was ultimately only there for visual purposes. It has been removed and replaced with a more utilizable graph to avoid confusion.

ObjectSecurity OT.AI Platform | v2.1.0 Release Notes2024-07-30T14:33:29-07:00

What’s Changed with This Release:

What’s New:

  1. Common Platform Enumerations (CPEs) are now detected based on the analyzed asset vendor, product, and version information.

  2. CISA Known Exploited Vulnerabilities (KEV) Catalog has been integrated into the ObjectSecurity OT.AI Platform CVE detection mechanism.

What’s Updated:

  1. Each Binary Analysis Tab includes explanatory text to describe the purpose of each tab.

  2. The detection of Weak Pointers now results in a binary to be scored Red.

  3. The Crypto Tab now warns the user if certain detected cryptographic signatures indicate a deprecated or unsafe cryptographic algorithm.

  4. The OpenAPI routes have been reformatted according to the affected data type.

Feature details

New Feature: CPE Search Support for Uploaded Analyses

With the addition of the CPE Search feature, the user may enter the asset vendor, product, and version to show a complete list of CVEs associated with each CPE search result. To use this feature, enter a vendor (optional), product (optional), and version (optional) when uploading assets for analysis. If the user enters only a vendor, the CPEs tab will search all products and versions for that vendor. If the user enters a vendor and a product, the CPEs tab will search all product versions. By this means, the user can selectively narrow down the CPE search. CPEs are displayed on the Asset Summary Panel of the Binary Analysis Page, next to the Base analysis tab.

New Feature: CISA Known Exploited Vulnerabilities (KEV) Catalog Integration

With the integration of the CISA Known Exploited Vulnerabilities (KEV) Catalog, the user now receives insights about which CVEs are known to have been exploited. This feature adds a new classification for CVEs under the Risk column. CVEs that have been exploited will be labeled “EXPLOITED” in the severity Risk score. To use this feature, upload your binaries as usual, and the results will begin showing CVEs that are identified as exploited.

Updated Feature: Analysis Descriptions

Analysis results can be viewed on the Binary Analysis Base Tab and now includes explanatory text to describe the purpose of each tab. This text explains how the displayed assessment results can be interpreted for remedial purposes.

Updated Feature: Weak Pointers Scoring

Assets that have Weak Pointers present are now scored as Red.

Updated Feature: Crypto Tab Deprecated or Unsafe Cryptographic Algorithm Warnings

The Crypto Tab warns if certain detected cryptographic signatures indicate a deprecated or unsafe cryptographic algorithm.

Updated Feature: OpenAPI Route Reformatting

The OpenAPI routes have been reformatted to start with the data type to which they apply. This change came as part of a logical restructuring of the routes available and to increase clarity about which resources were being accessed.

ObjectSecurity OT.AI Platform | Beta v2.1.0 Release Notes2024-07-30T14:35:33-07:00

What’s changed with this release:

What’s New:

  1. Assets now have an associated list of “tags”. This list of tags can be added to and removed at will from the Binary Analysis Page.
  2. Searching for a tag by name will display all of the assets that have the corresponding tag.

What’s Updated:

  1. The custom reporting feature has been re-tooled with a new look and feel.
  2. Vulnerabilities added to a custom report may be re-ordered via drag-and-drop.
  3. Vulnerabilities added to a custom report that have associated compliance mappings will display these mappings on the report.
  4. Vulnerabilities added to a custom report that have associated deep dive locations will display these locations on the report.
  5. The audit log viewable from the Dashboard and Asset Summary Panel now displays the name of the user who caused the audit entry.
  6. Assets can now have their type updated from the Binary Analysis Page.

What’s Been Removed:

  1. Some asset types have been removed due to the tagging feature making them redundant.
ObjectSecurity OT.AI Platform | v2.0.5 Release Notes2024-07-30T14:29:07-07:00

What’s Changed with This Release:

What’s New:

  1. The SUPERADMIN can forward all assessment results to an ELK stack of their choosing. This can be configured in the SUPERADMIN’s Settings Page.
  2. [On-Prem Only] The SUPERADMIN of on-prem deployments can now update the CVE signature database in the Settings Page.
  3. [On-Prem Only] The SUPERADMIN of on-prem deployments can now update the Malware signature database in the Settings Page.

What’s Updated:

  1. The CVE detection assessment has been frontloaded. It will be executed before other assessment types.
  2. Users can now change their password from the Settings Page.
  3. On-Prem users can now apply their deployment license from the Settings Page.

Feature details

New Feature: Assessment Result Forwarding to ELK Stack

With the addition of the Results Forwarding to ELK Stack feature, the user may now set the location (IP and port) for their analysis assessment results to be easily forwarded. The ELK Stack forwarding feature makes processing and storing results much more accessible and gives the user flexibility to search through and process results with more granularity. Since ELK Stack provides a unique Kibana query system, the user can sort results in a way that is not limited to what the front-end GUI provides.

This feature can be accessed by the SUPERADMIN and configured within the settings page. There are three supported protocols: UDP, TCP, and HTTP. Instructions for configuring each of these can be found here.

New Feature: [On-Prem Only] CVE Signature Database Update Ability

With the addition of the CVE Signature Database Update feature, On-Prem users may now pull updates from the NVD CVE Signature Database to update the range of mapping possibilities for their CVE analysis mapping results. This feature is for On-Prem offline users who want to stay on top of the newest CVE published daily. Since On-Prem deployments have no connectivity to the internet, users with On-Prem deployments must use this feature to update their master CVE mapping database.

New Feature: [On-Prem Only] Malware Signature Database Update Ability

With the addition of the Malware Signature Database Update feature, On-Prem users may now pull updates to the Malware Signature Database. This feature is for On-Prem offline users who want to stay on top of the newest Malware published daily. Since On-Prem deployments have no connectivity to the internet, users with On-Prem deployments must use this feature to update their Malware mapping database.

Updated Feature: CVE Detection Assessment Frontloading

With this update to the assessment order, the CVE assessment is completed before other assessments. This re-ordering was done to take advantage of the fast analysis time produced by the CVE assessment and to show users the most critical information first.

Updated Feature: Password Update From Settings Page

With this update, users can now update their password from the settings page without the assistance of the SUPERADMIN.

Updated Feature: License Applying From Settings Page

With this update, the SUPERADMIN can now apply for the platform license from the settings page- making the initial setup much more accessible.

ObjectSecurity OT.AI Platform | v2.0.1 Hotfix Release Notes2024-07-30T14:01:23-07:00

What’s Changed with This Release:

What’s New:

  1. CWEs can now be mapped to the NIST 800-82 compliance framework.
  2. MSI files are now extracted and analyzed.
  3. [Cloud Only] Analyses now run in parallel and complete significantly faster.

What’s Updated:

  1. The Weak Pointer path Confidence Score is now color-coded to indicate status.

Feature details

New Feature: NIST 800-82 Compliance Mapping

With the addition of NIST 800-82 Mapping, the user can gain valuable insight into how CWEs affect their compliance standing.

New Feature: MSI Extraction and Analysis

MSI files are now able to be uploaded, unpacked, and analyzed.

New Feature: [Cloud Only] Parallel Analyses, Increased Performance

Binaries analyzed on cloud distributions now analyze faster. In addition, more binaries may be analyzed simultaneously.

ObjectSecurity OT.AI Platform | v2.0.0 Release Notes2024-07-30T14:31:47-07:00

What’s Changed with This Release:

What’s New:

  1. Added the ability to generate custom PDF vulnerability reports for assets.
  2. Added the ability to generate custom PDF vulnerability reports for facilities.
  3. Added the dashboard system stats, including CPU and memory usage.
  4. Added the ability to ingress binary files for analysis from an S3 bucket.

What’s Updated:

  1. The assessment queue has been updated to display the percentage completion for every assessment conducted per binary.

  2. The assessment queue has been updated to enable users to re-prioritize assessments, binaries, and assets in the queue, stop assessments, stop binaries, and stop assets.

  3. The Deep Dive Page has been updated to enable the user to jump between functions in the disassembler and decompiler.

  4. The CVEs table has been updated to enable sorting by different columns.

  5. The pricing option allows instances to be configured by the binary scan or asset.

  6. Weak Pointers now have an associated confidence score.

  7. Weak Pointers may now be added to the Binary Scan Analysis Report. You can learn about Weak Pointers here.

New Pricing Option

Pay Per Binary Scan: With the Pay Per Binary Scan pricing option. This pricing option is ideal for customers focused on Binary scans versus assets.

Feature details

New Feature: Custom Binary Scan Analysis Vulnerability Reports for Assets in PDF Format 

With the addition of the Custom PDF Vulnerability Reports for Assets feature, the user may now generate customized reports for an asset. The asset reports are customizable and allow users to select information per binary to include in their asset report.

New Feature: Custom Binary Scan Analysis Vulnerability Reports for Facilities in PDF Format

With the addition of the Custom PDF Vulnerability Reports for Facilities feature, the user may now generate customized reports for a facility. The facility reports are customizable and allow users to select information per asset to include in their report.

New Feature: Pricing Option Usage Indicator by Number of Binary Scans or Number of Assets

With the addition to the per binary scan basis, the indicators now change to reflect which pricing model you have selected.

New Feature: Resource Usage Indicators (On-Prem, Offline VM Edition Only)

With the addition of the Resource Usage Indicators, the user may now observe the resource consumption of the ObjectSecurity OT.AI Platform on screen.

New Feature: S3 Bucket Binary File Ingress Option

With the addition of the S3 Bucket Ingress feature, the user may now upload binaries to an asset directly from an AWS S3 bucket. Connecting an S3 bucket to the ObjectSecurity OT.AI Platform allows users to create workflows to conduct analyses without manually uploading files.

Updated Feature: Analyses Progress Status Displayed for Each Active Binary Scan Assessment

With the addition of analysis progress indicators, the user has even further visibility on individual test progress. They can also re-prioritize assessments (see reordering below).

Updated Feature: Active Asset Binary Scans, Individual Binary Scans, and Assessments can be Reordered During Processing

With the addition of the queue reorder feature, the user may now reorder analyses, binary, and assessment positions in the queue after they’ve been added. This enables the user to prioritize which analyses are completed first. If a user is more concerned with one assessment finishing before another, this feature allows them to have that flexibility and control the flow of assessment completion.

Updated Feature: Offensive Binary Analysis, Deep Dive Tool, Now Supports Jump-To Functions

With the addition of the deep dive jump-to-function feature, the user can seamlessly navigate between functions and instructions in the disassembler and decompiler. The deep dive jump-to-function feature introduces the ability to leap directly between instructions in the disassembled view and their corresponding functions in the decompiled view.

New Function: CVE Table Now Supports Sort by Column

With the addition of the sort-by-column for CVEs feature, the user may now view CVE results in their chosen order. CVE results are sortable by CVE name, risk level, and product vendor.

New Feature: Weak Pointer Analysis Can Be Added to the Binary Scan Analysis Vulnerability Reports

Adding the Weak Pointers Analyses Results to Reports gives users more flexibility to create an advanced and all-encompassing vulnerability report.

New Feature: Weak Pointers Analysis Provides Confidence Score

With the addition of the Weak Pointers Analysis Confidence Score, the user now has insight into the exploitability of a given Weak Pointers path. The confidence score adds extreme value in determining if a weak pointer path is exploitable. A high confidence score indicates a Weak Pointers path is confirmed with no false positives or false negative results. 

ObjectSecurity OT.AI Platform | Beta v2.0.0 Release Notes2024-07-30T14:21:53-07:00

What’s changed with this release:

What’s New:

  1. Binary analysis now checks for encryption and other cryptographic anomalies.

  2. A total of 5 new ThreatAI tests have been added.
  3. A total of 17 new asset types have been added. Additionally, the user can now filter their analysis results by asset type.
  4. Discovered binary vulnerabilities now map to OWASP 10:2021, ISA/IEC 62443-3-3, and ISA/IEC 62443-4-2 standards frameworks.

  5. Users can now view/export server logs from the right sidebar.

What’s Updated:

  1. Binary vulnerability scoring has been updated to improve accuracy. This includes incorporating additional factors into the aggregate color score.
  2. The reason a binary was assigned a specific vulnerability color score can now be seen from the Binary Summary Base tab.
  3. Discovered dangerous functions now map to an associated CWE.

  4. CWEs viewed in the Binary Summary Panel now display a preview of the Deep Dive Page. Users can jump to where the CWE was discovered from here.
  5.  Facilities can now be edited after they have been created.
  6. Zip files are now automatically unzipped and extracted.

This update has added a number of features to enhance usability, organization, and the look and feel of the ObjectSecurity OT.AI Platform. In addition, new mapping capabilities were added.

Feature details

New Feature: Cryptographic Keys and Anomalies Analysis 

With the addition of the Cryptographic Keys and Anomalies Analysis feature, the user can now find info about cryptographic keys, program entry points, strong and weak encryption used, and hash signatures. To use this feature, click the crypto tab under binary analysis results.

New Feature: Added Asset Types 

The addition of new asset types gives the user even more flexibility to classify and organize assets within their organization.

New Feature: OWASP 10:2021, ISA/IEC 62443-3-3, and ISA/IEX 62443-4-2 Mappings

With the addition of the OWASP 10:2021, ISA/IEC 62443-3-3, and ISA/IEX 62443-4-2 mapping features, the user can now directly track their organization’s compliance with popular standards as they relate to discovered vulnerabilities. To use this feature, click the arrow to expand the dropdown and select your standard of interest.

New Feature: Download Server Logs

This feature allows the user to see the log of actions taken on their instance of ObjectSecurity OT.AI Platform.

ObjectSecurity OT.AI Platform | Alpha v2.0.0 Release Notes2024-07-30T14:25:01-07:00

Note on release

This release is an ALPHA release, and features are subject to change.

What’s changed with this release:

  1. Organization-Wide Dashboard Page: A user can see a high-level overview of their organization. This overview includes a map of facilities in the organization, a graph of vulnerable assets in the organization, a set of organization-specific metadata, and a list of most threatening binary vulnerabilities in the organization.
  2. Added a better way to view specific assets: assets now appear on the Binary Analysis Page as parents to a child set of binaries. Clicking on an asset displays it on the right-hand-side of the screen, summarizing it in detail.
  3. A user on-boarding tutorial has been added to the application, explaining how to upload, analyze, and then view binaries.
ObjectSecurity OT.AI Platform | v1.1.0 Release Notes2024-07-30T14:24:34-07:00

What’s changed with this release:

What’s New:

  1. Global binary search (search for any binary analyzed on the platform by name).

  2. Global CWE search (search for any binary analyzed on the platform by CWE discovered).

  3. Weak pointers and path-finding assessments.

What’s Updated:

  1. Improved ISA/IEC 62443-3-3 and 62443-4-2 Standard to CWE Mapping (accuracy and quantity).

  2. Improvements to our decompilation technique (modifying the decompiler used depending on the type of file uploaded).

  3. Unassessable binaries are now given additional rationale for why they are unassessable upon being clicked.

Feature details

New Feature: Global Binary Search

With the addition of the global binary search feature, the user may perform asset searches based on asset name. To use this feature, click “assets” as the search type and type the asset’s name into the search bar.

New Feature: Global CWE Search

With the addition of the global CWE search feature, the user may perform asset searches based on CWEs contained within the assets. To use this feature, click “CWE” as the search type and type the asset’s name into the search bar.

New Feature: Weak Pointers and Path-finding Assessments

With the addition of the weak pointers assessments, the user may now discover weak pointers and the paths to access those.

What are Weak Pointers and how does it contribute to OT/ICS binary analysis for vulnerabilities?

Weak Pointers is a novel binary code analysis science that automates identification of known code vulnerabilities and weaknesses, like buffer overflow.

To speed remediation of code weaknesses, the ObjectSecurity OT.AI Platform provides the path of the weakness (also known as a Weak Pointer) guiding DevSecOps and Application Security specialists to zone in directly to the problem lines of code that need to be remediated.

Once the code has been remediated, the repaired binary files can be re-uploaded to the ObjectSecurity OT.AI Platform for another round of vulnerability analysis. A green light report informs you that the code is ready for production. A yellow or red light report informs you that additional remediation is needed before committing the code to production.

Each round of binary file code analysis is recorded in the Audit Log.

ObjectSecurity OT.AI Platform | Alpha v1.1.0 Release Notes2024-07-30T13:59:48-07:00

Note on release

This release is an ALPHA release, and features are subject to change.

What’s changed with this release:

  1. Binary Analysis Page: Users can upload binary executable files for analysis. Analysis results can be viewed in a panel on the right hand side of the page.
  2. Reports Page. A binary analysis report PDF can be generated and exported here. Users can customize what vulnerabilities appear in the report.
  3. Deep Dive Page. A disassembled and decompiled view of uploaded binaries can be viewed here.
  4. OpenAPI Page. The set of backend API calls used by the application are explained here. They can also be queried.
  5. Settings Page: A user can manage all users on the server and toggle visual settings.
ObjectSecurity OT.AI Platform | v1.0.1 Release Notes2024-07-30T14:23:35-07:00

What’s changed with this release

What’s been updated:

  1. Fixed a bug wherein the custom PDF report feature was causing crashes on some older browser versions.
  2. Fixed a bug where the labels for passing Lineage Analysis assessments were written incorrectly.
  3. Fixed a bug where binary executable files with no discovered CWEs appeared unassessable.
ObjectSecurity OT.AI Platform | v1.0.0 Release Notes2024-07-30T14:19:47-07:00

What’s New – Release Notes for the most recent version of the ObjectSecurity OT.AI Platform.

Note on release

This release is a GA release.

What’s changed with this release:

What’s New:

  1. Flash alerts feature: the SUPERADMIN can now generate Flash Alerts which can be read by every user in an organization.
  2. There is now an OT vulnerability RSS feed on the Dashboard.
  3. Unassessable files are now given a reason for being unassessable: their mime-type is displayed.

What’s Updated:

  1. The Login, Pincode Login, EULA, Set Password, and Google Authentication Pages have been given an updated look and feel.
  2. ThreatAI assessments have improved accuracy: Double Free Check and Access Free Memory Check.
  3. More routes have been added to the OpenAPI page.
  4. All loading spinners now have a consistent look and size.

What’s Been Removed:

  1. The Reanalyze Asset option has been removed, as it was non-functional.

Feature details

New Feature: Flash Alerts

With the addition of the Flash Alerts feature, the super admin may now post organization-wide priority alerts. When a flash alert is posted, each user in the organization managed by the super admin will receive notice of the alert in the corner of their screen.

New Feature: National Vulnerability RSS Feed

With the addition of the National Vulnerability RSS Feed, the user may easily access the most recently published CWEs- pulled directly from the MITRE database.

New Feature: Unassessable Reasoning Specification

When binaries are deemed unassessable, more reasoning for their unassessability is provided.

ObjectSecurity OT.AI Platform | Beta v1.0.0 Release Notes2024-07-30T14:19:03-07:00

Note on release

This release is a BETA release, and features are subject to change.

What’s changed with this release:

What’s New:

  1. Facilities are now fully functional: Facilities can now be created. They have specific locations and a set of child assets.
  2. The user management page has been updated to enable the creation of multiple organizations. Each organization can be assigned admins, who can then assign general users.
  3. Users can now toggle their view between different organizations: viewing the assets/facilities/binaries in each.

What’s Updated:

  1. Assets have been refactored, greatly reducing load time.
  2. EULA accept/decline now gets sent to an audit log, and a user only has to accept the EULA once.
  3. Users can now upload many binaries at once. Additionally, the analysis progress viewer has been improved.
Go to Top