On October 7th we released a new Enterprise Alert version, version 8.5.1. Included in this release are the following enhancements:
- Enhanced retrieval of HP OMi Events
- Updated REST API retrieval of event data
- SMTP Server updates
- Enhanced Backend Security
Enhanced retrieval of HP OMi Events
With HPOMi now Microfocus OBM being that widespread in onsite hosted environments for critical IT infrastructure we made sure to implement changes to our HPOM/OBM Module to make sure that our Module will be able to handle even extreme amounts of events to make sure critical incidents are quick and reliably handled and when necessary persistently escalated to the right person at the right time.
Updated REST API retrieval of event data
The REST API is designed for super-easy integration with an abundance of 3rd party applications. Use HTTP POST with any JSON/XML/text body that holds event details/parameters to submit an event to Enterprise Alert. We identified that certain timestamps were not being recognized in certain formats. Specifically, if an invalid timestamp date was submitted. We have expanded the tolerance level and now values such as 0001-01-01T00:00:00Z will be accepted.
SMTP Server Updates
Even with the SMTP server being part of Enterprise Alert from the very first iteration we continue to improve on it wherever necessary. In this release, we improved on the handling of special characters if a message is sent in a specific encoding. Thus making sure that Enterprise Alert can continue to reliably alert on emails even when the formatting is a little off.
Enhanced Backend Security
Security is of course a very high priority in any software. We have further locked down the ability for javascript to execute when inserted in certain places. Now, Team Titles, Tenant details, and the Messenger function are coded as plain text and prohibits external formatting which would allow for malicious scripts to run.
Whenever an attacker is trying to access a system the Username and Password are the first hurdles. We have secured the password reset functionality to now hide whether or not the username is correct or not. The user must now be certain that the username is correct in order to reset the password and the Web Portal will give no indication of this.
We have masked the username and password displayed in the connection string used to connect Enterprise Alert to the backend database.