A number of improvements have been made to the Puppet Report Viewer add-on for Splunk since it was initially released. The most notable changes added in version 3.1 of the add-on are the tracked metrics, allowing for better troubleshooting of performance issues in your Puppet installation.

I’m excited to share Puppet’s increased commitment to government agencies through a new relationship with Carahsoft. Through this relationship, Puppet, the industry leader in infrastructure automation, will increase its availability of Puppet Enterprise on preferred government purchasing vehicles, like the General Services Administration (GSA) Schedule 70, NASA SEWP, and a number of other federal, state, and local contracts.

It’s Cyber Security Awareness Month, and many IT professionals are being haunted by the thought of gearing up for a security and compliance audit. Preparing for an IT audit can take months of planning. It can be time-consuming, uncomfortable, and stressful. Guess what else takes a long time and can be uncomfortable and stressful? Creating a human!

It seems that virtually every day, another threat to cybersecurity presents itself. In response to this ongoing concern, the Australian Cyber Security Centre has developed prioritized mitigation strategies, in the form of the Strategies to Mitigate Cyber Security Incidents, to help organizations protect themselves against various cyber threats.

Since we launched Puppet Comply last year, we’ve been working hard to build out the solution’s capabilities so that we can provide our customers with more options in implementing a continuous compliance program, and become more proactive and efficient in how they manage compliance. A key activity in any strong continuous compliance program is remediation.

Yet another Puppetize Digital is in the (online only) books. Our second annual virtual conference drew attendees from around the globe, bringing together the people at the center of automation. If you weren’t able to attend this year’s event live, worry not! You can watch the entire conference on-demand here. Read on for Puppetize highlights!

Apache has disclosed a critical actively exploited path traversal flaw in the popular Apache web server, version 2.4.49. This path traversal means that an attacker can trivially read the contents of any file on the server that the Apache process has access to. This could expose highly sensitive information, even as critical as the server's own private SSL certificates. See the Sonatype blog for more technical information on the vulnerability.