A number of improvements have been made to the Puppet Report Viewer add-on for Splunk since it was initially released. The most notable changes added in version 3.1 of the add-on are the tracked metrics, allowing for better troubleshooting of performance issues in your Puppet installation.

I’m excited to share Puppet’s increased commitment to government agencies through a new relationship with Carahsoft. Through this relationship, Puppet, the industry leader in infrastructure automation, will increase its availability of Puppet Enterprise on preferred government purchasing vehicles, like the General Services Administration (GSA) Schedule 70, NASA SEWP, and a number of other federal, state, and local contracts.

It’s Cyber Security Awareness Month, and many IT professionals are being haunted by the thought of gearing up for a security and compliance audit. Preparing for an IT audit can take months of planning. It can be time-consuming, uncomfortable, and stressful. Guess what else takes a long time and can be uncomfortable and stressful? Creating a human!

It seems that virtually every day, another threat to cybersecurity presents itself. In response to this ongoing concern, the Australian Cyber Security Centre has developed prioritized mitigation strategies, in the form of the Strategies to Mitigate Cyber Security Incidents, to help organizations protect themselves against various cyber threats.

Since we launched Puppet Comply last year, we’ve been working hard to build out the solution’s capabilities so that we can provide our customers with more options in implementing a continuous compliance program, and become more proactive and efficient in how they manage compliance. A key activity in any strong continuous compliance program is remediation.

Yet another Puppetize Digital is in the (online only) books. Our second annual virtual conference drew attendees from around the globe, bringing together the people at the center of automation. If you weren’t able to attend this year’s event live, worry not! You can watch the entire conference on-demand here. Read on for Puppetize highlights!

Apache has disclosed a critical actively exploited path traversal flaw in the popular Apache web server, version 2.4.49. This path traversal means that an attacker can trivially read the contents of any file on the server that the Apache process has access to. This could expose highly sensitive information, even as critical as the server's own private SSL certificates. See the Sonatype blog for more technical information on the vulnerability.

It can be challenging to manage enterprise infrastructure across hybrid cloud and on-premises environments with accurate and timely tracking asset details — especially if you don't know what you have. The more systems deployed, the more visibility is necessary for your IT operations teams to meet critical business Service Level Agreements successfully.

Hi, it’s me... Back again with something exciting: Puppet’s new Compliance Enforcement Modules, or CEMs. We’ve been working on some pretty cool stuff since we launched Puppet Comply last year. Lots of great feedback has come in, and we’re thankful for every opportunity we get to show our customers how we can help. This feedback comes in many forms, but one of the things we’ve heard time and time again is that achieving compliance is still hard.

The Forge team at Puppet has been hard at work for the past few months building out a malware scanning framework in order to help folks be more proactive about their security posture. Now, to be clear, this doesn't replace your own security mitigations. You should still audit untrusted code. You should still run your own virus protections. There are many layers in a robust security profile, and this is only one of them.