High-level overview of the changes/updates included in RiskSense Version 10.04.00, released on June 11, 2021.
The RiskSense platform version 10.04.00 update includes the following features and enhancements:
- List View Enhancements
- Miscellaneous Changes
To seek help with using our new features, receive feature documentation, and/or schedule training, please contact your Customer Success account manager directly or send a message to email@example.com.
List View Enhancements
System Filter Updates
The “Attack Surface - RS”, “Fortinet FortiOS Attack”, and “vCenter Server Attack” system filters have been updated with new vulnerability mappings. A new system filter called “DarkSide Ransomware” has been introduced to cover the vulnerabilities associated to DarkSide.
Threat Section Updates
The threat section of the detail pane has been refreshed for easier navigation and greater organization of the threats associated with a finding. The threats have been organized into three sub-sections: Exploit, Malware, and/or Default Credentials. The Category field will now show a more refined threat label, such as Remote Code Execution (RCE). In addition, the “Severity” and “Details” fields have been removed from the threat section, while “Source” has been renamed to “Attribute To” and “Link” has been renamed to “Resources”.
New Credentialed Scan Field
For users of the Nessus scanner, a new field called “Last Credentialed Scan” has been introduced, along with a corresponding filter and export entry. It is visible in the Hosts page and detail pane and captures the most recent date provided by Nessus when the Credentialed Scan field is true.
New Application Trending Filters
Three new trending filters have been introduced to the Application model: “Has Trending Threats” and “Has Trending Vulnerabilities” filters on the Applications page and “Has Trending Vulnerabilities with Ransomware” filter on the Application Findings page.
Update Hostname/IP Address Fields
For an IP-based network, the hostname will be updated with each new upload if it has changed. Similarly, for a Hostname-based network, the IP address when changed for each upload will also be updated.
Security Code Page Updated
When selecting the “Remember this Computer and IP”, there is an information icon that displays “This setting is determined by the clients that you have access to”.
On the host findings search endpoint the “parserUploadFileData” attribute will be deprecated. Swagger will display the following message: “As of June 11, 2021, we will be deprecating parserUploadFileData attribute from the detail projection of this endpoint. If you are using this attribute, you can contact support for more information at firstname.lastname@example.org.”
Ticket Sync States Field
This is now a required field for the following integrations: SNOW Incident, SNOW Service Request, Jira, and BMC. RiskSense will only send updates to tickets in the user selected states (external ticketing system).
Qualys Plugin Output Updates
The Plugin Output will now reflect data from the most recent Qualys scan file with each new ingestion.
- The ability to Copy a Custom Dashboard has been restored when clicking the “Save As” button.
- The “Last Login” filter will now populate expected results before or after the specified date.
- Patches will only be populated on the Patches page if there are affected assets mapped to them.
- CMDB Unique ID filter will now return the expected hosts that match the value provided.
- When a user tries to change the network of a host or application, the Target Network cannot be blank or non-existing; the field will now reject invalid entries.
- When updating the name of a group, all findings associated to the group will be updated accordingly.
- The Upload Status of a file will change to the Data Updates Completed when the parsing files state is completely finished.
- Findings with content above 30K characters are now being ingested into the platform correctly.
- When deleting a connector with past uploads, the upload history will be retained as expected. Uploads associated with a deleted connector will have a blue icon, stating "Failed to fetch container info".