A high-level overview of the changes/updates included in RiskSense Version 11.01.00, released on August 20, 2021.
The RiskSense platform version 11.01.00 update includes the following features and enhancements:
- List View Enhancements
- Vulnerability KB
- Miscellaneous Changes
- Fixed Issues
For assistance with using our new features, receiving feature documentation, and/or scheduling training, please contact your Customer Success account manager directly or send a message to firstname.lastname@example.org.
List View Enhancements
New Group By Options
This release includes the following new Group By options:
- Assessment Name has been added to the Hosts, Host Findings, Applications, and Application Findings pages.
- Scanner Reported Severity, the risk level that the scanner assigns to the vulnerability, and VRR, RiskSense’s numerical risk rating for each finding, have been added to the Host Findings and Application Findings pages.
- Last Discovered On and Last Ingested On have been added to the Hosts and Host Findings pages.
New Severity Filter
The filter Scanner Reported Severity with Scanner has been added to the Host Findings and Application Findings pages. It shows the scanner name in conjunction with the Scanner Reported Severity; this filter has been added to support the corresponding Group By on Scanner Reported Severity.
Open Ransomware Filter for Applications
The Has Open Ransomware filter has been added to the Applications page.
New System Filters
All Host system filters have been added to the Applications page. CVE-2021-35211 has been added to the system filters for SolarWinds Attack Surface. Additionally, the Fortinet system filter on the Hosts, Host Findings, Application, and Application Findings pages has been renamed to Fortinet Attack Surface and now includes CVE-2021-32589.
User Filtering Options
The Users page now has quick filters for client ID, user name, and user role.
Palo Alto Xpanse Expander Integration
An API connector has been added for the Palo Alto Xpanse Expander network scanner. This connector populates assets as hosts into a MIXED network.
MIXED Network Tenable Identifiers
The Tenable UUID will be ingested by the Tenable.io, Tenable.sc, and Nessus scanners and displayed as the Tenable UUID within the Host Details pane. Users can also search for specific assets with the new Tenable UUID filter. If assets discovered by a Nessus scanner are placed into a MIXED network, the Tenable UUID will be used as one of the asset identifiers. By default, the Tenable UUID takes the higher precedence. Users can override this precedence with any of the existing asset identifiers.
Finding-level SLA Notifications
Users now see notifications in the Host Findings and Application Findings detail panes regarding a finding’s SLA history. These new notifications show if the containing asset’s governing SLA is deleted or if a finding’s due date was not set by its containing asset’s governing SLA.
Public API Endpoints
SLA endpoints are now part of the public RiskSense API.
Both the Vulnerabilities and Weaknesses pages now have the Has Trending Threats filter.
- Users can now set their default dashboard or most recently viewed dashboard as their Home/default landing page through User Settings. If the user has selected the most recently viewed dashboard as their landing page, they will see the Executive dashboard when they first log into a client.
- Users may see less lag if they load the Host Findings or Application Findings pages with the Finding Footprint column enabled.
- When adding groups to an SLA, a user will continue to see more suggestions even if they have already added more than 10 groups.
- A user is no longer automatically unassigned from findings if they lose access to a group. User assignments persist as long as the user has access to at least one group that contains the asset.
- If a user saves a widget configuration through the 3-dot options menu, they will see their changes if they refresh the page or if they use the Back button to navigate back to Dashboards.
- A user with the Security Analyst role can successfully add a manually created vulnerability to more than one application at once on the Applications page.
- Users should no longer have issues setting up the SonarCube Connector.
- Users can no longer use the API to change the name of the Remediation SLAs playbook.
- Users will no longer see a snack bar error when creating or deleting the Default SLA.
- The SLA Details now shows the correct number of assets updated after it executes.
- The Playbooks view and the Rules view now show the same Last Updated On timestamp.
- Playbooks can now correctly be sorted by the Last Updated On and Last Run On columns.
- If a user with the Security Analyst role removes a finding from an assessment, that assessment will no longer show up in the Observations section of the Finding details or in the filter suggestions for that finding.