Version 11.12.00 Release Notes

A high-level overview of the changes/updates included in RiskSense Version 11.12.00, released on February 18, 2022.

The RiskSense platform version 11.12.00 update includes the following features and enhancements:

For assistance with using our new features, receiving feature documentation, and/or scheduling training, please contact your Customer Success account manager directly or send a message to support@risksense.com.

New Features

Assessments Locking and History

Manual assessments now prevent users from uploading additional files by default. You can now also view the history of each assessment. Enhancements to assessments include:

  • Users can now lock and unlock assessments that they create manually. When an assessment is locked, no one can upload additional files to that assessment. Assessments created by connectors are locked.
  • The Assessments page now provides a history of when and how the assessment has been modified.
  • On the Assessments page, the Assessments Details now shows when the assessment was created, who created it, when the assessment was last updated, and who updated it. The Details section now also shows the assigned start date of the assessment and whether the assessment is currently locked or unlocked.
  • New filters on the Assessments page include “Type”, “Is locked”, “Is processing”, “Is complete”, “Created By”, “Created On”, “Last Updated By”, and “Last updated On”.

For more info, visit the Knowledge Base article on the Assessments Page.

List View Enhancements

Updated System Filters

The February “Patch Tuesday” filter was published along with updates to the System filters “CISA Known Exploited”, “Attack Surface - RS”, and “Apache Log4j”.

VRR Group Added to Findings Exports

The field “VRR Group” has been added as an export option on the Application Findings and Host Findings pages.

Finding Count Added to Host Exports

The field “Finding Count” has been added as an export option on the Hosts page.

New Sort Selected Button Added to Exports

The new Sort Selected button allows users to sort the fields that are selected near the top of the list. Unselected fields appear beneath selected fields in alphabetical order.

Integrations

Enhancements to AWS Inspector

The AWS Inspector has been renamed to AWS Inspector Classic on the Integration card, Uploads page, and Host and Host Findings pages.

Checkmarx SAST Deeplink

The Checkmarx SAST Deeplink (to the Checkmarx platform) has been moved from the Output section to the Scanner Specific Information section in the Finding Details.

Tenable Host UUID Ingestion

The Host UUID field from Tenable is now ingested as a scanner specific field and shown under Asset Details.

Fixed Issues

  • The Application Address column in the Application Findings export will now be populated.
  • The Remediation Time filter on the Host Findings and Application Findings pages no longer throws a 500 error when the user tries to query on more than one value.
  • The UrBA process previously failed to identify some Qualys WAS findings as closed. This issue has been resolved.
  • User assignments will now automatically be deduplicated. This operation enforces that a single user can only be assigned once to a finding. Deduplication of the existing assignments has also been performed.
  • The ingestion of Checkmarx data should no longer fail due to timeout errors.
  • When a user created a ticket for multiple findings, the user initially had to have access to all of the findings for the ticket connector to sync successfully with 3rd party systems. If the user lacked access to all of the findings, the ticket connector sync replaced some fields such as the Description and Summary with “N/A”. The ticket connector sync no longer requires that the user has to have access to all findings for the sync to succeed.

Known Issues

  • Assessment History entries related to data processing are duplicated within the History view.
  • In the Assessment History, the connector name and connector ID values in an entry are reversed. The name shows for the ID detail and vice versa.