High-level overview of changes/updates included in RiskSense Version 8.16.01, released on April 17, 2020.
The RiskSense platform Version 8.16.01 update includes the following features and enhancements:
- New Integrations
- Instantaneous Connector Sync
- Dashboards and Reporting
- List View Enhancements
- Miscellaneous Changes
Fortify SCA and WebInspect Manual Upload Support
Upload of Fortify SCA/Fortify Web Inspect scanned files in .fpr format is now supported as part of our integration with Fortify SAST and DAST products.
Fortify SSC Connector Enhancements
Fortify SSC is used for processing the .fpr files (scanned results) generated by both Fortify SCA and Fortify Web Inspect. We already support API based integration for Fortify SSC in the RiskSense platform. As part of this release, we have added an affected code snippet for each SAST finding and metadata information like probability, likelihood, and references are added as well for both DAST and SAST.
Aqua Security Manual Upload Support
This release adds support for the ingestion of manually exported Aqua scan files following the addition of Aqua Security connector integration support in the previous release.
Instantaneous Connector Sync Option
An instantaneous sync option has been added to most of the API based connectors (with the exception of Veracode). For each configured connector, a new Sync button has been added which triggers a connector run instantaneously when clicked.
Dashboards and Reporting
Dashboard Settings Improvement: With the release of the new navigation menus, users could use the Home button to return to the most recently viewed dashboard if they had selected Dashboards at the default landing page. In this release, users will also see their most recently applied settings as well. These settings include dashboard filters and alternate views of data such as daily or quarterly timelines of findings discovered or resolved. If users prefer another default landing page over Dashboards, they should use the back button to load previously applied settings.
New Widget: With this release, users will have access to the widget Open Host Findings over 30 Days. This widget shows the number of open findings on the organization’s network every day over the previous month, the current month, or the last 30 days.
List View Enhancements
In the Applications view, the access type of the application’s address is now shown as an icon in the Address column. The default access type for an application is External. Users may update the access type, as well as the asset criticality, by selecting one or more applications and choosing the appropriate action under the More menu.
In the Application Findings view, the access type of the associated application is also shown in the Web Application column. Additionally, the associated application’s access type, as well as its asset criticality, can be seen in the Application Findings detail pane under the recently added Asset Information section.
The URL designating what part of an application finding is associated with has been renamed to Location. This change can be seen in the Application Findings list view in a renamed column, under the Asset Information and Finding Footprint sections of the detail pane, and a renamed filter category.
In the Host Findings view, we are continuing to standardize the “Risk” of findings using the term “Vulnerability Risk Rating (VRR)”, and so have renamed the Risk column in this view to be VRR. Note that the name of the filter category remains as Risk Rating. In addition, the color bar on each finding reflects the VRR of that finding, rather than its Severity. The color bar is now anchored to the VRR column and will move along with it when reordered.
In the Patches view, the detail pane now displays the Patch Description when such information is provided by scan data. The section will only appear when patch description data is present.
Additional ServiceNow Ticketing Fields: The following new fields will be now included in the host and application findings attachments to tickets created for ServiceNow Generic Connector or ServiceNow Incident Connector.
New Host Findings Fields
Scanner ID ( Plugin ID )
New Application Findings Fields
Scanner ID ( Plugin ID )
Rapid7 Continued Support: Rapid7’s NTO6 scanner has been updated and renamed to “AppSpider”. We continue to support manual file upload for this scanner and have updated the associated card in the Integrations view.
RiskSense Generic Upload: The Generic Upload feature can be accessed in the platform as a standard scanner card on the Integrations view. Generic upload supports CSV and JSON file types.
New Filters: The following filters have been added with this release.
Host Findings: Trending Vulnerabilities with Ransomware Threat
Hosts: Open Ransomware Trending Vulnerabilities
Hosts: Plugin Title
Patches: Plugin Title
Users Page: Occasionally, the fields “Current Authority” and “Current Expiration Date” may appear as blank in the Users Page of the Client settings. In this instance, the user with the missing information need only log in to the platform, and this table will then populate.
Assessments Page: The Assessments list view is now sorted by default on the start date of the assessment, starting at the most recent date and going backward in time. Users may still switch to sorting according to the assessment name if desired using the sorting drop-down.
New System Filters: Whenever RiskSense publishes a new system filter, users are notified via a blue “New” badge next to the name of the filter in the relevant list views. Newly published system filters now appear at the top of this list for easy access.
The release addresses issues with URBA findings AWS ECR JSON generic uploads.
The filter name on the Patches page for identifying patches associated with trending vulnerabilities has been updated to Trending Vulnerabilities.
The Most Recently Identified Services section of the Host detail pane has been updated to remove duplicate entries.