Version 8.21.00 Release Notes

High-level overview of the changes/updates included in RiskSense Version 8.21.00, released on October 9, 2020.

The RiskSense platform version 8.21.00 update includes the following features and enhancements:

To help transition to our new features and schedule training, please contact your Customer Success account manager directly or send a message to support@risksense.com.

Dashboards

Remove Icon Appears in Edit Mode

Widgets can be deleted in Dashboard edit mode by clicking the “x” in the top right-hand corner without activating the three-dot click menu.

Integrations

New Snyk API Connector

An API connector for Snyk Reporting API has been added to the platform under Integrations. For instructions on how to use the connector, view the Snyk Connector Guide.

New Rapid7 AppSpider API Connector

An API connector for Rapid7 AppSpider has been added to the platform under Integrations. For instructions on how to use the connector, view the Rapid7 AppSpider Connector Guide.

New Manual Upload for Tanium

A manual upload option for Tanium has been added to the platform under Integrations. For more information on how to upload Tanium data, view the Tanium Connect Manual Upload Guide.

  • Multiple IP Addresses can be mapped to a single Hostname and can be found under the Asset Details section in the detail pane.

List View Enhancements

New Multi-Column Sorting Options Added to Applications Page

Applications are sorted by their corresponding RS³ by default with two new multi-column sorting options on the Applications Page.

New Multi-Column Sorting Options Added to Application Findings Page

Vulnerability Risk Rating (VRR) and Criticality can be used to sort Application Findings with four new multi-column sorting options on the Application Findings page.

New Exportable Fields Added to Host Findings and Application Findings Pages

Host ID, Application ID, Patch ID, Possible Solutions, and Possible Patches are new exportable finding fields. Host ID and Application ID are also new exportable asset fields from the findings pages.

New Criticality and Address Type Pop-Ups Added to Hosts and Applications Pages

The ability to set or modify an asset’s Criticality or Address Type is now available on the Hosts and Applications pages under the More drop-down menu.

Recently Added System Filters

We continue to support the recently added system filters on the Workflow, Host, Host Findings, and Application Findings pages, which can be found in the filter pane. A few system filters that were recently added to the Hosts, Host Findings, and Application Findings Pages include:

  • CVE-2020-1472: Zerologon
  • CVE-2019-19781: Citrix Application Delivery Controller (ADC)
  • CVE-2019-11510: Pulse Connect Secure
  • MS12-027: Microsoft Office Common Controls (CVE 2012-0158)
  • CVE-2018-8453: Windows Win32k components

Identity & Access Management (IAM)

IAM Feature Release Preparation and Information

In preparation for the future Identity and Access Management (IAM) feature release, which includes Role-Based Access Control (RBAC) capabilities, the following changes were made.

  • The technician role is no longer an option when creating new users or modifying the role of an existing user.
  • There is now an in-platform notification (top snack bar) message upon login and when navigating to the Users page. These notify users of the future transition of existing roles to the new system.

For more information on IAM, click here. If you are interested in the role transitions, click here.

Fixed Issues

  • A broken trigger involving CWE mappings and trending information has been fixed for the calculation of Application RS³.
  • The ability to deprecate or remove columns from a list view will not be reset when settings are saved has been restored.
  • Fortify’s severity scale from 0 to 5 has been normalized to a scale from 0 to 10 of RiskSense severity.
  • RS³ will be recalculated when approved workflows have expired.
  • The ability to export Application Finding data in XLSX format has been restored.
  • VRR CHMLI columns are exportable asset fields from the Hosts, Applications, Host Findings, and Application Findings pages.
  • On the Hosts and Applications pages, when an assessment name is edited, the Assessment Name filter will display the updated name as an optional value.
  • The Internal/External field is visible in the Host Finding Detail pane for internal assets under the Asset Information section.
  • Address Type is an exportable asset field from the Hosts page.
  • Access Type has been renamed to Address Type, indicating whether an asset is internal or external on the Hosts and Applications pages.