Version 10.00.00 Release Notes

Summary: High-level overview of the changes/updates included in RiskSense Version 10.00.00, released on April 2, 2021.

The RiskSense platform version 10.00.00 update includes the following features and enhancements:

• New Features

  • Vulnerability Knowledge Base

  • Group By

• Dashboards

  • Custom Selection for Group Metric Widgets

• Miscellaneous Changes

  • Finding Ingestion Dates

  • Finding Discovery Dates

  • CWE Top 25 Update

  • Exportable Patch Title

  • New System Filters Added

• Fixed Issues

To seek help with using our new features, receive feature documentation, and/or schedule training, please contact your Customer Success account manager directly or send a message to [email protected].

New Features

Vulnerability Knowledge Base

The Vulnerability Knowledge Base (VULN KB) is a subscription-based add-on feature that provides detailed information and analysis on vulnerability intelligence. It is both comprehensive and actionable, presenting knowledge and insight about the latest security vulnerabilities (CVEs) and their associated weaknesses (CWEs). It provides non-contextual data independent of an organization’s environment, as well as trending data, the top exploited vulnerabilities, and an organization’s vendor and patch information.

Organizations who subscribe to the VULN KB service will have access to a user interface in the platform, including access to all RiskSense’s threat intelligence data with searching capabilities and prioritization metrics. They will also have access to the VULN KB REST API powered by RiskFusion, RiskSense’s threat intelligence database. For more information, visit the RiskSense Knowledge Base article on VULN KB.

Group By

A new addition to the Assets and Findings views, the Group By feature transforms the list into a consolidated set of rows with associated metrics in each column. This tool can be utilized to quickly aggregate information in list views according to your most important indicators, such as Asset Criticality, VRR Group, Tag, and more. Visit our Knowledge Base to view the Group By overview, usage guidelines, and frequently asked questions.

Dashboards

Custom Selection for Group Metric Widgets

The option to choose a selection of groups based on a pre-defined pattern of best (highest) or worst (lowest) RS³ has been added to the three Group Metric widgets in the configurable dashboard widget library.

Miscellaneous Changes

Finding Ingestion Dates

The dates of initial and most recent Ingestion of a Finding (i.e., the date on which a scan file is uploaded) have been added to the Host Findings and Application Findings detail panes.

Finding Discovery Dates

The dates of initial and most recent Discovery of a Finding (i.e., the date supplied by the Scanner) have been added to the Host Findings and Application Findings detail panes.

CWE Top 25 Update

The RiskSense platform has been updated to use the 2020 edition of the Common Weakness Enumeration (CWE) Top 25 list. All relevant configurable dashboard widgets and reporting templates have been updated in accordance with this new list. Both the current and previous lists are available for filtering in the platform; the CWE Top 25 Year filter allows you to choose a custom year, while the Has CWE Top 25 filter provides only the most recent set.

Exportable Patch Title

The exact Title of a patch has been added as an exportable field in the Configurable Exports wizard for the Host Findings view.

New System Filters Added

Two new System Filters, MXS Zero-Day Attack and VMWare vCenter Server Attack, have been added to the Asset and Findings views.

Fixed Issues

• Resolved a data ingestion mismatch for Application Finding fields “Location” and “Module Name” in the Code Information section of the detail pane.

• Corrected a list view header alignment issue when sorting by columns at the end of the view.

• Corrected an issue in utilizing the “Present” operator that previously returned unexpected results for some filter categories.

• The Default Landing Page drop down in the User Settings view now correctly displays each distinct System Dashboard label.

• Resolved a synchronization issue with workflows that are expiring soon; the workflow metrics filter now returns expected results.

• (Multi-client users only) Metrics on the All Clients page are reloaded correctly when the Back button is used to navigate away from a client.