Version 10.01.00 Release Notes

Summary: High-level overview of the changes/updates included in RiskSense Version 10.01.00, released on April 23, 2021.

The RiskSense platform version 10.01.00 update includes the following features and enhancements:

• New Features

  • RS³ version 2.1

• Integrations

  • Locked Fields in ServiceNow Ticketing Connector

  • New HCL AppScan on Cloud Connector

• Automation

  • Playbook Rule Filter Protection

  • More Flexible Filtering

  • Simpler Rule Creation Process

  • New Automation Actions for Assets

• Vulnerability KB

  • APT Groups for Vulnerabilities

  • APT Group Filters

• Fixed Issues

To seek help with using our new features, receive feature documentation, and/or schedule training, please contact your Customer Success account manager directly or send a message to [email protected].

New Features

RS³ Version 2.1

This release features enhancements to the RiskSense Security Score (RS³) scoring model that will allow RiskSense to provide you with a greater level of accuracy and actionability. These enhancements focus on three indicators of extreme risk: Ransomware, Trending, and the RiskSense-curated Attack Surface system filter list. With the updated scoring system, findings with these indicators will automatically see their VRR elevated to the maximum value of 10 and appear at the top of your priority list.

Integrations

Locked Fields in ServiceNow Ticketing Connector

The ServiceNow Service Request Ticketing connector now supports locking fields in the connector configuration.

New HCL AppScan on Cloud Connector

The platform now supports the application scanner HCL AppScan on Cloud. The associated connector guide is available here.

Automation

Playbook Rule Filter Protection

When a new rule is created for a playbook, the platform may automatically revise the rule filters. Filter protection increases the efficiency of your playbooks, removing any duplicate actions and potentially decreasing the overall runtime.

More Flexible Filtering

Users can now create rules that target findings based on asset properties or that target assets based on finding properties. For example, a saved host filter can now be added to a playbook that assigns users to host findings.

Simpler Rule Creation Process

To add a new rule to a playbook, users should now define the type of action first, the filters second, and the notifications last. Choosing a source playbook is no longer required when creating a rule.

New Automation Actions for Assets

Automation can now update the business criticality or address type of an asset.

Vulnerability KB

APT Groups for Vulnerabilities

The Vulnerability KB will now show the APT (Advanced Persistent Threat) Groups associated with specific CVEs. APT Groups information will be visible under the Threats section of the Vulnerability Details and as a separate section in the detailed CVE view. The following fields are available: APT Group, Description, Origin Country, Associated Groups, Associated CVEs, Associated Threats, and Reference Links.

APT Group Filters

Two new filters have been introduced to the Vulnerabilities page: APT Group and APT Origin Country.

Fixed Issues

• Group Performance over Time will now show data for the timelines based on Resolved On date.

• Note creation API end points will now require the “filterRequest” key to precede the filter list.

• A clearer error message will now be shown to a user who tries to create a new scanner with the same name as a deleted scanner.

• Blank operating system names for hosts will now show as “Not Available” within the platform.

• The search feature for system filters now correctly presents system filters as expected.

• The RS³ infographic visible within the platform has been updated. The infographic appears in the New Features pop up and can be activated by clicking the '?' in some RS³-based widgets.

• The “greater than” and “less than” operators will now work for filters like VRR Critical Count and Total Count on the Hosts and Applications pages.

• Four New Discovered On and Ingested On columns were added back to the Hosts, Host Findings, Applications, and Application Findings list views and are also available when exporting.