Version 10.04.00 Release Notes

Summary: High-level overview of the changes/updates included in RiskSense Version 10.04.00, released on June 11, 2021.

The RiskSense platform version 10.04.00 update includes the following features and enhancements:

• List View Enhancements

  • System Filter Updates

  • Threat Section Updates

  • New Credentialed Scan Field

  • New Application Trending Filters

  • Update Hostname/IP Address Fields

• Miscellaneous Changes

  • Security Code Page Updated

  • Deprecation Notice

  • Ticket Sync States Field

  • Qualys Plugin Output Updates

• Fixed Issues

To seek help with using our new features, receive feature documentation, and/or schedule training, please contact your Customer Success account manager directly or send a message to [email protected].

List View Enhancements

System Filter Updates

The “Attack Surface - RS”, “Fortinet FortiOS Attack”, and “vCenter Server Attack” system filters have been updated with new vulnerability mappings. A new system filter called “DarkSide Ransomware” has been introduced to cover the vulnerabilities associated to DarkSide.

Threat Section Updates

The threat section of the detail pane has been refreshed for easier navigation and greater organization of the threats associated with a finding. The threats have been organized into three sub-sections: Exploit, Malware, and/or Default Credentials. The Category field will now show a more refined threat label, such as Remote Code Execution (RCE). In addition, the “Severity” and “Details” fields have been removed from the threat section, while “Source” has been renamed to “Attribute To” and “Link” has been renamed to “Resources”.

New Credentialed Scan Field

For users of the Nessus scanner, a new field called “Last Credentialed Scan” has been introduced, along with a corresponding filter and export entry. It is visible in the Hosts page and detail pane and captures the most recent date provided by Nessus when the Credentialed Scan field is true.

New Application Trending Filters

Three new trending filters have been introduced to the Application model: “Has Trending Threats” and “Has Trending Vulnerabilities” filters on the Applications page and “Has Trending Vulnerabilities with Ransomware” filter on the Application Findings page.

Update Hostname/IP Address Fields

For an IP-based network, the hostname will be updated with each new upload if it has changed. Similarly, for a Hostname-based network, the IP address when changed for each upload will also be updated.

Miscellaneous Changes

Security Code Page Updated

When selecting the “Remember this Computer and IP”, there is an information icon that displays “This setting is determined by the clients that you have access to”.

Deprecation Notice

On the host findings search endpoint the “parserUploadFileData” attribute will be deprecated. Swagger will display the following message: “As of June 11, 2021, we will be deprecating parserUploadFileData attribute from the detail projection of this endpoint. If you are using this attribute, you can contact support for more information at [email protected].”

Ticket Sync States Field

This is now a required field for the following integrations: SNOW Incident, SNOW Service Request, Jira, and BMC. RiskSense will only send updates to tickets in the user selected states (external ticketing system).

Qualys Plugin Output Updates

The Plugin Output will now reflect data from the most recent Qualys scan file with each new ingestion.

Fixed Issues

• The ability to Copy a Custom Dashboard has been restored when clicking the “Save As” button.

• The “Last Login” filter will now populate expected results before or after the specified date.

• Patches will only be populated on the Patches page if there are affected assets mapped to them.

• CMDB Unique ID filter will now return the expected hosts that match the value provided.

• When a user tries to change the network of a host or application, the Target Network cannot be blank or non-existing; the field will now reject invalid entries.

• When updating the name of a group, all findings associated to the group will be updated accordingly.

• The Upload Status of a file will change to the Data Updates Completed when the parsing files state is completely finished.

• Findings with content above 30K characters are now being ingested into the platform correctly.

• When deleting a connector with past uploads, the upload history will be retained as expected. Uploads associated with a deleted connector will have a blue icon, stating "Failed to fetch container info".