Version 11.03.00 Release Notes

Summary: A high-level overview of the changes/updates included in RiskSense Version 11.03.00, released on September 24, 2021.

The RiskSense platform version 11.03.00 update includes the following features and enhancements:

• Integrations

  • Update Plugin Information upon Ingestion

  • Qualys VMDR Connector Enhancements

  • AWS Inspector Parser Updates

  • Remove Organization from SonarQube Connector

  • ServiceNow Incident Connector Form Updates

• SLA

  • SLA Time Reference based on Assigned On Date

• Miscellaneous Issues

  • New Group By Option

  • System Filters Updates

  • Workflow Popup

• Fixed Issues

For assistance with using our new features, receiving feature documentation, and/or scheduling training, please contact your Customer Success account manager directly or send a message to [email protected].

Integrations

Update Plugin Information upon Ingestion

For all application scanners, RiskSense will automatically update the following fields during each ingestion of a new scan file: Title, Severity, Scanner Reported Severity, Description, Solution, Output, Request, Response, and any plugin-related information.

Qualys VMDR Connector Enhancements

New options have been added to the existing Qualys connector. Now users can:

• Create assets that do not have vulnerabilities.

• Ingest tag information associated with assets from Qualys.

• Ingest Qualys Information Gathered plugins and indicate custom plugins to process.

• Filter assets based on the Qualys Asset Groups. (The user can whitelist the groups that RiskSense is allowed to ingest or blacklist specific groups.)

Click the link to view the Qualys VM/VMDR Connector Guide.

AWS Inspector Parser Updates

Currently, RiskSense reads the publicIp field from AWS Inspector and maps it to the RiskSense IP Address field. However, there are cases where publicIp will be empty. So, the AWS Inspector parser will fall back to privateIP when publicIp is not available.

Remove Organization from SonarQube Connector

Since SonarQube has deprecated the organization field in their latest fix version, RiskSense APIs will no longer depend on the organization key for pulling files from SonarQube. This has been handled both at the connector and parser end.

ServiceNow Incident Connector Form Updates

SysID was part of Unsupported Fields in the ServiceNow Incident connector form. With the recent versions of ServiceNow, the SysID field is added as required/mandatory in the Incident table. So, this field will no longer be part of Unsupported fields, and special handling has been performed.

SLA

SLA Time Reference based on Assigned On Date

First Assigned On has been added as an SLA Time Reference option. If the user chooses this configuration, the system sets a due date based on the date that a finding is first assigned to a user. Only findings assigned after this release will be considered; the system will not retroactively apply due dates to findings already assigned to users. For more information, see the SLA documentation.

Miscellaneous Issues

New Group By Option

Last Ingested On has been added as a Group By option on the Applications and Application Findings pages.

System Filters Updates

44 CVEs have been added to the Attack Surface - RS system filter on the Assets, Findings, and Vulnerabilities pages. Additionally, the Active Ransomware - RS system filter has been added to the Applications page.

Workflow Popup

If the user chooses a compensating control in the Workflow popup, this drop-down has a new option named Deemed not exploitable on both Host Findings and Application Findings pages.

Fixed Issues

• The user who most recently enabled the Remediation SLA or Playbook is the person whose username will appear on the Jobs page.

• Only selected columns will be exported in the All Clients page, and the All columns option will also work as intended.

• The following issues with merging assets have been addressed:

  • User assignments will be retained if the source host's findings are carried forward to the merged host.

  • If the source host and target host have the same plugins, the user assignments of the source host will be carried forward to the findings in the target host.

  • The Finding History pop-up will mention new assignments for the findings in the target host.

• Users with usernames greater than 128 characters will no longer see an error if they save custom dashboards.

• When the user has a default landing page set to Dashboards/Last Viewed Dashboard, they will no longer see the Executive Dashboard when they first log into the platform. Instead, they will see their Default dashboard. As they browse the platform, they can return to their most recently viewed dashboard by pressing the Home button.

• The Create Finding option using Select All will retain the applied filters. The Create request now includes a filter request, so the newly created finding is only applied to the filtered set of assets.

• In the Qualys Network file, the last discovered on date will start populating at the finding level, and it has been mapped to the LAST_UPDATE field from Qualys.

• Invalid date format and special characters in the request/response have been handled for the Qualys WAS scanner.

• The following changes were made for SLA:

  • If an SLA is not found on an asset or group, then 30-Day Performance and Overdue Performance metrics for an asset or group will be hidden in the UI.

  • The SLA name filter will be available on both the Hosts and Host Findings pages. Also, on the SLA Playbook page, under SLA Impact, the Open findings count will be available.

  • The performance bars will be hidden when no SLA or due dates are present on the findings, and in the cases where due dates are present, whether set by SLA/set manually/set by a playbook, the performance bars now show up.