Version 11.06.00 Release Notes

Summary: A high-level overview of the changes/updates included in RiskSense Version 11.06.00, released on November 19, 2021.

The RiskSense platform version 11.06.00 update includes the following features and enhancements:

• Vulnerability KB Enhancements

  • Associated Plugins Section

• Integrations

  • Cherwell Ticketing Connector Integration

• Dashboards

  • Configurable Time Ranges for Overdue Findings Widget

• Miscellaneous Changes

  • ServiceNow CMDB Connector Form

  • CrowdStrike and Qualys Domain Filters

  • ServiceNow Incident Connector Enhancements

  • Checkmarx SAST Findings

  • No or Limited Filters Support Icon

• Fixed Issues

• End-of-Life Notice - Widgets

For assistance with using our new features, receiving feature documentation, and/or scheduling training, please contact your Customer Success account manager directly or send a message to [email protected].

Vulnerability KB Enhancements

Associated Plugins Section

In the Vulnerabilities detailed pane, the Associated Plugins section has been introduced for showing the list of associated plugins with each CVE. This covers Qualys, Nessus, and Nexpose plugins only. This section is also available on the CVE detail page.

Integrations

Cherwell Ticketing Connector Integration

An API connector has been added for the Cherwell Ticketing system. This connector allows the users to create tickets from RiskSense to Cherwell. The following ticket types are supported—Incident, Change Request, and Problem. Refer to the Cherwell Service Management Connector Guide for more information.

Dashboards

Configurable Time Ranges for Overdue Findings Widget

The widget Overdue Findings now has configurable time ranges. Users must pick at least two options from 1, 7, 14, 30, 45, 60, 90, 120, and 180 days.

Miscellaneous Changes

ServiceNow CMDB Connector Form

Under the RiskSense mapping dropdown, the following scanner-specific fields will be available Qualys Host Id (QG_hostId), Tenable UUID, Nexpose Device Id, CrowdStrike Agent Id, and Expanse Asset identifier. The same field from the RiskSense dropdown can be mapped to one or more fields in ServiceNow CMDB.

CrowdStrike and Qualys Domain Filters

In the Host Findings list view, there is a filter called Domain. It has been renamed to CrowdStrike Domain, and a new filter is introduced as Qualys Domain. Both are specific to each scanner CrowdStrike and Qualys, respectively.

ServiceNow Incident Connector Enhancements

• More Plugin Information in ServiceNow Incident Tickets: A ServiceNow Incident ticket on one or more findings now contains information about each scanner plugin. These fields include the scanner, plugin ID, title, description, VRR, and vulnerabilities associated with the plugin. If the ticket is associated with a single finding, the ticket also includes asset information. Users can choose to provide a custom Title and Summary for the ticket or to populate these fields with plugin information automatically.

• Additional ServiceNow Incident Connector Configuration Fields: The ServiceNow Incident Connector now includes configurations for Tag Type and SLA Date. If the ticket is associated with more than one finding, the earliest due date applied among those findings would be listed as the SLA Date on the ticket.

Checkmarx SAST Findings

In the output section, DeepLink is now for Checkmarx SAST findings. This field contains a link that refers to the Checkmarx instance.

No or Limited Filters Support Icon

Added "no or limited filters support icon" for the Open Findings over Time widget.

Fixed Issues

• The Findings Due Calendar widget will show the count of open findings only.

• For Nessus Policy Compliance findings, if the Test Status is reporting a finding as Failed, then it will be marked as OPEN on the Host Findings page.

• For Nexpose connector - under the Scanner Specific Information section, if the Site Name field exceeds a certain limit, then a tooltip will be available to view the entire content.

• The width of the Create Ticket popup has been increased to accommodate lengthy connector names/texts.

• The Edit functionality in the Managed Observation popup will be disabled for findings that are generated from system-owned scanners.

• In the ServiceNow CMDB connector form, under the RiskSense mapping dropdown, the standard asset identifiers will be available. The fields include EC2 identifier, NetBIOS, IP address, hostname, FQDN, DNS, and MAC address.

• In the Generic Uploader, the Description field will handle the new line delimiters / n and / r in both Hosts and Applications.

End-of-Life Notice - Widgets

Some of the widgets in older formats will be removed from the platform with the last release of the year (EOL). Check out the End-of-Life (EOL) Communication — Q4 2021 EOL Widgets article for more information about the EOL widgets.

The following widgets now have the Q4 2021 EOL category:

• Host Findings Discovered vs. Resolved (2 widgets)

• Host Findings by IP Type (2 widgets)

• Findings by Priority

• Host Findings by VRR

• Host Findings by Severity

• Open Host Findings Funnel

• Closed Host Findings Funnel

• Recent Host Findings by Status (2 widgets)

• Host Findings over Time

• Open Findings over Time

• RiskSense Security Score (RS³) Timeline

• Recent Weaponized Host Findings (<30D)

• Recently Resolved Host Findings with Threat (<30d)

• Newly Discovered Host Findings with Threat (<30d)

• Open Host Findings with RCE/PE Exploits

• Open Host Findings with RCE or PE (Assigned)

• Open Host Findings with RCE or PE (Unassigned)

• Open Host Findings with Threat

• Closed Host Findings with Threat

• Weaponized Host Findings