Version 8.20.00 Release Notes

Summary: High-level overview of the changes/updates included in RiskSense Version 8.20.00, released on September 25, 2020.

The RiskSense platform version 8.20.00 update includes the following features and enhancements:

To help transition to our new features and schedule training, please contact your Customer Success account manager directly or send a message to [email protected]

New Features

RiskSense Security Score (RS³) Version 2

The RiskSense platform’s scoring system has been upgraded to version 2, bringing in multiple enhancements to the aggregation of vulnerabilities at the asset level, as well as introducing scoring for Applications and Application Findings. A number of changes to the platform’s list views, detail panes, and dashboards will be introduced to support this new scoring system.

Dashboards

RS³ Timeline Updates

On the Executive Dashboard, the RS³ Timeline chart has been modified to display counts of findings by their VRR category (Critical, High, Medium, Low, and Info), rather than threat counts. All asset and finding counts are now totals across both hosts and applications, collectively. In addition, a gray vertical line has been added to the timeline to indicate the date on which the new RS³ v2 algorithm has gone into effect.

Total Weaponized Hosts Added to Executive Dashboard

The “Hosts” widget on the Executive Dashboard now displays the total number of hosts in your organization, the total number of hosts with weaponized findings in general, and the number of hosts with weaponized findings which are at least 90 days old.

Integrations

Additional AWS Inspector Connector Fields

The existing AWS Inspector connector now supports ingestion of additional metadata fields. Additionally, the “Compliance Type” field is supported on ingestion of CIS Rules Package based Host Findings. These fields are visible in the respective Findings Detail Pane.

Editable Templates in AWS Inspector Connector

Users may now add or remove selected templates in the AWS Inspector connector configuration flow.

Changed AppScan Manual Parser’s Existing Field Mapping

In the Applications page, Address and Name fields are mapped with new fields based on the new AppScan file version.

Custom Query Order for ServiceNow CMDB

In the configuration of the ServiceNow CMDB connector, users may specify the number and order of queries used to fetch data from the CMDB itself, including hostname, IP address, and a custom field.

List View Enhancements

Custom List View Sorting Option Additions

The option of single column custom sorting has been added to the “IP Address” column in the Hosts and Host Findings views, as well as the “Threat Count” column in the Host Finding and Application Finding (when applicable) views.

Fixed Issues

  • Functionality of the Technician role has been restored; users of this role are able to view their appropriate Finding assignments as expected.

  • The ability of Group Managers to approve workflows they do not own has been restored; the Group Manager must have access to the associated groups for approval.

  • Host Finding and Application Finding counts on the Tags page now correctly display the corresponding Finding counts and are clickable to their respective Findings views as expected.

  • New workflows that are rejected will revert the Status and/or updated Severity of the associated findings back to their previous state.

  • Findings that have been previously reviewed by scan and mapped to a system workflow will be properly closed the next time URbA is run.

  • For assessments containing hosts with no findings and multiple scan tags, URbA will now process findings correctly and close the appropriate findings.

  • In the Aging Metrics Report, the Top 10 Vulnerabilities data in the Application Metrics section will accurately reflect all the most recent finding remediation data as of the time of report generation.

  • When a filter is applied to a user-created custom dashboard, that filter will be retained when the user navigates away from and then returns to that custom dashboard.

  • For Trending vulnerabilities related to Ransomware, all available Trending dates are now available in the Host and Host Findings filter panes.

  • Filtering for a specific Workflow ID on the Findings views now allows the entry of the # symbol into the filter view.

  • Findings identified by the Nessus scanner will display associated findings' Operating System correctly.

Known Issues

  • Host Findings associated to a Host of Internal IP address type may be missing the “Internal” label in the Asset Information section of the Host Findings detail pane; the Internal indicator icon is still visible in the IP Address column of the list view.

  • In the Findings views, sorting functionality on the “Status” and “Due Date” columns may not always be successful; filtering on these fields may be implemented as a substitute.

  • Sample Reports may not reflect the most recent additions of Application information yet; downloading a full report with your organization’s data will display all new information correctly.

  • In the Report template configuration wizard, a checkbox with the [Object object] label may be visible; this label should read “Custom description” and can be checked when a user wishes to overwrite the generic template description.

  • Multi-column sorting options that include “State” are still present on the Host Findings view and are no longer applicable with recent Workflow enhancements. These options will be removed in the future, and filtering by the new default “Status” column should be used instead.

  • In the Hosts, Applications, and Groups views, finding counts by VRR are not yet available for exporting. Support for this will be added in the near future, and finding counts by Severity continue to be available.