Version 9.00.00 Release Notes
Summary: High-level overview of the changes/updates included in RiskSense Version 9.00.00, released on November 20, 2020.
The RiskSense platform version 9.00.00 update includes the following features and enhancements:
To seek help with using our new features, receive feature documentation, and/or schedule training, please contact your Customer Success account manager directly or send a message to [email protected].
RiskSense now provides administrators with more fine-grained control over each user’s access to organizational vulnerability data and RiskSense vulnerability management, reporting, and automation features. The new Identity Access and Management feature replaces the current level-based role system that uses Technician, User, Group Manager, and Manager. RiskSense now provides foundational and supplemental roles that align with common user personas or job small functions within the platform. Users with the appropriate privileges also can define their own roles. For more information, see Identity and Access Management: Overview.
When an asset is ingested into the RiskSense platform and exactly zero findings (open or closed) are associated with that asset, it is automatically exempt from receiving an RS³ and does not contribute to any group or organizational scores. Users with the correct permissions can now override this and intentionally assign an RS³ to such assets, if desired. For more information, see Asset Metric Exclusion.
Users can now export information from the Patches page. Asset, Finding, and Patch fields are included in the configurable template configuration.
In the Groups detail pane, separate host-based and application-based RS³ values for each group have been added to indicate each group’s security posture against these two types of risk.
The AppSpider scanner now only ingests the latest scan for a URL.
Users can now ingest Veracode scans up to 180 days old.
Users can no longer set an option for ticketing connectors that automatically closes findings in the platform if the third-party ticket is closed. The only sources that automatically close findings are vulnerability sources.
The Generic Uploader now correctly handles mappings of the “Base URL” and “Application URL” fields for SAST, OSS, and Container scanners.
These widgets show the same metrics for multiple groups. Some group metrics are also available as time series. For more information, see Group Metrics.
The Detailed Vulnerability Report now shows a distribution of open (passing) and closed (non-passing) compliance-type findings.
The “RiskSense Security Score (RS³) Timeline” on the Executive Dashboard now shows more information about the availability of the VRR Delta (the difference in counts of Critical, High, Medium, Low, and Info findings on 2 dates).
The Scanners page now omits RiskSense system scanners and only show scanners that users created. These scanners are created via the scanners page, API, and during a generic upload mapping.
Most jobs on the Jobs page now have a Job Subject and Workflow Type.
The widget “Application Findings by Type” no longer overflows if the user views the Application Security Dashboard on a small laptop screen.
The Scanner Name filter suggestions is now populated for manually created findings.
If an application has no findings, the Recent Scans section is no longer shown for the application in the Application Detail pane.
The CVE filter on the Application Findings page now includes CVEs without a missing CVSS v3 or CVSS v2 score.
The Host Findings page now sorts Qualys PC findings by Status correctly.
In the Group Metrics widget “Group Performance over Time,” the dates shown for each week depend on the metric. Open finding time series shows the date for the last day of the week, Saturday. Closed finding time series based on the Resolved On date show the start of the week, Sunday.