Version 9.01.00 Release Notes

Summary: High-level overview of the changes/updates included in RiskSense Version 9.01.00, released on December 4, 2020.

The RiskSense platform version 9.01.00 update includes the following features and enhancements:

• Integrations

  • Generic Upload: CWE Prefix Ingestion

  • Generic Upload: CVE Ingestion for Application Findings

  • CheckMarx OSA and SAST API Integrations Added

• Dashboards

  • Saved Start Date on Group Performance over Time

  • Exportable Current Group Performance Data

• Workflow

  • Workflow Information Expanded in Detail Pane of all Findings Pages

  • Latest System Workflow Filter on Findings

  • Workflow Filtering on Assets

  • Navigation Linking between Workflow, Asset, and Finding Pages

  • Sorting and Filtering According to Creation Date

• Miscellaneous Changes

  • Possible Patches Added to Application Findings

  • Updated Configurable Exports on the Patches Page

  • Scanner References Cleanup

• Fixed Issues

To seek help with using our new features, receive feature documentation, and/or schedule training, please contact your Customer Success account manager directly or send a message to [email protected].

Integrations

Generic Upload: CWE Prefix Ingestion

Application Findings data containing the “CWE” prefix in the data can now be ingested and contextualized by the RiskSense platform.

Generic Upload: CVE Ingestion for Application Findings

The generic uploader now parses CVEs associated to Application Findings when applicable.

CheckMarx OSA and SAST API Integrations Added

The CheckMarx OSA and SAST Application Scanners are now available as API connectors from the Integrations page. CheckMarx SAST manual uploads are still supported, as well.

Dashboards

Saved Start Date on Group Performance over Time

Users can now choose and save the Start Date for the Group Performance over Time chart on the configurable dashboards view. This date persists across platform sessions.

Exportable Current Group Performance Data

Information displayed in the Current Group Performance dashboard chart can now be exported directly to a CSV file using the three-dot option menu on the chart. The file exports directly from the browser rather than through the standard Export wizard.

Workflow

Workflow Information Expanded in Detail Pane of all Findings Pages

This section has been enhanced for user experience, expanding the Open and Closed sections to a more detailed breakdown of the workflows associated with the Finding. The top of this section now displays an explanation of the Findings' current status. In particular, the reason why that Finding is currently Open or Closed is provided, including a reference to the Workflow(s) responsible for the current status. The latest system workflow and all actionable workflows are now grouped separately from all others for easy identification.

Latest System Workflow Filter on Findings

Users can now filter on the Host Findings and Application Findings pages for “Workflow (Latest System)” to easily identify the latest System User-executed workflows on findings.

Workflow Filtering on Assets

New filters for Workflow ID, Has Approved Risk Acceptances, and Has Approved False Positives have been added to the Host and Application views to identify assets containing findings with the corresponding workflow types.

Navigation Linking between Workflow, Asset, and Finding Pages

Hyperlinks in the Workflow view now allow easier navigation to the Hosts, Host Findings, Applications, and Application Findings pages for all constituent findings or assets. Links to the Workflow pages have also been added to the Findings pages.

Sorting and Filtering According to Creation Date

By default, the Workflow view sorts according to the most recently created workflows first. A filter for creation date is also available.

Miscellaneous Changes

Possible Patches Added to Application Findings

For Snyk scanner integration users, Application Findings containing possible patches have this information available in the Application Findings page’s detail pane.

Updated Configurable Exports on the Patches Page

The associated vendor and patch family fields have been added as options to the configurable exporter on the Patches page.

Scanner References Cleanup

Nessus scanner users now have the Finding references section in the Host Findings detail pane streamlined, showing only standard URL references and Nessus KB Dependency links.

Fixed Issues

• Qualys Asset connector tags are now correctly removed from associated Assets when the connector refreshes data.

• Resolved an issue around Threat Counts sometimes failing to load properly on the Application Findings view.

• Resolved an issue with the deletion of a workflow date; proceeding pages now load correctly.

• Resolved an issue with modifying the approval date of a workflow in the past; only future dates are supported.

• Host Findings filtering by “Title is like” now handles empty iterations.

• Resolved a generic uploader issue around host-based scanners; all uploads now properly identify the name of the associated Scanner during upload.

• Groups containing no data now still appear on Group Metrics dashboard charts.

• Tags pulled by connectors now have a correctly assigned color on the Tags (Collections Manager) page.

• Syncing CMDB Hosts displays proceeding pages correctly after initiating the sync.