Version 9.00.00 Release Notes

Summary: High-level overview of the changes/updates included in RiskSense Version 9.00.00, released on November 20, 2020.

The RiskSense platform version 9.00.00 update includes the following features and enhancements:

To seek help with using our new features, receive feature documentation, and/or schedule training, please contact your Customer Success account manager directly or send a message to [email protected].

New Features

Identity and Access Management

RiskSense now provides administrators with more fine-grained control over each user’s access to organizational vulnerability data and RiskSense vulnerability management, reporting, and automation features. The new Identity Access and Management feature replaces the current level-based role system that uses Technician, User, Group Manager, and Manager. RiskSense now provides foundational and supplemental roles that align with common user personas or job small functions within the platform. Users with the appropriate privileges also can define their own roles. For more information, see Identity and Access Management: Overview.

Metric Exclude Enhancements

When an asset is ingested into the RiskSense platform and exactly zero findings (open or closed) are associated with that asset, it is automatically exempt from receiving an RS³ and does not contribute to any group or organizational scores. Users with the correct permissions can now override this and intentionally assign an RS³ to such assets, if desired. For more information, see Asset Metric Exclusion

List View Enhancements

Patch Export

Users can now export information from the Patches page. Asset, Finding, and Patch fields are included in the configurable template configuration.

Individual Host and Application RS³ for Groups

In the Groups detail pane, separate host-based and application-based RS³ values for each group have been added to indicate each group’s security posture against these two types of risk.

Integrations

AppSpider Scan Enhancements

The AppSpider scanner now only ingests the latest scan for a URL.

New Configuration for Older Veracode File Ingestion

Users can now ingest Veracode scans up to 180 days old.

End of Life for Feature for Closing Findings

Users can no longer set an option for ticketing connectors that automatically closes findings in the platform if the third-party ticket is closed. The only sources that automatically close findings are vulnerability sources.

Generic Uploader Application URL Mappings

The Generic Uploader now correctly handles mappings of the “Base URL” and “Application URL” fields for SAST, OSS, and Container scanners.

Dashboards

Group Metrics

These widgets show the same metrics for multiple groups. Some group metrics are also available as time series. For more information, see Group Metrics

Miscellaneous Changes

Compliance Findings in Detailed Vulnerability Report

The Detailed Vulnerability Report now shows a distribution of open (passing) and closed (non-passing) compliance-type findings.

Notice Added Regarding RS³ Delta

The “RiskSense Security Score (RS³) Timeline” on the Executive Dashboard now shows more information about the availability of the VRR Delta (the difference in counts of Critical, High, Medium, Low, and Info findings on 2 dates).

Scanners Page Limited to Client’s Scanners

The Scanners page now omits RiskSense system scanners and only show scanners that users created. These scanners are created via the scanners page, API, and during a generic upload mapping.

Fixed Issues

  • Most jobs on the Jobs page now have a Job Subject and Workflow Type.

  • The widget “Application Findings by Type” no longer overflows if the user views the Application Security Dashboard on a small laptop screen.

  • The Scanner Name filter suggestions is now populated for manually created findings.

  • If an application has no findings, the Recent Scans section is no longer shown for the application in the Application Detail pane.

  • The CVE filter on the Application Findings page now includes CVEs without a missing CVSS v3 or CVSS v2 score.

  • The Host Findings page now sorts Qualys PC findings by Status correctly.

Known Issues

  • In the Group Metrics widget “Group Performance over Time,” the dates shown for each week depend on the metric. Open finding time series shows the date for the last day of the week, Saturday. Closed finding time series based on the Resolved On date show the start of the week, Sunday.