Rumble Network Discovery Beta 3

|
Updated

Asset Change Tracking & Notifications (Alerts) #

Beta 3 is here and ships with network change tracking and notifications (edit: now alerts in v1.0.0)! Combined with recurring scans, Rumble now provides detailed asset tracking across local, remote, external, and cloud assets with notifications sent by email or webhook (including Slack!). This release also includes keyword-based search for the Inventory, a major overhaul of the scan engine, and tons of small improvements. Check out the release notes below for a complete list of changes since Beta 2.

Rumble Network Discovery Beta 3 Change Tracking

Product Documentation #

Documentation has been updated and consolidated into our new product documentation portal. If you can't find something, please drop us a line and let us know.

Release Notes #

  • Asset change tracking, notifications, notification rules, and notification channels have been implemented. Combined with recurring scans, this provides basic network monitoring and change notification, with support for internal notifications, email groups, and anything that exposes web hooks, including Slack.

  • The Inventory now supports custom search queries, with defined keywords, which also apply to JSON and CSV exports.

  • Task details are now displayed, including recurring scan schedules, and change reports for Scan tasks.

  • Rumble scans now distribute probes across all targets more evenly, limiting per-host packet rates to 50/s unless overridden with --max-host-rate. This improves the consistency of scan results against low-performance network connected devices (printers, power device network cards, and low-end internet of things devices, such as the ESP32).

  • Incoming links to the Rumble Console no longer force reauthentication.

  • Scan tasks that are sent to an agent, but not reported on within 15 minutes are automatically requeued. This resolves situations where jobs become stuck due to a terminated, reset, or otherwise unavailable agent (for example, a laptop suspend).

  • Rumble binaries (agent and scanner downloads) can now be validated independently using the Rumble Verifier. The verifier is provided with PGP signatures for each platform and SHA-256 sums.

  • ARP and ICMP ECHO probes will now now retry automatically for non-responsive hosts. This improves the consistency of detection of low-powered network connected devices, especially on wireless networks.

  • Target hostnames entered into the scan scope are now resolved by either the agent local nameserver or a custom set of nameservers specified in the scan configuration. Target hostname resolution is now consistent across all supported architectures.

  • Scan exclusions can be configured per-site and per-scan. Site exclusions set the default for all new scans of that Site.

  • Hostnames entered into the scan scope are now used for asset correlation; all addresses resolved from a given hostname are grouped together, and probes using HTTP and TLS specify the host header and server name extension as appropriate.

  • runZero Scanner output now includes global settings in the config record.

  • Improved progress reporting based on the relative work load of a given probe. Scans that supply a large port range will now reflect their progress more accurately.

  • ICMP ECHO scans now drop replies received from out-of-scope ranges, preventing ghost assets from being reported.

  • Rumble Agent and runZero Scanner now use npcap v0.993, which includes a number of bug fixes and performance improvements.

  • The MAC fingerprint database has been updated using the latest data from the mac-ages project.

  • Tons of small UI updates.

  • New Rumble icons!

Written by HD Moore

HD Moore is the founder and CEO of runZero. Previously, he founded the Metasploit Project and served as the main developer of the Metasploit Framework, which is the world's most widely used penetration testing framework.

More about HD Moore
Subscribe Now

Get the latest news and expert insights delivered in your inbox.

Welcome to the club! Your subscription to our newsletter is successful.


Related Articles

runZero Insights
Taming the Typhoons: How runZero Keeps You Ahead of State-Sponsored Cyber Threats
China's Typhoon cyber attacks are evolving, but runZero helps you stay one step ahead with unmatched visibility and proactive defense.
runZero Insights
Ensure compliance with DORA’s ICT risk framework using runZero
Learn how to uncover unmanaged and unknown assets— including IT, OT, and IoT— to meet DORA's hidden risk requirements using runZero.
Life at runZero
Employee Spotlight: Doug Markiewicz
Doug Markiewicz is a strategic Customer Success Engineer with a passion for solving complex cybersecurity problems. Learn more about his journey as...
runZero Insights
Evolving from IT to IoT: Flax Typhoon preyed on the lesser knowns
A look at Flax Typhoon's latest operations, and how runZero’s unknown and IoT asset visibility can help calm the storm for security teams.

See Results in Minutes

Get complete visibility into IT, OT, & IoT — without agents, credentials, or hardware.

© Copyright 2024 runZero, Inc. All Rights Reserved