Rumble Network Discovery Beta 3

Updated

Asset Change Tracking & Notifications (Alerts) #

Beta 3 is here and ships with network change tracking and notifications (edit: now alerts in v1.0.0)! Combined with recurring scans, Rumble now provides detailed asset tracking across local, remote, external, and cloud assets with notifications sent by email or webhook (including Slack!). This release also includes keyword-based search for the Inventory, a major overhaul of the scan engine, and tons of small improvements. Check out the release notes below for a complete list of changes since Beta 2.

Rumble Network Discovery Beta 3 Change Tracking

Product Documentation #

Documentation has been updated and consolidated into our new product documentation portal. If you can't find something, please drop us a line and let us know.

Release Notes #

  • Asset change tracking, notifications, notification rules, and notification channels have been implemented. Combined with recurring scans, this provides basic network monitoring and change notification, with support for internal notifications, email groups, and anything that exposes web hooks, including Slack.

  • The Inventory now supports custom search queries, with defined keywords, which also apply to JSON and CSV exports.

  • Task details are now displayed, including recurring scan schedules, and change reports for Scan tasks.

  • Rumble scans now distribute probes across all targets more evenly, limiting per-host packet rates to 50/s unless overridden with --max-host-rate. This improves the consistency of scan results against low-performance network connected devices (printers, power device network cards, and low-end internet of things devices, such as the ESP32).

  • Incoming links to the Rumble Console no longer force reauthentication.

  • Scan tasks that are sent to an agent, but not reported on within 15 minutes are automatically requeued. This resolves situations where jobs become stuck due to a terminated, reset, or otherwise unavailable agent (for example, a laptop suspend).

  • Rumble binaries (agent and scanner downloads) can now be validated independently using the Rumble Verifier. The verifier is provided with PGP signatures for each platform and SHA-256 sums.

  • ARP and ICMP ECHO probes will now now retry automatically for non-responsive hosts. This improves the consistency of detection of low-powered network connected devices, especially on wireless networks.

  • Target hostnames entered into the scan scope are now resolved by either the agent local nameserver or a custom set of nameservers specified in the scan configuration. Target hostname resolution is now consistent across all supported architectures.

  • Scan exclusions can be configured per-site and per-scan. Site exclusions set the default for all new scans of that Site.

  • Hostnames entered into the scan scope are now used for asset correlation; all addresses resolved from a given hostname are grouped together, and probes using HTTP and TLS specify the host header and server name extension as appropriate.

  • runZero Scanner output now includes global settings in the config record.

  • Improved progress reporting based on the relative work load of a given probe. Scans that supply a large port range will now reflect their progress more accurately.

  • ICMP ECHO scans now drop replies received from out-of-scope ranges, preventing ghost assets from being reported.

  • Rumble Agent and runZero Scanner now use npcap v0.993, which includes a number of bug fixes and performance improvements.

  • The MAC fingerprint database has been updated using the latest data from the mac-ages project.

  • Tons of small UI updates.

  • New Rumble icons!

Written by HD Moore

HD Moore is the co-founder and CEO of runZero. Previously, he founded the Metasploit Project and served as the main developer of the Metasploit Framework, which is the world's most widely used penetration testing framework.
More about HD Moore
Subscribe Now

Get the latest news and expert insights delivered in your inbox.

Welcome to the club! Your subscription to our newsletter is successful.


Related Articles

runZero Research
SSHamble: Unexpected exposures in the Secure Shell
We conducted a deep dive into the SSH ecosystem and identified vulnerabilities across a wide range of implementations. During the research process,...
runZero Research
Attack Surface Challenges with OT/ICS and Cloud Environments
Learn why successfully navigating changes to operational technology and cloud attack surfaces is critical for successful asset security.
Life at runZero
Employee Spotlight: Nikki Milum
Nikki Milum is our stellar Senior People Operations Partner! Read on to learn more about why Nikki thinks runZero is different than any place she’s...
runZero Research
Evolving threat landscapes: a view through the lens of CAASM
See what our analysis of sample CAASM data reveals about the current threat landscape and how security teams are responding to challenges old and new.

See Results in Minutes

Get complete visibility into IT, OT, & IoT — without agents, credentials, or hardware.

© Copyright 2024 runZero, Inc. All Rights Reserved