Rumble Network Discovery Beta 3

Updated

Asset Change Tracking & Notifications (Alerts) #

Beta 3 is here and ships with network change tracking and notifications (edit: now alerts in v1.0.0)! Combined with recurring scans, Rumble now provides detailed asset tracking across local, remote, external, and cloud assets with notifications sent by email or webhook (including Slack!). This release also includes keyword-based search for the Inventory, a major overhaul of the scan engine, and tons of small improvements. Check out the release notes below for a complete list of changes since Beta 2.

Rumble Network Discovery Beta 3 Change Tracking

Product Documentation #

Documentation has been updated and consolidated into our new product documentation portal. If you can't find something, please drop us a line and let us know.

Release Notes #

  • Asset change tracking, notifications, notification rules, and notification channels have been implemented. Combined with recurring scans, this provides basic network monitoring and change notification, with support for internal notifications, email groups, and anything that exposes web hooks, including Slack.

  • The Inventory now supports custom search queries, with defined keywords, which also apply to JSON and CSV exports.

  • Task details are now displayed, including recurring scan schedules, and change reports for Scan tasks.

  • Rumble scans now distribute probes across all targets more evenly, limiting per-host packet rates to 50/s unless overridden with --max-host-rate. This improves the consistency of scan results against low-performance network connected devices (printers, power device network cards, and low-end internet of things devices, such as the ESP32).

  • Incoming links to the Rumble Console no longer force reauthentication.

  • Scan tasks that are sent to an agent, but not reported on within 15 minutes are automatically requeued. This resolves situations where jobs become stuck due to a terminated, reset, or otherwise unavailable agent (for example, a laptop suspend).

  • Rumble binaries (agent and scanner downloads) can now be validated independently using the Rumble Verifier. The verifier is provided with PGP signatures for each platform and SHA-256 sums.

  • ARP and ICMP ECHO probes will now now retry automatically for non-responsive hosts. This improves the consistency of detection of low-powered network connected devices, especially on wireless networks.

  • Target hostnames entered into the scan scope are now resolved by either the agent local nameserver or a custom set of nameservers specified in the scan configuration. Target hostname resolution is now consistent across all supported architectures.

  • Scan exclusions can be configured per-site and per-scan. Site exclusions set the default for all new scans of that Site.

  • Hostnames entered into the scan scope are now used for asset correlation; all addresses resolved from a given hostname are grouped together, and probes using HTTP and TLS specify the host header and server name extension as appropriate.

  • runZero Scanner output now includes global settings in the config record.

  • Improved progress reporting based on the relative work load of a given probe. Scans that supply a large port range will now reflect their progress more accurately.

  • ICMP ECHO scans now drop replies received from out-of-scope ranges, preventing ghost assets from being reported.

  • Rumble Agent and runZero Scanner now use npcap v0.993, which includes a number of bug fixes and performance improvements.

  • The MAC fingerprint database has been updated using the latest data from the mac-ages project.

  • Tons of small UI updates.

  • New Rumble icons!

Written by HD Moore

HD Moore is the co-founder and CEO of runZero. Previously, he founded the Metasploit Project and served as the main developer of the Metasploit Framework, which is the world's most widely used penetration testing framework.
More about HD Moore
Subscribe Now

Get the latest news and expert insights delivered in your inbox.

Welcome to the club! Your subscription to our newsletter is successful.


Related Articles

Product Release
Introducing the customizable dashboard, Wiz integration, and more!
Introducing the customizable dashboard, Wiz Integration, and other Q2 2024 enhancements to the runZero Platform.
Product Release
How to integrate your SIEM platform with runZero to create an actionable asset inventory
Learn how to combine runZero's real-time asset inventory with SIEM exports for comprehensive asset tracking and historical data analysis..
runZero Insights
Celebrating Women’s History Month with trailblazers & innovators
It’s Women’s History Month! runZero is celebrating all month long by highlighting innovative women who have been technological trailblazers.
Industry
Upcoming NYDFS regulatory requirements on asset inventory and vulnerability enumeration
Is your business prepared for the approaching deadlines for complying with the latest version of the NYDFS Cybersecurity Regulation (23 NYCRR 500)?...

See Results in Minutes

Get complete visibility into IT, OT, & IoT — without agents, credentials, or hardware.

© Copyright 2024 runZero, Inc. All Rights Reserved