runZero Scanner Updates & Data Transparency
Data transparancy is one of the key drivers of Rumble development. We do our best to ensure that any data gathered, transmitted, or downloaded is easy to view, import, export, and reprocess. Data generated by the Rumble Agent can be downloaded and reprocessed by the runZero Scanner. Raw data from the runZero Scanner can be imported into the Rumble Console. This data is consistently formatted and almost always backwards compatible between versions.
This week we released version 1.3.1 of the runZero Scanner, which adds even more features for working with data and bringing that data back into the cloud console. The new additions include:
Support for the
--baselineoption, which accepts an
assets.jsonlfile from a previous run, or a JSONL export from the Rumble Console, and uses this as a baseline for normalizing and deduplicating assets. Assets matched against the baseline will carry forward the same UUID values, as well as tags and comments, in the resulting
assets.jsonlof the new scan. For folks who primarily use the Scanner (and our OEM integrators), this simplifies the process of asset tracking between scans, allowing the same logic as the cloud backend to be applied to local scan data.
Support for the
--uploadoption. The runZero Scanner can now upload data directly to the cloud console. If you want more flexibility for how scans are run, when they are run, and from what systems, the Scanner can now be used as a primary driver of scan data for the console. To use this option, specify an Organization API key for the
--api-keyparameter and optionally, set the
--upload-sitename to the Site to populate. If you want to send data to your own endpoint, you can override the
--api-hostparameter and build your own handler for the Import API.
Support for multiple
--importoptions. This change allows the runZero Scanner to consolidate raw scan data (
scan.rumble.gzor the raw task data from the console) into a single output. This works with the
--baselineoption to track and correlate assets and with the
--uploadoption. The import option works with or without new scan parameters. If you would like to import one more previous scans into a remote site, specify each
--importfile, set the
--api-key, and an optional
April 13, 2021
Rumble 2.1: Notification Templates, AWS EC2 Enrichment, and Cisco SNTC Exports
Rumble Network Discovery 2.1 # Rumble 2.1 is now live with support for custom notification templates, AWS EC2 scan enrichment, Cisco serial number exports for SNTC, faster exports, more flexible imports, an updated Splunk Addon, and much more! Custom notification emails and …Read More
March 16, 2021
Rumble 2.0: Automation, Subnet Discovery, ServiceNow, and More!
Rumble Network Discovery 2.0 # Rumble 2.0 is now live with alert and asset automation via the Rules Engine, ridiculously fast scans with subnet discovery, cross-organization management via the Account API, support for ServiceNow CMDB integration, an automated query …Read More
August 6, 2020
Recog development with runZero
Overview # Recog may be one of the most underrated open source security projects of all time. Recog started off in the early 2000s as the fingerprinting backend for Rapid7’s Nexpose (aka InsightVM) vulnerability scanner. It was released as open source in 2014 and …Read More
Subscribe and stay in the loop!
We won't share your email.
Unsubscribe at any time.