Rumble 1.11 Taking Discovery to 11

|
Updated

Rumble v1.11 #

After eleven releases and eleven months since our 1.0 launch we are happy to announce that v1.11 is live! The release adds Projects; temporary organizations that make it easy to manage one-off scans and professional services with Rumble. Also introduced in v1.11 is the ability to explore historical data, a new addon for Splunk Cloud, bulk asset changes via CSV import, over 10,000 new SNMP fingerprints, and much more!

Read on for the full list of changes since v1.10.

Projects for Short-Term Efforts #

Rumble is licensed by Live Assets, but this isn't a fit for all use cases, and we have been exploring alternatives. After extensive conversations with our users, we landed on Projects. Projects are temporary organizations that become read-only after 30 days and automatically expire after 90 days. If you want run one-off scans, explore different discovery options, or provide professional services to other organizations, Projects can help. Projects are available in all paid tiers and can be promoted to full organizations any time prior to the 90-day expiration. Project asset limits are equivalent to your license tier times five. If you are subscribed to the 1,000 live asset tier, Rumble supports 1,000 live assets across all permanent organizations and now 5,000 additional assets across all temporary projects.

Screenshot of New Project action Screenshot of New Project options

Projects for Historical Data #

If you want to see what a network looked like in the far past, or just last week, Rumble offers the tools for this, but loading historical scan data into new sites and organizations was clunky at best, and not the least bit intuitive. Starting with version v1.11, historical scans can be loaded into temporary projects via the Load action in the task details page for a given scan. Multiple scans (or imports) can be loaded into projects this way, allowing you to explore the data in a separate environment. We plan to explore other options for tracking and displaying asset history, but wanted to provide something easy and full-featured today. Historical data loaded into projects support all of the normal features, including per-user access control, remote APIs, inventory search, and reporting.

Screenshot of Historical Task Load

Rumble Addon for Splunk Cloud #

Rumble has a shiny new Addon for Splunk 8 and Splunk Cloud! The latest addon supports syncing assets into Splunk, with multiple inputs supported, global API key management, and optional search filters for each input. Want to track only new assets as one input? Sure thing! How about just assets with SMB protocol 1 enabled? It handles that too! Splunk Cloud users can request this addon and schedule the installation through the Splunk Cloud support portal.

Screenshot of Rumble Splunk Addon

Easy Annotation with CSV Imports #

Excel is often regarded as the "Second Best Tool for Anything" and this applies equally well to asset inventory. Rumble has supported CSV export from day one and is slowly adding support for CSV import as well. Rumble v1.11 can now import its own CSV export and will update matching assets with any changes to the comments or tags fields. Other fields, like OS and Hardware can be set as well, but may be overridden by the next scan.

Screenshot of Excel with Asset Data

Over 10,000 New SNMP Fingerprints #

There are hundreds of ways to fingerprint a device on the network, but none so ubiquitous as the SNMP Object ID. Rumble v1.11 rolls up over 10,000 new SNMP ObjectID fingerprints across dozens of MIBs into the biggest fingerprint database of its kind. These new fingerprints work in conjunction with existing coverage, with normalized vendor and device types, and provide even more precise device fingerprinting of SNMP-enabled equipment. Building this database required hand-editing and normalizing over 60,000 individual records, with extensive back-testing against public datasets, but the results are worth it.

Screenshot of SNMP Fingerprint Data

Web Screenshot Improvements #

Two major improvements to web screenshots were added in this release. First, non-standard Chrome installation paths on Windows are now automatically detected. Second, Rumble now takes multiple screenshots of each service, with various timing options, picking the highest quality image from the result set automatically. This process substantially reduces the number of screenshots that return a blank page or simply time out.

Screenshot of APC Network Card

Scan Data Compression #

All Rumble scan data uploaded to and downloaded from the platform is now compressed with Gzip by default. This substantially decreases the size of scan data and helps with bandwidth-constrained environments. The Import action now supports compressed and uncompressed files while all task data downloads only return compressed data going forward. The command-line runZero Scanner now compresses the scan.rumble file by default.

Screenshot of CLI Scanner Output

Release Notes #

The complete release notes for v1.11.0 can be found in our documentation

If you haven't had a chance to try runZero before, or would like to play with the new features, sign up for a free trial and let us know what you think!

Written by HD Moore

HD Moore is the founder and CEO of runZero. Previously, he founded the Metasploit Project and served as the main developer of the Metasploit Framework, which is the world's most widely used penetration testing framework.

More about HD Moore
Subscribe Now

Get the latest news and expert insights delivered in your inbox.

Welcome to the club! Your subscription to our newsletter is successful.


Related Articles

runZero Insights
Evolving from IT to IoT: Flax Typhoon preyed on the lesser knowns
A look at Flax Typhoon's latest operations, and how runZero’s unknown and IoT asset visibility can help calm the storm for security teams.
runZero Insights
How runZero finds unmanaged devices on your network
How do you find unmanaged devices on your network when they aren't accounted for? Learn how you can use runZero to find unmanaged devices on your...
runZero Research
RDP security: The impact of secure defaults and legacy protocols
Explore the evolution of the Remote Desktop Protocol to become secure by default and learn how to audit your environment for risky RDP configurations.
Industry
Active scanning industrial control systems safely
Do you still believe active scanning in OT environments isn't safe? We all know passive scanning is difficult to deploy, misses assets, and is...

See Results in Minutes

Get complete visibility into IT, OT, & IoT — without agents, credentials, or hardware.

© Copyright 2024 runZero, Inc. All Rights Reserved