Rumble 1.13 Roles, Correlation, Reports, and More!

User Roles & Permissions #

Organizations are now more self-sufficient through the addition of a new tab in the Your Team page. This section shows which users have access to the current organization and allows limited administrators to manage users for the active organization.

A new Billing role has been defined that is limited to license and payment management. Users without permissions to any organization can now manage their account settings, including enrollment for multi-factor authentication.

Asset Correlation #

Rumble uses a combination of unique attributes and heuristics to identify multihomed assets and track IP changes as assets move around the network. This process now takes into account a wider group of attributes when identifying unique keys in the environment. This improves asset correlation when "gold images" are widely cloned as virtual machines, preventing any extensively duplicated attribute from being used as a unique correlation key.

Inventory & Reporting #

IP address management is now easier through small changes to the Subnet reports. The Subnet Utilization report now accurately sorts density based on the site subnet scopes and not the default subnet mask. The Subnet Grid report is now slightly faster with larger networks.

Identifying assets with public-facing IP addresses has been improved through enhancements to the haspublic and hasprivate keywords. These keywords are now accurate even when a mix of IPv6 and IPv4 addresses are present. Searches that involve a bare IP address or partial IPv4 are now automatically mapped to the host keyword.

Tagging has seen two small updates. Any tags set from the inventory page are now added to the asset tags and only replace existing tags if they have the same name. The overview page now also shows the top 50 asset tags across the organizations. Tags are case sensitive and the top tags list can help identify inconsistencies and typos in tag use.

Scanner #

The scan engine now pulls IPv4/MAC pairs from a wider range of devices through additional OID support in the ARP cache enumerator. This helps with older Juniper devices in particular.

Certain HTTP services present a gzip-compressed body even when the client doesn't set the required Accept-Encoding header. This resulted in the HTTP response being stored compressed, which was ugly and prevented some HTTP fingerprints from being applied correctly. Going forward, gzip-compressed bodies are now automatically unpacked, even when doing so technically breaks the HTTP specification.

A small bug related to overlapping network ranges in scan targets has been resolved. This prevents the same IP from being scanned multiple times when overlapping ranges and subnets were configured in the same scan. The scan time estimation in the scan configuration screen now takes into account overlapping ranges as well.

The standalone CLI scanner received some light updates to the user interface, including display of runtime statistics like memory, CPU utilization, active goroutines, and the number of open files. The available information changes a little by platform, but overall this helps keep an eye on resource usage during a scan.

Release Notes #

The complete release notes for v1.13.0 can be found in our documentation.

If you haven't had a chance to try runZero before, or would like to play with the new features, sign up for a free trial and let us know what you think!