Rumble 1.4.0 Concurrent Scans & Much More!

|
Updated

Version 1.4.0 of Rumble Network Discovery is now available with a host of changes. This release rolls up our post-1.3.0 work, including major updates to the command-line runZero Scanner and support for asset syncing in Splunk.

The Rumble user interface and API endpoints now support grouped queries using parenthesis in search terms. Grouped queries allow for complex filtering logic and can helpful when searching for specific types of misconfigurations.

Rumble Search Groups

These queries can be applied to the export functionality as well as the search interfaces for assets, services, screenshots, wireless networks, sites, and organizations.

The Rumble asset correlation engine now ignores "noisy" changes by default, including small changes to identified hostnames, domain names and reverse DNS entries. These improvements should reduce the number of alerts triggered after scans where reverse DNS becomes unavailable or is generally unreliable.

Network devices that intercept requests and forge network responses containing fake MAC addresses are now handled better. Prior to 1.4.0, Rumble could detect and avoid ARP proxies, and this release extends that support to devices that intercept and forge responses to protocols like NetBIOS and SNMP. This change prevents unrelated hosts from being correlated into the same asset.

For folks with busy scan schedules, this release has two major changes.

  • Scheduled scans that aren't able to find an available agent after four hours are now automatically canceled. Recurring scans will try again during their next scheduled scan period. This change prevents "surprise" scans when a particular job takes longer than expected.

  • Agents now support concurrent scans. To enable this feature, access the agent list and choose Configure Agent from the Manage menu. Concurrent scans allow powerful centralized systems to get more done at once and can reduce overall scan times.

Concurrent Scan Settings

The Rumble Agent has been updated with the latest version of npcap, upgrades more reliably in certain corner cases, and writes out a log file automatically on all platforms. This release also resolves occassional issues with lingering chrome.exe processes on Windows systems.

The runZero Scanner now supports multiple import files, can work from a previous assets.jsonl as a baseline, and can upload resuls to the Rumble platform automatically, creating new sites as needed. For folks who prefer to run their scans by hand or in response to network events, this a great way to populate the inventory on demand. Take a look at this post for additional information on the scanner changes.

Release Notes #

If you haven't had a chance to try runZero before, or would like to play with the new features, sign up for a free trial and let us know what you think!

Written by HD Moore

HD Moore is the founder and CEO of runZero. Previously, he founded the Metasploit Project and served as the main developer of the Metasploit Framework, which is the world's most widely used penetration testing framework.

More about HD Moore
Subscribe Now

Get the latest news and expert insights delivered in your inbox.

Welcome to the club! Your subscription to our newsletter is successful.


Related Articles

runZero Insights
Taming the Typhoons: How runZero Keeps You Ahead of State-Sponsored Cyber Threats
China's Typhoon cyber attacks are evolving, but runZero helps you stay one step ahead with unmatched visibility and proactive defense.
runZero Insights
Ensure compliance with DORA’s ICT risk framework using runZero
Learn how to uncover unmanaged and unknown assets— including IT, OT, and IoT— to meet DORA's hidden risk requirements using runZero.
Life at runZero
Employee Spotlight: Doug Markiewicz
Doug Markiewicz is a strategic Customer Success Engineer with a passion for solving complex cybersecurity problems. Learn more about his journey as...
runZero Insights
Evolving from IT to IoT: Flax Typhoon preyed on the lesser knowns
A look at Flax Typhoon's latest operations, and how runZero’s unknown and IoT asset visibility can help calm the storm for security teams.

See Results in Minutes

Get complete visibility into IT, OT, & IoT — without agents, credentials, or hardware.

© Copyright 2024 runZero, Inc. All Rights Reserved