Rumble 2.10 Uncover IPv6 blindspots and manage permissions with user groups

|
Updated

What's new with Rumble 2.10? #

Discover IPv6 assets anywhere #

Rumble has extended its IPv6 support to include scans of IPv6 static addresses, DNS names with AAAA records, and interface-specific link-local IPv6 addresses. This support is enabled by default for runZero Explorers on IPv6-enabled hosts. Local IPv6 discovery comes from the new Layer 2 probe, which identifies link-local addresses on IPv6-enabled interfaces, even without user input, and then conducts a full scan of the newly-found targets.

IPv6 scanning is now a native feature in the Rumble scan engine. Thus, scanning one IP protocol version can yield insights from the other. For example, when scanning IPv6, Rumble's multi-home detection logic can discover IPv4 addresses on the same device, and present a unified asset with both IPv4 and IPv6 addresses.

Uncover your IPv6 blind spots with Rumble by comparing the services exposed on IPv4 with IPv6. Many services are exposed on IPv6 but not on IPv4 and firewalls do not always impose the same restrictions on IPv4 and IPv6 traffic, creating network blind spots. The services summary in the asset detail report makes it easy to spot if an asset presents a different exposure over IPv6 versus IPv4.

IPv6 discovery

Group users to easily manage permissions #

Rumble now supports user groups, which enables you to bulk manage users that need a shared set of permissions. User group permissions are applied on top of the base user permissions, with the highest permission level taking effect. This simplifies the common case, where limited privileges are provided through a base role and specific organization access is managed at the group-level. Rumble Enterprise users have the option to set an expiration date on user groups to enforce time-bound access. After the expiration date elapses, the account reverts back to their user-level permissions.

User groups

Check out the new user management features by going to Home > Your team > Groups.

Release notes #

The Rumble 2.10 release includes a rollup of all the 2.9.x updates, which includes all of the following features, improvements, and updates.

New features #

  • Discover IPv6 assets anywhere
  • Group users to easily manage permissions
  • Sync AWS from the Explorer, Scanner, or Console
  • Faster imports of Censys Data

Security improvements #

  • A security issue has been identified and fixed in the SSO SAML handler of the web console. This issue was found during internal review and could be abused to trigger a denial-of-service or limited leak of application internal data by an unauthenticated attacker. Self-hosted customers need to upgrade as soon as possible. Hosted customers have already been updated to the latest version.

Integration improvements #

  • The CrowdStrike integration now uses the Scroll API to better support large organizations.
  • The CrowdStrike integration has been updated to improve correlation with existing assets.
  • The Azure connector now ignores canceled subscriptions automatically.
  • CrowdStrike connector tasks now move preexisting CrowdStrike-sourced assets into matching scanned assets across sites.
  • Censys Avro files can now be converted to a database for faster lookups.
  • AWS internal hostnames are now reported in the asset name list.
  • AWS assets can now be synced from the standalone scanner, as a scan probe in the console, or imported from previous AWS connector tasks.
  • AWS and Azure connectors no longer set asset alive status and no longer are counted as offline or back online in the change report.
  • A bug that prevented some AWS organizations from working with STS AssumeRole has been fixed.
  • A bug that prevented public IP addresses from populating an AWS asset's IPv4 attribute has been fixed.
  • A bug that prevented services from displaying after a third-party import has been resolved.
  • A bug that prevented importing operating system information from CrowdStrike for some Linux devices has been fixed.
  • A bug that could allow duplicate CrowdStrike assets after an import has been fixed. Any resulting duplicates are eliminated on the next CrowdStrike task run.
  • A bug that caused the Azure integration to occasionally skip public IPs has been fixed.
  • A bug that caused a CrowdStrike connector task to send an API request exceeding length limits in specific instances has been fixed.

Fingerprinting changes #

  • A bug where BACnet device fingerprint match values might not be correctly reflected in the asset has been fixed.
  • Office asset and service fingerprint additions and improvements, including: 2N, Atlona, Avaya, Canon, Cisco, Fortinet, IBM, Konica, Meraki, Microsoft, MIPS, and Poly
  • OT and testing asset and service fingerprint additions and improvements, including: Agilent, BreakingPoint, Calnex, Eaton, GE, Generex, Pressac, Rittal, Spirent, and VIAVI
  • Consumer asset and service fingerprint additions and improvements, including: Aircookie, Asus, D-Link, Denon, Espressif, LG, Maytronics, Netgear, Panasonic, Philips, Prusa, Rachio, Samsung, Shelly, Sony, TP-Link, TreatLife, and Wemo

Scan engine improvements #

  • The scanner now supports configuration of reverse DNS timeouts and the SSH username.
  • The scan engine now skips protocol probes on TCP port 9106.
  • The scan engine now limits the SNMP enumeration speed to the Max Host Rate, reducing CPU usage on older switches.
  • The scan engine now ignores additional cases of FortiGate HTTP interception.
  • The scan engine now correctly excludes broadcast addresses from the scan scope.
  • The scan engine now accepts IPv6 addresses and resolves AAAA records for hostnames.
  • The Explorer service now starts up slightly faster on Windows.
  • The CLI Scanner censys-db sub-command now requires less memory.
  • IPv6 support now includes link-local asset discovery and PTR lookups for DNS/mDNS.
  • A scan engine bug that could lead to an invalid exclusions error has been resolved.
  • A bug where scanning of some Lexmark printers interfered with the printer's job queue has been fixed.
  • A bug that could cause the CLI scanner to stack trace has been resolved.
  • The scan engine can now sync AWS assets.
  • The scan engine has improved handling for devices with ports sensitive to probing, such as printers, which also overlap services that use similar port values.

Inventory management improvements #

  • The coverage report can be filtered by site.
  • The closedPortsMap field has been removed from JSON exports.
  • The query search now supports result count selection and remembers the setting between views.
  • The Queries page now supports query execution across all assets, regardless of alive status.
  • The Queries page has a new Updated column, containing the last-modified date and time for each query.
  • Scan tags can now be provided for scan import tasks.
  • Rules now show when they were last processed, whether they triggered their action, and any error that occurred as a result.
  • Nmap XML exports are now much faster.
  • HP iLOs will no longer be merged into their host assets when they share a MAC address.
  • Event templates now truncate results correctly.
  • Autocompletion of search keywords has been added for organizations, tasks, and events.
  • Asset subnet tags are now included in JSON and XML asset exports.
  • Added an option to export only selected assets, services, or wireless.
  • Added a Every N Hours recurring task frequency option.
  • A regression that removed the service names from the asset details page has been fixed.
  • A bug which could lead to stalled rule processing has been fixed.
  • A bug where the services in an asset view were not properly sorted has been resolved.
  • A bug where task progress (on hover) could exceed 100% has been fixed.
  • A bug where stale reverse DNS attributes could persist on assets has been resolved.
  • A bug that prevented uploading very large scans has been fixed.
  • A bug that prevented Asset Modify rules from updating the HW field has been resolved.
  • A bug that persisted service products after asset changes has been fixed.
  • A bug that hid the Task Change report has been fixed.
  • A bug that could lead to some events being processed incorrectly has been resolved.

User access and management improvements #

  • The Team page now supports user groups, providing more options when managing permissions/roles across your users.
  • The new asset route pathing report traces potential network paths between your assets, displaying a Layer 3 graph visualization.
  • A regression that could lead to login errors after bulk permission updates has been fixed.
  • A bug which allowed invited users to skip the SSO login step when initially joining an organization with required SSO settings has been resolved.

Start your free trial #

Want to take Rumble for a spin? Sign up for a free trial to try out these capabilities free for 21 days.

Written by runZero Team

Due to the nature of their research and out of respect for their privacy, runZero team members prefer to remain anonymous. Their work is published under the runZero name.

More about runZero Team
Subscribe Now

Get the latest news and expert insights delivered in your inbox.

Welcome to the club! Your subscription to our newsletter is successful.


Related Articles

runZero Insights
Taming the Typhoons: How runZero Keeps You Ahead of State-Sponsored Cyber Threats
China's Typhoon cyber attacks are evolving, but runZero helps you stay one step ahead with unmatched visibility and proactive defense.
runZero Insights
Ensure compliance with DORA’s ICT risk framework using runZero
Learn how to uncover unmanaged and unknown assets— including IT, OT, and IoT— to meet DORA's hidden risk requirements using runZero.
Life at runZero
Employee Spotlight: Doug Markiewicz
Doug Markiewicz is a strategic Customer Success Engineer with a passion for solving complex cybersecurity problems. Learn more about his journey as...
runZero Insights
Evolving from IT to IoT: Flax Typhoon preyed on the lesser knowns
A look at Flax Typhoon's latest operations, and how runZero’s unknown and IoT asset visibility can help calm the storm for security teams.

See Results in Minutes

Get complete visibility into IT, OT, & IoT — without agents, credentials, or hardware.

© Copyright 2024 runZero, Inc. All Rights Reserved