Rumble 2.13 Sync assets & software from SentinelOne, track more cloud resources, view cross-organization inventory, and schedule automated reports

Updated

What's new with Rumble 2.13? #

Sync assets and software from SentinelOne #

Rumble Enterprise users can now enrich their inventory with an authenticated API connection to SentinelOne. This enables you to search for SentinelOne attributes in Rumble and find assets missing SentinelOne (not source:sentinelone and (type:server or type:laptop or type:desktop)). Rumble automatically correlates SentinelOne assets to scanned assets based on unique fields.

The SentinelOne integration also imports software inventory data. Software attributes include publisher, product, version, installation date, and installation size.

Set up the connection to SentinelOne.

SentinelOne connector

Explore software identified through Rumble scans #

View, search, and export the new software inventory, including vendor, name, and version as well as the corresponding asset in the new software tab. This inventory is populated through third-party integrations, such as SentinelOne, and by identifying network-exposed software through normal unauthenticated scans.

See what is in your software inventory.

Software inventory

Track more cloud resources from AWS, Azure, and GCP #

Discover databases and load balancers in AWS, Azure, and GCP.

Rumble now synchronizes the following cloud asset types:

AWS

  • EC2 - Provides scalable computing capacity in the Amazon Web Services (AWS) Cloud
  • Elastic Load Balancer - Automatically distributes incoming application traffic across multiple targets and virtual appliances in one or more availability zones
  • Lambda - Serverless, event-driven compute service that lets you run code without provisioning or managing servers
  • RDS - Collection of managed databases including Aurora, MySQL, MariaDB, PostgreSQL, Oracle, and SQL Server

Azure

GCP

For AWS and GCP you may need to set up additional APIs or credentials to enable Rumble to inventory these resources. Review the AWS documentation or GCP documentation to see if this is necessary before trying the queries above.

Cloud connectors

Work with your asset inventory across organizations #

You can now work with your asset inventory across organizations and do things like:

  • View the dashboard with aggregated visualizations
  • Search across organizations in the inventory
  • Export cross-organizational inventory data

Rumble uses organizations to separate logical entities for role-based access control (RBAC). Our Professional and Enterprise users told us they would like to search and report across organizations. We listened.

This feature is only available in Rumble Enterprise and Professional. To try out this feature, select All Organizations in the Organizations dropdown on the upper right of your screen. Rumble continues to enforce per-organization RBAC, so All Organizations only includes the ones to which you have at least view permissions.

All organizations

Schedule and email the Organization Overview Report #

You can now schedule the Organization Overview Report and automatically email a link when the report is ready. This report provides a high-level overview of the organization and can optionally include asset details and web screenshots. Print-friendly, this report can be converted to a PDF and shared with external stakeholders. Read more about the Organization Overview Report

Schedule and email the Organization Overview Report.

Schedule and email the Organization Overview Report

Release notes #

The Rumble 2.13 release includes a rollup of all the 2.12.x updates, which includes all of the following features, improvements, and updates.

New features #

  • Sync asset and software inventory from SentinelOne
  • Explore software identified through Rumble scans
  • Track more cloud resources from AWS, Azure, and GCP
  • Work with your asset inventory across organizations
  • Schedule and email the Organization Overview Report

Integration improvements #

  • The CrowdStrike integration now generates downloadable task data that can be used for importing CrowdStrike assets.
  • The CrowdStrike connector now handles API service outages more gracefully.
  • The CrowdStrike and Miradore integrations can now be run as scan probes from the console and scanner CLI.
  • The AWS connector now tags each instance with the associated AWS account email.
  • Credential access can now be toggled to allow or disallow all organizations during credential creation.
  • AWS credentials enabling STS assume role workflows are simplified to only require a role name.
  • Added ability to truncate syslog to a specified line length.
  • A performance issue that could cause long load times for the credentials page has been fixed.
  • A bug that prevented new CrowdStrike credentials from being stored has been fixed.
  • A bug that caused reports for certain AWS attributes to show empty results has been fixed.
  • A bug that caused VMware instances with non-unique UUIDs to be handled incorrectly has been fixed.

Inventory management improvements #

  • The organization overview report can now be generated and emailed to desired recipients on a recurring schedule.
  • The Alert Rules form now handles very long queries in the Test Query action.
  • Speed of the RFC 1918 Coverage Report has been greatly improved.
  • A bug where certain analysis tasks could error when an asset-query-results rule is enabled has been resolved.
  • A bug that reported Windows OSes incorrectly for VMware has been fixed.
  • A bug that prevented the organization overview report from being visible in Rumble Professional has been fixed.
  • A bug that prevented searching for bssid wireless values has been fixed.
  • A bug that led to visual errors on the asset details screen has been resolved.
  • A bug that could prevent deleting services from the services inventory has been resolved.
  • A bug that could lead to partial stats being shown in the dashboard for multi-site organizations has been resolved.
  • A bug that could cause the service to reload during task processing has been resolved.
  • A bug that caused stale SNMP credentials to stay associated with an asset has been fixed.

Scan engine improvements #

  • The scan configuration site scope warning now accurately reflects the site default scope.
  • The individual probe options in the Scan Config screen are now consistently sorted.
  • The Scan menu now provides an option to run a new scan using an existing template.
  • The Scan menu now links to Scan Template selection with a search interface.
  • Assets with external IP addresses will now be tagged with their geographic location and ASN when available.
  • A bug that led to the scan engine logging a debug message related to LDAP has been fixed.
  • A bug that could prevent scan templates from being saved has been resolved.
  • A bug that allowed IPs not in the scan scope to be used as primary addresses has been fixed.

Self-hosted platform improvements #

  • The self-hosted rumblectl update command now also applies content updates.
  • A bug that could prevent self-hosted content updates from working when /opt was on a different file system from /tmp has been fixed.
  • A bug that could lead to duplicate pre-built queries in self-hosted installations has been resolved.

Fingerprinting changes #

  • Support for Ubiquiti Discovery Protocol version 2
  • Additional support for products by 2N, Amag, AVTECH, AXIS, BitDefender, Bosch, Buffalo, Clearly IP, D-Link, Datamax-O'Neil, Develop, Devolo, Digium, EnGenius, FS, Heatmiser, Honeywell, HP, Moxa, Netgear, OctoPrint, ORing, Panasonic, Poly, Raspberry Pi, Ricoh, Rockwell Automation, Roku, Ruckus, Samsung, Savant Systems, SiliconDust, Silex Technology, Sony, Synaccess, Synology, Tenda, TP-LINK, TrendMicro, Ubiquiti, VMware, WAGO, Whirlpool, Xerox, Yealink, and Zyxel

User access and management improvements #

  • The organization users table now displays effective access for each user.
  • An intermittent issue that caused some external invitation emails to be missing activation codes has been fixed.
  • A bug that could prevent group members from being displayed on an organization’s users page has been fixed.
  • A bug that could prevent adding users to groups has been fixed.

API improvements #

  • Tags can now be applied, updated, and deleted in bulk using the API.

Start your free trial #

Want to take Rumble for a spin? Sign up for a free trial to try out these capabilities free for 21 days.

Written by Huxley Barbee

Huxley Barbee is a former Security Evangelist at runZero. He spent over 20 years as a software engineer and security consultant, previously working for Cisco, Sparkpost, and Datadog. Huxley attended his first DEF CON in 1999, and holds both CISSP and CISM certifications. Huxley is also an organizer of BSidesNYC.

More about Huxley Barbee
Subscribe Now

Get the latest news and expert insights delivered in your inbox.

Welcome to the club! Your subscription to our newsletter is successful.


Related Articles

runZero Research
SSHamble: Unexpected exposures in the Secure Shell
We conducted a deep dive into the SSH ecosystem and identified vulnerabilities across a wide range of implementations. During the research process,...
runZero Research
Attack Surface Challenges with OT/ICS and Cloud Environments
Learn why successfully navigating changes to operational technology and cloud attack surfaces is critical for successful asset security.
Life at runZero
Employee Spotlight: Nikki Milum
Nikki Milum is our stellar Senior People Operations Partner! Read on to learn more about why Nikki thinks runZero is different than any place she’s...
runZero Research
Evolving threat landscapes: a view through the lens of CAASM
See what our analysis of sample CAASM data reveals about the current threat landscape and how security teams are responding to challenges old and new.

See Results in Minutes

Get complete visibility into IT, OT, & IoT — without agents, credentials, or hardware.

© Copyright 2024 runZero, Inc. All Rights Reserved