Rumble 2.13 Sync assets & software from SentinelOne, track more cloud resources, view cross-organization inventory, and schedule automated reports

|
Updated

What's new with Rumble 2.13? #

Sync assets and software from SentinelOne #

Rumble Enterprise users can now enrich their inventory with an authenticated API connection to SentinelOne. This enables you to search for SentinelOne attributes in Rumble and find assets missing SentinelOne (not source:sentinelone and (type:server or type:laptop or type:desktop)). Rumble automatically correlates SentinelOne assets to scanned assets based on unique fields.

The SentinelOne integration also imports software inventory data. Software attributes include publisher, product, version, installation date, and installation size.

Set up the connection to SentinelOne.

SentinelOne connector

Explore software identified through Rumble scans #

View, search, and export the new software inventory, including vendor, name, and version as well as the corresponding asset in the new software tab. This inventory is populated through third-party integrations, such as SentinelOne, and by identifying network-exposed software through normal unauthenticated scans.

See what is in your software inventory.

Software inventory

Track more cloud resources from AWS, Azure, and GCP #

Discover databases and load balancers in AWS, Azure, and GCP.

Rumble now synchronizes the following cloud asset types:

AWS

  • EC2 - Provides scalable computing capacity in the Amazon Web Services (AWS) Cloud
  • Elastic Load Balancer - Automatically distributes incoming application traffic across multiple targets and virtual appliances in one or more availability zones
  • Lambda - Serverless, event-driven compute service that lets you run code without provisioning or managing servers
  • RDS - Collection of managed databases including Aurora, MySQL, MariaDB, PostgreSQL, Oracle, and SQL Server

Azure

GCP

For AWS and GCP you may need to set up additional APIs or credentials to enable Rumble to inventory these resources. Review the AWS documentation or GCP documentation to see if this is necessary before trying the queries above.

Cloud connectors

Work with your asset inventory across organizations #

You can now work with your asset inventory across organizations and do things like:

  • View the dashboard with aggregated visualizations
  • Search across organizations in the inventory
  • Export cross-organizational inventory data

Rumble uses organizations to separate logical entities for role-based access control (RBAC). Our Professional and Enterprise users told us they would like to search and report across organizations. We listened.

This feature is only available in Rumble Enterprise and Professional. To try out this feature, select All Organizations in the Organizations dropdown on the upper right of your screen. Rumble continues to enforce per-organization RBAC, so All Organizations only includes the ones to which you have at least view permissions.

All organizations

Schedule and email the Organization Overview Report #

You can now schedule the Organization Overview Report and automatically email a link when the report is ready. This report provides a high-level overview of the organization and can optionally include asset details and web screenshots. Print-friendly, this report can be converted to a PDF and shared with external stakeholders. Read more about the Organization Overview Report

Schedule and email the Organization Overview Report.

Schedule and email the Organization Overview Report

Release notes #

The Rumble 2.13 release includes a rollup of all the 2.12.x updates, which includes all of the following features, improvements, and updates.

New features #

  • Sync asset and software inventory from SentinelOne
  • Explore software identified through Rumble scans
  • Track more cloud resources from AWS, Azure, and GCP
  • Work with your asset inventory across organizations
  • Schedule and email the Organization Overview Report

Integration improvements #

  • The CrowdStrike integration now generates downloadable task data that can be used for importing CrowdStrike assets.
  • The CrowdStrike connector now handles API service outages more gracefully.
  • The CrowdStrike and Miradore integrations can now be run as scan probes from the console and scanner CLI.
  • The AWS connector now tags each instance with the associated AWS account email.
  • Credential access can now be toggled to allow or disallow all organizations during credential creation.
  • AWS credentials enabling STS assume role workflows are simplified to only require a role name.
  • Added ability to truncate syslog to a specified line length.
  • A performance issue that could cause long load times for the credentials page has been fixed.
  • A bug that prevented new CrowdStrike credentials from being stored has been fixed.
  • A bug that caused reports for certain AWS attributes to show empty results has been fixed.
  • A bug that caused VMware instances with non-unique UUIDs to be handled incorrectly has been fixed.

Inventory management improvements #

  • The organization overview report can now be generated and emailed to desired recipients on a recurring schedule.
  • The Alert Rules form now handles very long queries in the Test Query action.
  • Speed of the RFC 1918 Coverage Report has been greatly improved.
  • A bug where certain analysis tasks could error when an asset-query-results rule is enabled has been resolved.
  • A bug that reported Windows OSes incorrectly for VMware has been fixed.
  • A bug that prevented the organization overview report from being visible in Rumble Professional has been fixed.
  • A bug that prevented searching for bssid wireless values has been fixed.
  • A bug that led to visual errors on the asset details screen has been resolved.
  • A bug that could prevent deleting services from the services inventory has been resolved.
  • A bug that could lead to partial stats being shown in the dashboard for multi-site organizations has been resolved.
  • A bug that could cause the service to reload during task processing has been resolved.
  • A bug that caused stale SNMP credentials to stay associated with an asset has been fixed.

Scan engine improvements #

  • The scan configuration site scope warning now accurately reflects the site default scope.
  • The individual probe options in the Scan Config screen are now consistently sorted.
  • The Scan menu now provides an option to run a new scan using an existing template.
  • The Scan menu now links to Scan Template selection with a search interface.
  • Assets with external IP addresses will now be tagged with their geographic location and ASN when available.
  • A bug that led to the scan engine logging a debug message related to LDAP has been fixed.
  • A bug that could prevent scan templates from being saved has been resolved.
  • A bug that allowed IPs not in the scan scope to be used as primary addresses has been fixed.

Self-hosted platform improvements #

  • The self-hosted rumblectl update command now also applies content updates.
  • A bug that could prevent self-hosted content updates from working when /opt was on a different file system from /tmp has been fixed.
  • A bug that could lead to duplicate pre-built queries in self-hosted installations has been resolved.

Fingerprinting changes #

  • Support for Ubiquiti Discovery Protocol version 2
  • Additional support for products by 2N, Amag, AVTECH, AXIS, BitDefender, Bosch, Buffalo, Clearly IP, D-Link, Datamax-O'Neil, Develop, Devolo, Digium, EnGenius, FS, Heatmiser, Honeywell, HP, Moxa, Netgear, OctoPrint, ORing, Panasonic, Poly, Raspberry Pi, Ricoh, Rockwell Automation, Roku, Ruckus, Samsung, Savant Systems, SiliconDust, Silex Technology, Sony, Synaccess, Synology, Tenda, TP-LINK, TrendMicro, Ubiquiti, VMware, WAGO, Whirlpool, Xerox, Yealink, and Zyxel

User access and management improvements #

  • The organization users table now displays effective access for each user.
  • An intermittent issue that caused some external invitation emails to be missing activation codes has been fixed.
  • A bug that could prevent group members from being displayed on an organization’s users page has been fixed.
  • A bug that could prevent adding users to groups has been fixed.

API improvements #

  • Tags can now be applied, updated, and deleted in bulk using the API.

Start your free trial #

Want to take Rumble for a spin? Sign up for a free trial to try out these capabilities free for 21 days.

Written by runZero Team

Due to the nature of their research and out of respect for their privacy, runZero team members prefer to remain anonymous. Their work is published under the runZero name.

More about runZero Team
Subscribe Now

Get the latest news and expert insights delivered in your inbox.

Welcome to the club! Your subscription to our newsletter is successful.


Related Articles

runZero Insights
Taming the Typhoons: How runZero Keeps You Ahead of State-Sponsored Cyber Threats
China's Typhoon cyber attacks are evolving, but runZero helps you stay one step ahead with unmatched visibility and proactive defense.
runZero Insights
Ensure compliance with DORA’s ICT risk framework using runZero
Learn how to uncover unmanaged and unknown assets— including IT, OT, and IoT— to meet DORA's hidden risk requirements using runZero.
Life at runZero
Employee Spotlight: Doug Markiewicz
Doug Markiewicz is a strategic Customer Success Engineer with a passion for solving complex cybersecurity problems. Learn more about his journey as...
runZero Insights
Evolving from IT to IoT: Flax Typhoon preyed on the lesser knowns
A look at Flax Typhoon's latest operations, and how runZero’s unknown and IoT asset visibility can help calm the storm for security teams.

See Results in Minutes

Get complete visibility into IT, OT, & IoT — without agents, credentials, or hardware.

© Copyright 2024 runZero, Inc. All Rights Reserved