Rumble 2.7 New dashboard, multi-subscription Azure, AWS ELBs, Splunk add-on improvements, and faster discovery for Rumble Professional

|
Updated

What's new with Rumble 2.7? #

User experience improvements

Integration improvements

Scan, search, and self-hosted improvements

User experience improvements #

Need high-level visibility into your asset and services inventory? Rumble 2.7 introduces trend data and insights directly from your dashboard, which lets you assess how your inventory is changing.

To help you visualize trending data, there are two new graphs on the dashboard:

  • Asset trends - Shows the number of live, offline, scanned, and unscanned assets you have and how those counts have changed over the past day, 7 days, or 30 days.
Asset trends
  • Services trends - Shows the number of ARP, ICMP, TCP, UDP, and total services you have and how those counts have changed over the past day, 7 days, or 30 days.
Services trends

Under each category–such as asset type, OS, hardware type, and TCP ports–there are historical trend graphs that let you see how that data has changed over time.

Trend graph

To help you keep up-to-speed with changes in your environment, you can set up automated queries for critical assets or specific events on your network. When you activate an automated query, it will run after scans and show the number of assets, services, and wireless networks that matched in your query on the dashboard.

Insights

Easily navigate configuration pages for new scans, imports, connections, and more #

Ever scrolled through the Rumble scan configuration page? We know; it's long and overwhelming. To help you easily configure your scan, the scan configuration page now has tabs that group together relevant configuration options for your scans: Standard, Advanced, SNMP, and Probes.

Scan configuration form

Other configurable areas of Rumble have taken inspiration from the scan configuration page redesign as well, such as the new query, import, connection, credential, and team member pages. Happy navigating!

Know when your connector credentials are invalid #

Don't you hate it when you fat-finger your password? We do too! Rumble now validates all connector credentials against their live APIs before saving them. No more running a task only to find out it couldn't connect to its data source. Sometimes, it's the small things that make a big difference.

Integration improvements #

Sync Microsoft Azure data with multiple subscriptions #

Rumble's integration with Microsoft Azure Cloud delivers better visibility into your cloud assets by adding information about your virtual machines to your inventory, such as their location, size, OS, storage information, resource group, and more.

Rumble 2.7 introduces multi-subscription access for Azure, which lets you use a client secret for API access to find all subscriptions in a directory. Select the Access all subscriptions in this directory (tenant) option when you set up your Azure connection configuration to enable multiple subscription support.

Azure subscription option

To sync multiple directories, you can provide Rumble with a username and password for an account. When you configure your Azure connection, choose Azure username & password as the credential type, and then provide your account credentials. If you don't want to provide your username and password, you'll need to add a client secret for each Azure directory.

Azure client secret

Once synced, you'll be able to search your inventory for Azure VMs and drill into each asset to view its attributes, like its resource group and storage profile.

Azure attributes

Sync AWS load balancers (ELB) into your inventory #

Elastic Load Balancing (ELB) offers the ability to scale computing capacity by distributing incoming traffic across multiple targets, like EC2 instances, containers, and IP addresses, across availability zones. As the frontline to your applications and services, load balancers are often exposed to the Internet and highly visible. Knowing which load balancers are public-facing and reachable from the internet is critical. Our AWS integration now sync load balancers from ELB to your inventory.

To sync AWS load balancers with Rumble, you will need to add and activate a connection to your AWS EC2 API by providing the AWS region Access Key ID, and Secret Access Key. This credential should have access to the AmazonEC2ReadOnlyAccess policy. After a successful sync, you can view your load balancers in the asset inventory.

AWS load balancers

All four types of load balancers will be viewable from the Rumble inventory: application, network, classic, and gateway load balancers. The assets will include ELB-specific attributes, such as the public IP addresses, availability zone, ARN, state, type, IPv4 pool, and scheme.

Connect Splunk to self-hosted instances and import services data #

Rumble Enterprise integrates with Splunk using a dedicated Splunk Add-on, which enables you to pull new or updated assets into a Splunk index to analyze, visualize, and monitor them.

Rumble 2.7 adds three improvements to the Splunk Add-on:

  • jQuery upgrade - The bundled version of jQuery has been upgraded to 3.5.0 for security and future compatibility.
  • Services export from Rumble - Folks who want to pull all discovered services into Splunk can do so using the per-input configuration option.
  • Self-hosted support - Self-hosted deployments can now leverage the Splunk integration. Just set your self-hosted console as the API endpoint input during configuration of the account.

Scan, search, and self-hosted improvements #

Scan faster with Rumble Professional using subnet and host ping #

Rumble's subnet ping and host ping options enable fast discovery of large IP ranges. Subnet ping lets you only scan /24 segments that have at least one responsive host. Host ping lets you use a smaller set of probes to identify active systems before running a full scan. Combining these two options can help you quickly identify all reachable IP spaces in an organization. These two discovery options are now available to all Rumble Pro and Enterprise Editions. Enjoy your rapid discovery!

View end-of-life dates for APC firmware and Windows 10 #

Assets running end-of-life firmware or operating systems pose security, compliance, and business risks and need to be upgraded as soon as possible. Rumble 2.6 introduced two new columns to your asset inventory that lists the known EOL dates: OS EOL and OS EOL EXT. These columns reflect the support end-of-life and extended support end-of-life date for the detected operating system or firmware. Rumble highlights specific assets that are EOL, nearing their EOL date, or are still within their supported period.

Our initial coverage for EOL dates included Windows, macOS, Ubuntu, Debian, and HP iLO firmware. Rumble 2.7 expands coverage for APC UPS firmware cards on your network.

EOL dates for APC firmware

For Windows systems, Rumble better tracks builds that share the same system files (such as 1903-1909, 2004-21H2, etc). These systems will now report the range of versions possible and the OS EOL reporting will use the latest release in this range to determine the end of support timeframe.

Updated search keywords for assets and services #

Rumble 2.7 adds new keywords for services inventory searches and improves wildcard searches for asset hostnames.

Five new service search keywords have been added to help you search services by IP address: The service_address, service_hasprivate, service_haspublic, service_hasipv6, and service_has_linklocal keywords work similarly to their assets versions, but apply to the specific IP tied to the service. For example, to look for a service that has a private IP address, you can search service_hasprivate:true. Or for a service that has a public IP address, you can search service_haspublic:true.

Rumble search keywords use the percentage sign (%) as a wildcard, but applying this to fields with multiple values, like hostnames, was tricky. Starting with 2.7, you can perform wildcard searches of hostnames with anchored patterns, such as using name:=FTP.% to find any asset with a hostname starting with the "FTP." sequence.

Self-hosted deployment improvements #

The self-hosted platform is better than ever with support for Debian, a combined installer, improved configurability around TLS, updated documentation, and service hardening.

Rumble 2.7 adds support for the Debian 10 and Debian 11 operating systems running on x86_64, in addition to existing support for Ubuntu, RHEL, and CentOS.

The self-hosted installer now bundles together this full suite of explorers and scanners in the initial download, saving a step at installation time. This new download is a bit bigger (and takes a few seconds to generate), but removes the need to run an update after installation.

Documentation around self-hosting has been updated to include new SMTP and TLS options in addition to a detailed description of how the file system is used and what permissions are needed. The new TLS options simplify the process of running with NIST 800-52r2 cipher configurations.

Release notes #

This release includes a rollup of all the 2.6.x updates. Read the changelog to see all the improvements and updates in this release.

Get started with Rumble #

Want to take Rumble for a spin? Sign up for a free trial to try out these capabilities free for 21 days.

Written by runZero Team

Due to the nature of their research and out of respect for their privacy, runZero team members prefer to remain anonymous. Their work is published under the runZero name.

More about runZero Team
Subscribe Now

Get the latest news and expert insights delivered in your inbox.

Welcome to the club! Your subscription to our newsletter is successful.


Related Articles

runZero Insights
Taming the Typhoons: How runZero Keeps You Ahead of State-Sponsored Cyber Threats
China's Typhoon cyber attacks are evolving, but runZero helps you stay one step ahead with unmatched visibility and proactive defense.
runZero Insights
Ensure compliance with DORA’s ICT risk framework using runZero
Learn how to uncover unmanaged and unknown assets— including IT, OT, and IoT— to meet DORA's hidden risk requirements using runZero.
Life at runZero
Employee Spotlight: Doug Markiewicz
Doug Markiewicz is a strategic Customer Success Engineer with a passion for solving complex cybersecurity problems. Learn more about his journey as...
runZero Insights
Evolving from IT to IoT: Flax Typhoon preyed on the lesser knowns
A look at Flax Typhoon's latest operations, and how runZero’s unknown and IoT asset visibility can help calm the storm for security teams.

See Results in Minutes

Get complete visibility into IT, OT, & IoT — without agents, credentials, or hardware.

© Copyright 2024 runZero, Inc. All Rights Reserved