Rumble 2.10: Uncover IPv6 blindspots and manage permissions with user groups

(updated ), by Huxley Barbee
icon
Rumble, Inc. is now runZero!

Rumble Network Discovery is now runZero!

What’s new with Rumble 2.10?

Discover IPv6 assets anywhere

Rumble has extended its IPv6 support to include scans of IPv6 static addresses, DNS names with AAAA records, and interface-specific link-local IPv6 addresses. This support is enabled by default for runZero Explorers on IPv6-enabled hosts. Local IPv6 discovery comes from the new Layer 2 probe, which identifies link-local addresses on IPv6-enabled interfaces, even without user input, and then conducts a full scan of the newly-found targets.

IPv6 scanning is now a native feature in the Rumble scan engine. Thus, scanning one IP protocol version can yield insights from the other. For example, when scanning IPv6, Rumble’s multi-home detection logic can discover IPv4 addresses on the same device, and present a unified asset with both IPv4 and IPv6 addresses.

Uncover your IPv6 blind spots with Rumble by comparing the services exposed on IPv4 with IPv6. Many services are exposed on IPv6 but not on IPv4 and firewalls do not always impose the same restrictions on IPv4 and IPv6 traffic, creating network blind spots. The services summary in the asset detail report makes it easy to spot if an asset presents a different exposure over IPv6 versus IPv4.

IPv6 discovery

Group users to easily manage permissions

Rumble now supports user groups, which enables you to bulk manage users that need a shared set of permissions. User group permissions are applied on top of the base user permissions, with the highest permission level taking effect. This simplifies the common case, where limited privileges are provided through a base role and specific organization access is managed at the group-level. Rumble Enterprise users have the option to set an expiration date on user groups to enforce time-bound access. After the expiration date elapses, the account reverts back to their user-level permissions.

User groups

Check out the new user management features by going to Home > Your team > Groups.

Release notes

The Rumble 2.10 release includes a rollup of all the 2.9.x updates, which includes all of the following features, improvements, and updates.

New features

  • Discover IPv6 assets anywhere
  • Group users to easily manage permissions
  • Sync AWS from the Explorer, Scanner, or Console
  • Faster imports of Censys Data

Security improvements

  • A security issue has been identified and fixed in the SSO SAML handler of the web console. This issue was found during internal review and could be abused to trigger a denial-of-service or limited leak of application internal data by an unauthenticated attacker. Self-hosted customers need to upgrade as soon as possible. Hosted customers have already been updated to the latest version.

Integration improvements

  • The CrowdStrike integration now uses the Scroll API to better support large organizations.
  • The CrowdStrike integration has been updated to improve correlation with existing assets.
  • The Azure connector now ignores canceled subscriptions automatically.
  • CrowdStrike connector tasks now move preexisting CrowdStrike-sourced assets into matching scanned assets across sites.
  • Censys Avro files can now be converted to a database for faster lookups.
  • AWS internal hostnames are now reported in the asset name list.
  • AWS assets can now be synced from the standalone scanner, as a scan probe in the console, or imported from previous AWS connector tasks.
  • AWS and Azure connectors no longer set asset alive status and no longer are counted as offline or back online in the change report.
  • A bug that prevented some AWS organizations from working with STS AssumeRole has been fixed.
  • A bug that prevented public IP addresses from populating an AWS asset’s IPv4 attribute has been fixed.
  • A bug that prevented services from displaying after a third-party import has been resolved.
  • A bug that prevented importing operating system information from CrowdStrike for some Linux devices has been fixed.
  • A bug that could allow duplicate CrowdStrike assets after an import has been fixed. Any resulting duplicates are eliminated on the next CrowdStrike task run.
  • A bug that caused the Azure integration to occasionally skip public IPs has been fixed.
  • A bug that caused a CrowdStrike connector task to send an API request exceeding length limits in specific instances has been fixed.

Fingerprinting changes

  • A bug where BACnet device fingerprint match values might not be correctly reflected in the asset has been fixed.
  • Office asset and service fingerprint additions and improvements, including: 2N, Atlona, Avaya, Canon, Cisco, Fortinet, IBM, Konica, Meraki, Microsoft, MIPS, and Poly
  • OT and testing asset and service fingerprint additions and improvements, including: Agilent, BreakingPoint, Calnex, Eaton, GE, Generex, Pressac, Rittal, Spirent, and VIAVI
  • Consumer asset and service fingerprint additions and improvements, including: Aircookie, Asus, D-Link, Denon, Espressif, LG, Maytronics, Netgear, Panasonic, Philips, Prusa, Rachio, Samsung, Shelly, Sony, TP-Link, TreatLife, and Wemo

Scan engine improvements

  • The scanner now supports configuration of reverse DNS timeouts and the SSH username.
  • The scan engine now skips protocol probes on TCP port 9106.
  • The scan engine now limits the SNMP enumeration speed to the Max Host Rate, reducing CPU usage on older switches.
  • The scan engine now ignores additional cases of FortiGate HTTP interception.
  • The scan engine now correctly excludes broadcast addresses from the scan scope.
  • The scan engine now accepts IPv6 addresses and resolves AAAA records for hostnames.
  • The Explorer service now starts up slightly faster on Windows.
  • The CLI Scanner censys-db sub-command now requires less memory.
  • IPv6 support now includes link-local asset discovery and PTR lookups for DNS/mDNS.
  • A scan engine bug that could lead to an invalid exclusions error has been resolved.
  • A bug where scanning of some Lexmark printers interfered with the printer’s job queue has been fixed.
  • A bug that could cause the CLI scanner to stack trace has been resolved.
  • The scan engine can now sync AWS assets.
  • The scan engine has improved handling for devices with ports sensitive to probing, such as printers, which also overlap services that use similar port values.

Inventory management improvements

  • The coverage report can be filtered by site.
  • The closedPortsMap field has been removed from JSON exports.
  • The query search now supports result count selection and remembers the setting between views.
  • The Queries page now supports query execution across all assets, regardless of alive status.
  • The Queries page has a new Updated column, containing the last-modified date and time for each query.
  • Scan tags can now be provided for scan import tasks.
  • Rules now show when they were last processed, whether they triggered their action, and any error that occurred as a result.
  • Nmap XML exports are now much faster.
  • HP iLOs will no longer be merged into their host assets when they share a MAC address.
  • Event templates now truncate results correctly.
  • Autocompletion of search keywords has been added for organizations, tasks, and events.
  • Asset subnet tags are now included in JSON and XML asset exports.
  • Added an option to export only selected assets, services, or wireless.
  • Added a Every N Hours recurring task frequency option.
  • A regression that removed the service names from the asset details page has been fixed.
  • A bug which could lead to stalled rule processing has been fixed.
  • A bug where the services in an asset view were not properly sorted has been resolved.
  • A bug where task progress (on hover) could exceed 100% has been fixed.
  • A bug where stale reverse DNS attributes could persist on assets has been resolved.
  • A bug that prevented uploading very large scans has been fixed.
  • A bug that prevented Asset Modify rules from updating the HW field has been resolved.
  • A bug that persisted service products after asset changes has been fixed.
  • A bug that hid the Task Change report has been fixed.
  • A bug that could lead to some events being processed incorrectly has been resolved.

User access and management improvements

  • The Team page now supports user groups, providing more options when managing permissions/roles across your users.
  • The new asset route pathing report traces potential network paths between your assets, displaying a Layer 3 graph visualization.
  • A regression that could lead to login errors after bulk permission updates has been fixed.
  • A bug which allowed invited users to skip the SSO login step when initially joining an organization with required SSO settings has been resolved.

Start your free trial

Want to take Rumble for a spin? Sign up for a free trial to try out these capabilities free for 21 days.

Similar Content

November 15, 2022

runZero 3.3: Unmatched visibility into your Google ecosystem

What’s new with runZero 3.3? Extended visibility into Google Workspace Queries for Google Workspace users and groups Fingerprinting for Google assets Identification of OpenSSL services Improvements to the runZero Console Extended visibility into Google Workspace …

Read More

October 18, 2022

runZero 3.2: A 365-degree view of your Microsoft environment

What’s new with runZero 3.2? Integrations with Microsoft 365 Defender and Microsoft Intune Query and report on Active Directory users and groups Fingerprint updates User experience improvements Complete visibility into your Microsoft assets Over the last few months, …

Read More

September 13, 2022

runZero 3.1: Sync Active Directory, import assets from Shodan, and launch integrations from Explorers

What’s new with runZero 3.1? Sync your Active Directory users, groups, and machines with runZero Import assets and external services from Shodan Launch integrations from Explorers Connect and sync Active Directory with runZero runZero Professional and Enterprise users …

Read More