runZero 3.10 New integrations page, UX improvements, Black Hat 2023!


What's new in runZero 3.10: #

Integrations page and menu updates #

Previously, runZero customers used the Connect and Export menus to find and utilize integrations in the runZero console. As of 3.10 the Connect drop-down menu has been renamed to Integrate, and a new page has been added to the left menu bar titled Integrations.

The integrations page displays all available integrations for runZero, with direct links to documentation and configuration pages where applicable. The integrations page shows not only the inbound integrations for runZero but our outbound and custom integrations as well, all in one place. We hope this change makes it easier for new and existing customers to configure integrations. It also showcases how runZero can work with other products and technologies in your ecosystem.

The runZero integrations page

Redesigned Explorer detail page #

Officially released in 3.9.6, a redesign of the Explorer detail page refreshes the view of all existing details, and allows runZero users to view Explorer tasks and their status from the details page. Additionally, you can now edit Explorer details directly from the details page.

runZero Explorer details page

Coming soon: Want to see what we’ve been devOTing ourselves to lately? #

We have a new feature coming in August to assist with discovering fragile devices in OT environments and beyond. Our R&D teams have worked hard these past few months to make this a reality, and we’re excited to introduce it!

Protocol improvements #

Through this release the research team has added or improved the following items:

  • Improved discovery of SSDP services providing visibility into devices that may need those services disabled
  • Added additional data extraction capabilities to our SSDP and UPnP probes
  • Added detection of SOCKS proxies
  • Improved our detection and handling of spoofed/invalid NTLMSSP versions in the SMB probe

Fingerprint improvements #

New fingerprints were added for products by Debian, DW, FRRouting Project, Google, Huawei, IADea, IBM, IndigoVision, ISC, Lexmark, MiniDLNA Project, Netgear, Nokia, ONVU Technologies Group, OpenBSD, Palo Alto Networks, QSI, ServerTech, Siemens, Siqura, Sony, StarSat, Tycho, and Ubiquiti.

Rapid response #

The research team published a blog post about finding vulnerable instances of the Fortinet SSL VPN in response to the publication of a critical vulnerability that could allow remote unauthenticated exploitation.

Release notes #

The runZero 3.10 release includes a rollup of all the 3.9.x updates, which includes all of the following features, improvements, and updates.

New features #

  • An integrations page has been added to improve visibility and simplify configuration.
  • An update to the Trends tab of Attack Surface Management graphs has been added to show enhanced date and time data.

Product improvements #

  • Assets with hostnames starting with a numeric prefix are now allowed to merge.
  • Inventory searches using keyword organization properly warn that it cannot be used unless either that specific organization or the All Organizations option are chosen from the drop-down in the upper right of the console.
  • Improved detection of various printer models.
  • The Explorer details page has been redesigned.
  • Improved database performance for asset, site, and organization delete operations.
  • Improved database performance for outlier and vulnerability processing.
  • Improved database performance for concurrent integration processing.
  • Additional MAC address detection through SSDP and UPnP services.
  • Improved operating system and hardware fingerprinting of Palo Alto Networks devices.
  • Trial accounts can now create Custom Integrations.
  • Discovery of SSDP services has been improved.
  • Improved handling of email send errors.
  • Asset correlation has been improved for switches with overlapping MAC addresses.
  • Improved detection of AIX systems.
  • Reduced OS fingerprinting false positives against assets with non-Microsoft SMB stacks.
  • Improved handling of login tokens.

Integration improvements #

  • Improved import of assets from Azure Active Directory.

Bug fixes #

  • A bug that could cause the MDNS probe to panic in limited scenarios has been resolved.
  • An issue that could result in the old Explorer details pages being shown has been resolved.
  • A bug preventing Microsoft 365 Defender OAuth Client Credential tokens from accessing Azure government environments has been resolved.
  • A bug that could result in invalid Last Seen values for Rapid7 assets has been resolved.
  • A bug that could lead to stale service entries has been resolved.
  • A bug causing some goals to return an error has been resolved.
  • An issue that could prevent alert rule actions from modifying asset ownership based on software, service, or vulnerability query results is resolved.
  • An issue where dynamic content did not have the header Cache-Control: no-store has been resolved.
  • A bug has been fixed that could cause scans to be dropped with explorer failed to queue task when the Explorer was already handling the configured maximum number of simultaneous scans.
  • A bug causing the task start time to be shown for the scan start time has been resolved.
  • A bug that could prevent the creation of new goals has been resolved.
  • A bug that could prevent those with the annotator role from viewing or modifying Asset Ownership has been resolved.
  • An issue that could prevent navigation to the Account settings page has been resolved.
  • A bug causing JavaScript errors to be thrown when adding or editing Google Workspace connector tasks has been resolved.
  • A bug with thumbprint validation for the LDAP integration has been resolved and the related error messages have been improved.
  • A bug where the link to help for query syntax led to a missing page has been resolved.
  • A bug preventing the Explorer interface and addresses from being populated has been addressed.

Written by Amber Lee

More about Amber Lee
Subscribe Now

Get the latest news and expert insights delivered in your inbox.

Welcome to the club! Your subscription to our newsletter is successful.

Related Articles

runZero Research
SSHamble: Unexpected exposures in the Secure Shell
We conducted a deep dive into the SSH ecosystem and identified vulnerabilities across a wide range of implementations. During the research process,...
runZero Research
Attack Surface Challenges with OT/ICS and Cloud Environments
Learn why successfully navigating changes to operational technology and cloud attack surfaces is critical for successful asset security.
Life at runZero
Employee Spotlight: Nikki Milum
Nikki Milum is our stellar Senior People Operations Partner! Read on to learn more about why Nikki thinks runZero is different than any place she’s...
runZero Research
Evolving threat landscapes: a view through the lens of CAASM
See what our analysis of sample CAASM data reveals about the current threat landscape and how security teams are responding to challenges old and new.

See Results in Minutes

Get complete visibility into IT, OT, & IoT — without agents, credentials, or hardware.

© Copyright 2024 runZero, Inc. All Rights Reserved