What's new in runZero 3.10: #
Integrations page and menu updates #
Previously, runZero customers used the Connect and Export menus to find and utilize integrations in the runZero console. As of 3.10 the Connect drop-down menu has been renamed to Integrate, and a new page has been added to the left menu bar titled Integrations.
The integrations page displays all available integrations for runZero, with direct links to documentation and configuration pages where applicable. The integrations page shows not only the inbound integrations for runZero but our outbound and custom integrations as well, all in one place. We hope this change makes it easier for new and existing customers to configure integrations. It also showcases how runZero can work with other products and technologies in your ecosystem.
Redesigned Explorer detail page #
Officially released in 3.9.6, a redesign of the Explorer detail page refreshes the view of all existing details, and allows runZero users to view Explorer tasks and their status from the details page. Additionally, you can now edit Explorer details directly from the details page.
Coming soon: Want to see what we’ve been devOTing ourselves to lately? #
We have a new feature coming in August to assist with discovering fragile devices in OT environments and beyond. Our R&D teams have worked hard these past few months to make this a reality, and we’re excited to introduce it!
Protocol improvements #
Through this release the research team has added or improved the following items:
- Improved discovery of
SSDPservices providing visibility into devices that may need those services disabled - Added additional data extraction capabilities to our
SSDPandUPnPprobes - Added detection of
SOCKSproxies - Improved our detection and handling of spoofed/invalid
NTLMSSPversions in theSMBprobe
Fingerprint improvements #
New fingerprints were added for products by Debian, DW, FRRouting Project, Google, Huawei, IADea, IBM, IndigoVision, ISC, Lexmark, MiniDLNA Project, Netgear, Nokia, ONVU Technologies Group, OpenBSD, Palo Alto Networks, QSI, ServerTech, Siemens, Siqura, Sony, StarSat, Tycho, and Ubiquiti.
Rapid response #
The research team published a blog post about finding vulnerable instances of the Fortinet SSL VPN in response to the publication of a critical vulnerability that could allow remote unauthenticated exploitation.
Release notes #
The runZero 3.10 release includes a rollup of all the 3.9.x updates, which includes all of the following features, improvements, and updates.
New features #
- An integrations page has been added to improve visibility and simplify configuration.
- An update to the Trends tab of Attack Surface Management graphs has been added to show enhanced date and time data.
Product improvements #
- Assets with hostnames starting with a numeric prefix are now allowed to merge.
- Inventory searches using keyword
organizationproperly warn that it cannot be used unless either that specific organization or the All Organizations option are chosen from the drop-down in the upper right of the console. - Improved detection of various printer models.
- The Explorer details page has been redesigned.
- Improved database performance for asset, site, and organization delete operations.
- Improved database performance for outlier and vulnerability processing.
- Improved database performance for concurrent integration processing.
- Additional MAC address detection through
SSDPand UPnP services. - Improved operating system and hardware fingerprinting of Palo Alto Networks devices.
- Trial accounts can now create Custom Integrations.
- Discovery of
SSDPservices has been improved. - Improved handling of email send errors.
- Asset correlation has been improved for switches with overlapping MAC addresses.
- Improved detection of AIX systems.
- Reduced OS fingerprinting false positives against assets with non-Microsoft SMB stacks.
- Improved handling of login tokens.
Integration improvements #
- Improved import of assets from Azure Active Directory.
Bug fixes #
- A bug that could cause the
MDNSprobe to panic in limited scenarios has been resolved. - An issue that could result in the old Explorer details pages being shown has been resolved.
- A bug preventing Microsoft 365 Defender OAuth Client Credential tokens from accessing Azure government environments has been resolved.
- A bug that could result in invalid
Last Seenvalues for Rapid7 assets has been resolved. - A bug that could lead to stale service entries has been resolved.
- A bug causing some goals to return an error has been resolved.
- An issue that could prevent alert rule actions from modifying asset ownership based on software, service, or vulnerability query results is resolved.
- An issue where dynamic content did not have the header
Cache-Control: no-storehas been resolved. - A bug has been fixed that could cause scans to be dropped with
explorer failed to queue taskwhen the Explorer was already handling the configured maximum number of simultaneous scans. - A bug causing the task start time to be shown for the scan start time has been resolved.
- A bug that could prevent the creation of new goals has been resolved.
- A bug that could prevent those with the
annotatorrole from viewing or modifying Asset Ownership has been resolved. - An issue that could prevent navigation to the Account settings page has been resolved.
- A bug causing JavaScript errors to be thrown when adding or editing Google Workspace connector tasks has been resolved.
- A bug with thumbprint validation for the LDAP integration has been resolved and the related error messages have been improved.
- A bug where the link to help for query syntax led to a missing page has been resolved.
- A bug preventing the Explorer interface and addresses from being populated has been addressed.
