runZero 3.7 Custom integrations and SDK

|
Updated

What's new with runZero 3.7? #

  • Custom integrations and Python SDK
  • ServiceNow Service Graph Connector for runZero
  • Protocol improvements
  • New and improved fingerprints

Custom integrations and Python SDK #

runZero Enterprise customers can now import assets from custom sources using the runZero SDK. The new Python SDK supports runZero's custom integration API functions for ease of automation and use for those familiar with Python. These custom integrations allow for creating and importing asset types not previously supported within runZero, along with assigning the integration a name, description, and custom icon. Once imported, you can manage these custom integration sources from the runZero UI, and remove them from assets if desired. This will allow you to build new integrations and further enrich the asset data within runZero.

Viewing custom integration attributes

ServiceNow Service Graph Connector for runZero #

The runZero Service Graph connector is now available in the ServiceNow marketplace. The connector can automatically pull your runZero asset data into your CMDB, merging with your ServiceNow data to improve asset visibility and accuracy. This connector does not replace the ServiceNow IntegrationHub ETL integration; both the connector and integration are available to Enterprise customers.

ServiceNow Service Graph connector for runZero

Protocol improvements #

The 3.7 release includes improved support for the Checkmk host agent. Checkmk is an open source host monitoring service and is deployed as part of many solutions and network appliances. Customers with Checkmk in their environment will benefit from improved software inventory and EDR detection for these assets. The accuracy of operating system fingerprinting has also been improved using available Checkmk data.

The scanner now supports the Steam In-Home Streaming Discovery Protocol, allowing for identification of devices running the Steam client from Valve Software.

New and improved fingerprints #

A number of fingerprints and fingerprint capabilities have been improved in this release. These improvements include fingerprinting of TLS stacks, better coverage of Roku devices based on AirPlay responses, and improved OS fingerprinting of devices speaking the BACnet protocol.

New fingerprints were added for products by Abbott, Aruba, Audioscan, Bayer, Canon, Ciena, Cisco, Crestron, FloLogic, GE HealthCare, GE MDS, Google, H3C, Huawei, IBM, Keyence, Meross, Logitech, NetApp, Panduit, Proofpoint, Roku, Quantum, Raritan, Roku, Shelly, SonicWall, Tesla, TP-Link, and VMware.

See runZero 3.7 in action #

Watch the video to see a preview of some of the newest features in runZero, including the ServiceNow connector, Checkmk protocol parser, and custom integrations leveraging the Python SDK.

Release notes #

The runZero 3.7 release includes a rollup of all the 3.6.x updates, which includes all of the following features, improvements, and updates.

New features #

  • Customers with an enterprise license can now create custom integrations and import assets from any external asset data source using the runZero Python SDK.
  • Improved performance and reliability of metrics calculations.
  • Improved performance of the vulnerabilities inventory.
  • AWS permission errors are now more detailed to make troubleshooting easier.
  • A bug where the asset ownership tag was not able to be changed successfully has been resolved.
  • A bug where email addresses were case sensitive on sign in has been resolved.
  • A bug where the "Create Organization" button appeared disabled but was still clickable has been resolved.
  • A bug preventing the Asset Ownership goals toggle from being clickable has been resolved.
  • Upgraded npcap to version 1.73
  • Fingerprint updates.

Security fixes #

  • A bug that could show cross-tenant Queries and their associated author email addresses was resolved. This issue only applied to a cloud-hosted version of the runZero platform that was live for slightly more than two hours on March 29th, 2023. Any customers affected by this issue received a detailed notice. This affected version 3.6.14.
  • A bug that could allow an organization admin to see the names of other organizations in the tenant, even without explicit access, has been resolved. This affected versions 3.6.0 to 3.6.5.
  • A bug that could expose limited information about an organization to cross-tenant users has been resolved. This issue could have allowed an attacker that guessed the v4 UUID of an organization to view the name, description, and top-level statistics (asset count, service count, task count, etc.) without appropriate authorization. This affected versions 3.6.0 to 3.6.4.

Product improvements #

  • Improved quality of errors reported by the CLI Scanner.
  • Improved user experience of user management.
  • Improved user experience of organization management.
  • Packets sent/received are now visible from the tasks preview.
  • Enterprise customers can now scan all ports and up to a /8 at a time using the hosted scan engines.
  • Attribute searches and reports are now faster in large organizations.
  • It is now possible to download the task log for a failed scan.
  • Hosted scans no longer ignore responses from common firewalls.
  • Daily asset expiration now records an assets-expired event with the count.
  • The task-failed event now includes information about the associated Explorer.
  • Scans can now configure specific probes for Subnet and Host pings.
  • Asset queries can now surface overlaps in asset names, IP addresses, and MAC addresses across inventory.
  • Behavior around parent/child organizations has been improved.
  • A change to Chrome which caused web screenshots to fail has been addressed.
  • Alert rules now support software and vulnerability queries.
  • Asset ownership now supports references to runZero users and groups.
  • Vulnerability inventory now includes an Exploit status, indicating whether the vulnerability is known exploitable. The Exploit status will only be populated for vulnerabilities imported after this release.
  • Datagrids across the UI no longer use the incorrect theme.
  • Task WLAN listing functionality has been improved to enforce a timeout if the underlying utility is slow or unresponsive.
  • The maximum time to complete an SNMP walk is now configurable.
  • The default maximum time to complete an SNMP walk has been increased to 5 minutes from 1 minute.
  • The maximum results for an SNMP walk have been increased to 8k from 4k.
  • Assets owned by a runZero user will now be displayed on the user details page.
  • The Reason column in the failed tasks table will now properly persist the hidden state between page loads.
  • Saved queries can now be created for software, vulnerabilities, and screenshots.
  • Attribute reports now group unique values within a single key.
  • The View More link is now accessible for in-progress tasks.
  • Asset owner names now suggest auto-complete options.
  • Accessibility improvements.
  • Client-side timezone updates.
  • Improved performance of the organization details page.

Integration improvements #

  • The AWS integration now supports the GovCloud partition for assumed roles.
  • Validation warnings for internal IPs when using LDAP and InsightVM integrations has been improved.
  • Filtering of non-unique MAC addresses has been improved to better support Cisco virtual MAC addresses.
  • Cisco virtual MAC addresses are now handled more consistently.
  • Increased timeouts for the Tenable integration.
  • Improved reliability of CrowdStrike credentials verification.
  • The API response for a PUT request to /org/sites now returns the details of the new site.
  • Improved reliability of the Tenable integration.
  • API requests to apply tags to one or more assets now complete much faster.

Bug fixes #

  • A race condition that could occur during self-hosted installation has been resolved.
  • A bug that could cause the Tenable connector to fail intermittently for some customers has been resolved.
  • A bug that could cause task details not to render on the task overview screen has been resolved.
  • A bug that could prevent organization administrators from creating new projects has been resolved.
  • A bug that could prevent some CrowdStrike software from importing successfully has been resolved.
  • A bug that caused misaligned values when exporting assets to CSV has been resolved.
  • A bug that could cause the SSO page to render off screen has been resolved.
  • A bug that could prevent asset modifications triggered by alert rules has been resolved.
  • A bug that could prevent the dashboard from loading successfully has been resolved.
  • A bug that caused misaligned values when exporting assets to CSV has been resolved.
  • A bug that could cause assets to incorrectly merge has been resolved.
  • A bug that could prevent validation of hostname scan targets has been resolved.
  • A bug that could lead to inaccurate asset correlation has been resolved.
  • A bug which could result in runZero attributes being removed from Offline assets has been resolved.
  • A bug that could prevent subnet stats from being exported has been resolved.
  • A bug that could prevent analysis queries from running for directory users and groups has been resolved
  • A bug that prevented match counts from being displayed on the queries page has been resolved
  • A bug that could prevent updating assets with a large number of vulnerabilities has been resolved
  • A bug that prevented access to runZero canned Queries has been resolved.
  • A bug that could lead to the self-hosted installer not removing temporary files has been resolved.
  • A bug that led to slow SNMP scans of specific Cisco switches has been resolved.
  • Addresses bug where recurring tasks that are “Removed” were still showed in the tasks page after the associated site is deleted
  • A bug preventing asset owners from being updated has been resolved.
  • A bug that could result in inaccurate vulnerability counts for assets has been resolved.
  • A bug that could prevent a subset of vulnerabilities from being saved for multi-source assets has been resolved.
  • A bug that caused errors for Crowdstrike integrations with large amounts of applications has been resolved.

Written by runZero Team

Due to the nature of their research and out of respect for their privacy, runZero team members prefer to remain anonymous. Their work is published under the runZero name.

More about runZero Team
Subscribe Now

Get the latest news and expert insights delivered in your inbox.

Welcome to the club! Your subscription to our newsletter is successful.


Related Articles

runZero Insights
Taming the Typhoons: How runZero Keeps You Ahead of State-Sponsored Cyber Threats
China's Typhoon cyber attacks are evolving, but runZero helps you stay one step ahead with unmatched visibility and proactive defense.
runZero Insights
Ensure compliance with DORA’s ICT risk framework using runZero
Learn how to uncover unmanaged and unknown assets— including IT, OT, and IoT— to meet DORA's hidden risk requirements using runZero.
Life at runZero
Employee Spotlight: Doug Markiewicz
Doug Markiewicz is a strategic Customer Success Engineer with a passion for solving complex cybersecurity problems. Learn more about his journey as...
runZero Insights
Evolving from IT to IoT: Flax Typhoon preyed on the lesser knowns
A look at Flax Typhoon's latest operations, and how runZero’s unknown and IoT asset visibility can help calm the storm for security teams.

See Results in Minutes

Get complete visibility into IT, OT, & IoT — without agents, credentials, or hardware.

© Copyright 2024 runZero, Inc. All Rights Reserved