runZero release notes

Latest release notes

v3.3.7

2022-12-07

  • A bug that could prevent an Explorer from running scans with specific network configurations has been resolved.

v3.3.6

2022-12-07

  • The CrowdStrike integration now imports vulnerabilities when CrowdStrike Spotlight is enabled for the API key.
  • An option to disable the creation of new assets from third-party integrations has been added.
  • The performance of the task overview page load time has been improved.
  • The consistency in asset terminology has been improved.
  • The site import CSV format has been improved.
  • Third-party integrations merge assets more consistently.
  • The CLI Scanner --api-url parameter handling has been improved.
  • The DELETE API method for bulk asset deletion has been deprecated.
  • A public API endpoint to check the platform health has been added.
  • OS EOL dates are now reported for Windows 11.
  • Fingerprinting of HomeKit devices has been improved.
  • A new canned query for MegaRAC BMC firmware has been added.
  • A bug that could cause recurring tasks to backup has been resolved.
  • A bug in the Organization asset export API has been resolved.
  • Fingerprint updates.

v3.3.5

2022-11-30

  • The import time for third-party data sources was improved.
  • A bug that caused the License information page to display an incorrect project asset count was resolved.

v3.3.4

2022-11-28

  • A bug that could delay concurrent task processing has been resolved.

v3.3.3

2022-11-28

  • An issue that could cause the command-line scanner to skip LDAP enumeration has been resolved with the --ldap-thumbprints flag.
  • The scheduler will now delay recurring tasks if the previously completed task has not yet started processing.
  • The backend now processes concurrent tasks for separate sites within the same organization when possible.
  • Self-hosted customers can configure concurrent task processing with the RUNZERO_CRUNCHER_INSTANCES option.
  • Third-party integrations now merge more accurately when using IP addresses as the match key.
  • Microsoft Intune and Azure Active Directory assets are now fingerprinted more accurately.
  • VMware ESXi instances now display OS end-of-life dates based on version.
  • Fingerprint updates.

v3.3.2

2022-11-21

  • A bug that could prevent tag searches from completing when thousands of tags are in use has been resolved.
  • The scanner now supports a configurable ToS/Traffic Class field in the advanced configuration.
  • Additional operating system and hardware icons are available in the inventory view.
  • Explorer and CLI Scanner binaries are now approximately 5MB smaller.
  • New LDAP credentials now auto-populate the discovered port.
  • Printer detection has been improved.
  • Fingerprint updates.

v3.3.1

2022-11-20

  • The Microsoft Defender integration now merges assets more comprehensively.
  • The AWS EC2 integration now provides an option to include Stopped instances.
  • A bug that could result in partial import of GCP CloudSQL assets was resolved.
  • The “All Organizations” view now more accurately handles limited user permissions.
  • Searching and sorting is faster when using the asset first seen and last seen columns.
  • A bug that could lead to duplicate vulnerabilities when an import was restarted has been resolved.
  • Fingerprint updates.

v3.3.0

2022-11-14

This release is a roll-up of the 3.2.x updates in addition to the following changes.

  • runZero Professional and Enterprise customers can now sync assets from Google Workspace.
  • runZero Enterprise customers can now sync users and groups from Google Workspace.
  • User interface tables were revamped for Organizations, Sites, Explorers, and Teams.
  • The “All Organizations” view is now available to restricted users with a filtered scope.
  • Live validation is no longer required for Qualys VMDR and InsightVM credentials.
  • Fingerprint updates.

v3.2.11

2022-11-08

  • The subnet utilization report now supports filtering by site.
  • CSV export of assets now includes the same hostname information as the inventory view.
  • Up-to-date ARM64 builds of the standalone scanner are now available.
  • The account API endpoint for creating organizations now accepts the argument types documented.
  • Merging two assets now correctly updates the date of the newest MAC address for the resulting asset.
  • Disabling all scan probes now disables the SNMP probe.
  • A bug that could prevent the use of third-party credentials when using TLS thumbprints or the insecure connection option with a public URL has been resolved.
  • Fingerprint updates.

v3.2.10

2022-11-04

  • Service Provider information is now displayed with a default domain before SSO settings are configured.
  • Improved performance when scanning from macOS hosts that have certain EDR solutions installed.
  • A bug which sometimes prevented GCP imports from completing has been fixed.
  • Improved TLS fingerprinting.
  • Fingerprint updates.

v3.2.9

2022-11-03

  • The AWS integration now includes an option to delete AWS-only assets that were not seen in the most recent import.
  • The Qualys integration now includes an option to import unscanned assets and is disabled by default.
  • Processing speed for large Qualys imports has been improved.
  • Explorers are now ordered alphabetically on the scan configuration and connector configuration pages.
  • A bug in how Service Inventory searches were launched from the Asset details page had been resolved.
  • Tanium agent detection now sets the edr.name attribute.
  • Improved fingerprinting of OpenSSL, GnuTLS, and Windows TLS stacks.

v3.2.8

2022-11-01

  • A bug that could prevent TLS probes from completing has been resolved.

v3.2.7

2022-11-01

  • A new tls.stack attribute that tracks the TLS software provider and version has been added for assets and services.
  • A new canned query for OpenSSL 3.0.x with client certificate authentication has been added.
  • Improved performance of Intune integration when importing a large number of users and devices.
  • runZero users logging in via SSO are now presented with the terms and conditions acceptance dialogue.
  • A bug that could prevent updating site metrics has been resolved.
  • Improved fingerprinting of OpenSSL versions.
  • Apple ecosystem OS fingerprint updates.

v3.2.6

2022-10-30

  • The scanner now reports OpenSSL versions via TLS fingerprinting.
  • The scanner now reports Tanium agent instances on the network.
  • The scanner now reports additional detail for SSLv3 services.
  • A bug that could prevent the Intune integration from completing long-running tasks has been resolved.
  • A bug that could prevent the GCP integration from returning all assets has been resolved.
  • A bug that could result in a recurring integration running again before the previous task finished has been resolved.
  • Fingerprint updates.

v3.2.5

2022-10-26

  • GCP credentials can now be configured to import assets from multiple projects.
  • A bug that could prevent importing assets from Microsoft Intune has been resolved.
  • A bug that could prevent importing assets from Microsoft 365 Defender has been resolved.

v3.2.4

2022-10-24

  • Scan task processing speed has been improved for SaaS and self-hosted customers.
  • The baseline memory usage of Explorers has been reduced.
  • A bug that could prevent importing assets from Microsoft 365 Defender has been resolved.
  • A bug that could cause broken asset links has been resolved.
  • Fingerprint updates.

v3.2.3

2022-10-20

  • Error handling of misconfigured fingerprints has been improved to reduce Explorer and scanner crashes.

v3.2.2

2022-10-20

  • The search keywords has_os_eol and has_os_eol_extended are now supported on the Assets and Vulnerabilities inventory pages.
  • A bug that could cause missing service data for services with conflicting virtual hosts has been resolved.
  • A bug that could cause inaccurate user counts for imported directory groups has been resolved.
  • A bug that affected tooltip display has been resolved.
  • A bug that prevented “open in new tab” navigation using middle/right click has been resolved.
  • Fingerprint updates.

v3.2.1

2022-10-18

  • The error message indicating that an AWS integration credential has insufficient permissions has been improved.
  • The “last seen” link to the most recent scan details has been restored on the asset details page.
  • A bug that could prevent Azure AD imports has been resolved.

v3.2.0

2022-10-17

This release is a roll-up of the 3.1.x updates in addition to the following changes.

Important security fixes:

  • Three stored cross-site scripting vulnerabilities were identified and fixed as part of our annual third-party security assessment.

In addition to the security improvement above, this release includes:

  • runZero Enterprise customers can now sync assets from Microsoft 365 Defender.
  • runZero Enterprise customers can now sync assets from Microsoft Intune.
  • The Azure AD integration now imports additional assets and no longer requires a Microsoft Intune license.
  • The Azure AD integration can now be configured to optionally import assets, users, and groups.
  • The Active Directory integration service options have been adjusted for consistency.
  • Directory users and groups can now be included in custom queries.
  • The Organization Overview report now contains summary information for directory users and groups when present.
  • SNMPv2 options have been moved to the Probes tab (now labeled Probes and SNMP).
  • The toggle switch to use or not use SNMP now correctly reflects whether it is overridden by the “Use defaults” option on the Probes tab.
  • The asset details pages have been redesigned for improved performance.
  • The asset details pages now include a “last loaded” time indicator and the ability to refresh the page data.
  • Recent users from Microsoft Intune, SentinelOne, and CrowdStrike are now included on the asset details page.
  • Alert notifications, user invitations, and password reset emails are now sent from the runzero.com domain name instead of rumble.run.
  • The rumblectl utility now has a diagnostics command to run or save a diagnostic script for self-hosted customers to collect information for runZero support.
  • A bug that could prevent repeated import of task data that includes directory users and groups has been resolved.
  • A bug that caused subnet sampling and screenshots to be enabled for all scan tasks has been resolved.
  • Fingerprint updates.

v3.1.13

2022-10-11

  • Inventory pages now offer “all” and “none” column visibility selection options.
  • Fingerprint updates for Fortinet products that may be affected by CVE-2022-40684.

v3.1.12

2022-10-07

  • The Tenable.io integration now supports a configurable API URL.
  • The Active Directory integration now supports optional import of assets, users, and groups.
  • The minimum TLS version supported by new Active Directory credentials has been increased from TLS 1.0 to TLS 1.2, with a configurable option to support older TLS versions.
  • A bug that could prevent modifying the maximum concurrent scans setting was resolved.
  • A bug that could result in an inaccurate task count on the credentials page was resolved.
  • A bug that could result in inaccurate searches by credential on the tasks page was resolved.
  • A bug that could result in inaccurate reporting of credential reuse was resolved.
  • A bug that could cause certain browser extensions to prevent configuring scans was resolved.

v3.1.11

2022-10-06

  • A bug that could prevent reuse of SNMP credentials for recurring scans was resolved.

v3.1.10

2022-10-03

This release contains important security fixes:

  • A bug that could lead to stored cross-site scripting in the scan templates view was fixed. This issue could be exploited by an authenticated, but unprivileged user to take over the session of another authenticated user.
  • A bug that could lead to stored cross-site scripting in the SSO group mappings view was fixed. This issue could be exploited by an authenticated superuser to take over the session of another authenticated user.

v3.1.9

2022-09-30

  • A bug that could prevent initializing a scan in some cases was resolved.

v3.1.8

2022-09-30

This release contains an important security fix:

  • A bug that could lead to stored cross-site scripting in the team view was fixed. This issue could be exploited by an authenticated, but unprivileged user to take over the session of another authenticated user.

In addition to the security improvement above, this release included a separate bug fix:

  • A bug that prevented recurring scans from being saved in some cases was resolved.

v3.1.7

2022-09-29

  • The search keyword os_eol_expired is now supported on the Assets inventory.
  • The handling of Qualys concurrency and rate limiting has been improved.
  • The rumblectl command can now be used with self-hosted deployments to configure additional superusers.
  • A bug that prevented the first_seen timestamp from being set has been fixed.
  • A bug that could cause large Qualys imports to fail has been resolved.
  • A bug that prevented import of Azure AD users and groups when missing an active Intune license has been resolved.
  • A bug that could result in partial import of Azure AD users and groups has been resolved.
  • A bug which prevented the report.changed value from working in notification rule templates has been fixed.
  • A bug that prevented the use of client tokens to authenticate to the API has been fixed.
  • Fingerprint updates.

v3.1.6

2022-09-27

  • Email notifications are now enabled for non-recurring Organization Overview reports.
  • Relative time searches now accept negative numbers.
  • Scan tasks and templates now allow empty SNMPv1 and SNMPv2 community strings.
  • Credential validation has been improved to prevent common misconfigurations.
  • Support for Explorer hosts running virtual machines has been improved.
  • MAC vendor display behavior on inventory datagrids has been improved.
  • Tooltips on datatable icons have been improved.
  • A bug that could cause insight queries for hosted zones to fail has been resolved.
  • A bug in the Shodan integration asset-mode query has been resolved.
  • A bug that could cause MAC vendor names to be cut off in datagrids has been resolved.

v3.1.5

2022-09-22

  • The task change report schema has been updated to support changes to directory users and groups.
  • Error messages related to API tokens have been improved.
  • A bug that could result in missing Shodan services has been resolved.
  • A bug that incorrectly imported Active Directory Managed Service accounts as assets has been resolved.
  • Fingerprint updates.

v3.1.4

2022-09-19

  • Improved performance of asset exports with many subnets.
  • Asset exports now filter subnet results to those containing the assets’ addresses.
  • Improved LDAP connector and probe logging.
  • Added group_count keyword to Users search.
  • Improved grouping of inputs in connector forms.
  • A bug that could cause the Switch Topology report to not show all switches in certain situations has been resolved.
  • A bug that could result in a 500 error when exporting assets from sites with many assets and/or subnets has been resolved.
  • A bug that could result in UI elements becoming unresponsive has been resolved.
  • Fingerprint updates.

v3.1.3

2022-09-14

  • A bug that could prevent some service values from being saved has been resolved.

v3.1.2

2022-09-14

  • Improved loading times of the directory groups inventory page.
  • A bug that could result in all subnet tags being applied to exported assets has been resolved.
  • A bug that could result in missing Shodan services has been resolved.
  • A bug that could cause Azure AD imports to fail for certain configurations has been resolved.
  • A bug that could cause excessive export sizes has been resolved.
  • A bug that could obscure task errors from the task log has been resolved.
  • Fingerprint updates.

v3.1.1

2022-09-13

  • Improved loading times of the inventory screens, including multi-page selection.
  • Search keyword has_group is now supported on the Users page.
  • Fingerprint updates.

v3.1.0

2022-09-12

This release is a roll-up of the 3.0.x updates in addition to the following changes.

  • runZero Enterprise customers can now sync assets from Shodan.
  • runZero Enterprise customers can now sync assets from Azure Active Directory.
  • runZero Enterprise customers can now sync assets from Microsoft Active Directory via LDAP.
  • Connector tasks now can optionally be run from an Explorer on a customer’s network.
  • The Events datatable has been redesigned and is now more performant.
  • The Qualys integration now provides a more descriptive error message when rate-limited by the Qualys API.
  • Network File System (NFS) protocol detection on TCP ports has been improved.
  • A bug that prevented editing certain probe options when configuring a scan has been resolved.
  • Fingerprint updates.

v3.0.24

2022-09-10

  • A bug that could cause the browser to freeze when viewing assets with many attributes has been resolved.
  • Fingerprint updates.

v3.0.23

2022-09-08

  • Web screenshots are now limited to a maximum of 16 concurrent processes.
  • Web screenshots will now run concurrently on arm64 macOS systems.
  • Improved error handling for the GCP integration.
  • Improved parsing of input hostnames.
  • A bug that could prevent rendering dashboard insights has been resolved.

v3.0.21

2022-09-07

  • Dashboard insights have been limited to a maximum of three rows.
  • Fingerprint updates.

v3.0.20

2022-09-07

  • A bug that could result in minimal assets being skipped has been resolved.

v3.0.19

2022-09-07

  • A bug that could result in the wrong insight counts on the dashboard has been resolved.
  • Fingerprint updates.

v3.0.18

2022-09-06

  • A bug that could cause attributes and screenshots to be removed from offline assets has been resolved.
  • Fingerprint updates.

v3.0.17

2022-09-02

  • Fingerprint updates.

v3.0.16

2022-09-02

  • Fingerprint updates.

v3.0.15

2022-09-01

  • A bug that prevented using certain organization and export tokens has been resolved.
  • Fingerprint updates.

v3.0.14

2022-08-31

  • A new optional filter has been added to the Crowdstrike connector.
  • The performance of the Qualys connector has been improved.
  • Event details have been added to alert templates by default.
  • A bug that caused the token to be missing from password reset emails has been resolved.
  • Fingerprint updates.

v3.0.12

2022-08-29

  • Task statistics for asset counts are now included in CSV exports and can be used in task searches.
  • The license-limit-exceeded event has been added to alert when the live asset count exceeds an accounts license.
  • The ldap.notes service attribute has been added for providing user-friendly representations of well-known discovered LDAP OIDs.
  • A bug that could cause query timeouts has been resolved.
  • A bug that could cause large Qualys imports to timeout has been resolved.
  • Fingerprint updates.

v3.0.11

2022-08-24

  • A bug that prevented Qualys from being fully imported from large sites has been resolved.
  • A bug that led to slow exports and job processing has been resolved.
  • Fingerprint updates.

v3.0.10

2022-08-22

  • The Tenable integration now excludes terminated and deleted assets.
  • A bug that affected formatting of _asset.match values has been resolved.
  • A bug that caused internal tasks for metrics calculation to generate scan-completed events has been resolved.
  • A bug that prevented reports for specific asset attributes has been resolved.

v3.0.9

2022-08-19

  • Dashboard metrics now account for unscanned assets imported from third-party integrations.
  • Internal recurring tasks for metrics calculation no longer show in the recurring task count.
  • Fingerprint updates.

v3.0.8

2022-08-19

  • A bug that could prevent exporting asset attributes has been resolved.
  • Fingerprint updates.

v3.0.7

2022-08-17

  • A bug that could prevent CrowdStrike tasks from processing has been resolved.

v3.0.6

2022-08-17

  • Processing performance for foreign asset data has been improved.
  • A bug that could prevent the generation of some asset attribute reports has been resolved.
  • Fingerprint updates, including AIX OS and vCenter, Avaya, and Proofpoint appliances.

v3.0.5

2022-08-12

  • A bug that could cause offline self-hosted platform updates to fail has been resolved.
  • The timeout for Qualys connection tasks has been increased from 60 seconds to 5 minutes.
  • Fingerprint updates.

v3.0.4

2022-08-11

  • A notice was added to the MFA page to inform users that they can continue to use the old rumble.run domain until they re-enroll their authenticators for the new runzero.com domain.
  • Font rendering in Safari browsers now matches Firefox and Chrome.
  • UI improvements were made to the queries table.
  • A bug that could prevent exporting selected assets and asset search results has been resolved.
  • A bug that could prevent starter accounts from setting up recurring tasks has been resolved.
  • A bug affecting organization selection when a default organization is set has been resolved.
  • A bug that could cause SSH probes to occasionally deadlock has been resolved.

v3.0.3

2022-08-09

  • Fingerprint updates.

v3.0.2

2022-08-09

  • A bug that prevented WebAuthn from registering correctly on console.runzero.com has been resolved.
  • A bug that could cause the topology in the asset details page to be mangled has been resolved.

v3.0.1

2022-08-08

  • Inventory searches now support “runZero” as an asset source type.
  • A bug that could affect the default probes selector functionality has been resolved.

v3.0.0

2022-08-08

This release is a roll-up of the 2.15.x updates in addition to the following changes.

  • Rumble is now runZero and the product UX has been updated to match.
  • runZero Enterprise customers can now sync asset and vulnerability data from Qualys VMDR.
  • The Queries datatable has been redesigned and is now more performant.
  • The Software and Vulnerabilities datatables now have a “view more details” button.
  • Users can now specify a Default Organization in the profile settings page.
  • Outlier calculations and insight queries now automatically run as daily analysis tasks.
  • Outlier calculations and insight queries can be regenerated on demand using the Metrics menu on the Tasks overview page.
  • Merging assets with foreign attributes from the same source now retains all sets of foreign attributes.
  • Software entries imported from SentinelOne and Tenable now report their service addresses.
  • A custom query to find DrayTek Vigor routers has been added.
  • The Asset and Service attributes reports can now be filtered by Site.
  • The Organization API now supports asset merging.
  • The services view is now up to 40% faster for organizations with large numbers of assets.
  • A bug in the AWS Configuration UI causing the “Lambda instances” option to not persist has been resolved.
  • A bug that could prevent external users from being directed to their main SSO login page has been resolved.
  • Operating system fingerprinting has been improved for cloud assets (AWS, Azure, and GCP).
  • Fingerprint updates.

v2.15.11

2022-08-01

  • A bug which could cause stale software entries to be retained has been fixed.
  • A bug in the Insights table which could render very large buttons has been fixed.
  • Improved hostname-based merging for Rapid7 imports.
  • Improved fingerprints for some FortiNet, FrontRow, and Synology assets.

v2.15.10

2022-07-29

  • API keys are now shown hidden by default and can be copied to the clipboard through a click.
  • The Route Pathing report is now more performant and aborts early in out-of-memory scenarios.
  • A bug that could lead to a 500 error when accessing the users endpoint of the organization API has been resolved.
  • A bug that could cause tooltips to persist on the screen has been resolved.
  • Printer detection has been improved.
  • Fingerprint updates.

v2.15.9

2022-07-28

  • A bug that could cause the vulnerabilities table to appear empty when sorted by the details column has been fixed.
  • The scanner now fingerprints and reports a much wider range of ePO/McAfee Agent services.
  • Fingerprint updates.

v2.15.8

2022-07-26

  • A bug that could cause the HTTP probe to abort early has been resolved.

v2.15.7

2022-07-26

  • Improved support for processing very large Rapid7 imports.
  • Software will now be populated from Rapid7 imports.
  • OS fingerprinting will now use Rapid7 fingerprints, when Rapid7 is the only data source.
  • Rapid7 foreign attributes have been adjusted for clarity.
  • Services will now be populated from Censys.
  • Vulnerability details are now available on the Vulnerability Inventory screen.
  • Improved ability to extract Microsoft Windows information from web services.
  • Improved ability to extract information from NetBIOS, including new detection of Domain Controller roles.
  • Hosted Zone scan limits have been increased.
  • The runZero Explorer now logs configuration file loading and reports any syntax errors.
  • The asset tag update and bulk asset tag update APIs now work as documented.
  • Fixed a bug which prevented all org admins from deleting other users.
  • The User Last Activity date now shows the correct date.
  • Fingerprint updates.

v2.15.6

2022-07-21

  • Processing speed for large Nexpose and Tenable imports has been improved.
  • Hostname identification from LDAP responses has been improved.
  • Filtering of non-unique MAC addresses has been improved.
  • Inconsistent SNMP data handling has been improved for certain classes of devices.
  • A bug that could prevent connector tasks from running in parallel while connecting to third-party APIs has been resolved.
  • A bug that prevented organization administrators from deleting other users has been resolved.
  • A bug affecting inventory multi-select operations has been resolved.
  • A bug preventing inventory column selection has been resolved.
  • A bug that could indefinitely stall a task has been resolved.
  • Fingerprint updates.

v2.15.5

2022-07-18

  • Improved support for processing very large scans.
  • Improved performance of the software and vulnerabilities tables.
  • Fingerprint updates.

Note: The upgrade process may take up to an hour for large self-hosted deployments.

v2.15.4

2022-07-14

  • The API now returns all attributes, sources, and subnets for a single asset.
  • The runZero Explorer now runs as a delayed auto start process on Windows to increase reliability after reboots.
  • The Organization Overview report now includes navigation links to return to the top of the report.
  • A bug affecting license warning banners has been fixed.
  • A bug affecting macOS Explorer upgrades on M1 systems has been fixed.
  • A bug that prevented importing VMware assets has been fixed.
  • Fingerprint updates.

v2.15.3

2022-07-13

  • The InsightVM integration now supports larger imports.
  • When a templated task fails due to an Explorer being unavailable, copying the failed task now retains the connection to the template.
  • A bug in the Overview report which showed blank addresses for Unscanned assets has been resolved.
  • A bug that caused scan copies to get assigned to a different site has been resolved.
  • A bug that prevented OS icons from showing on inventory tables has been resolved.

v2.15.2

2022-07-12

  • Click-to-copy functionality has been restored for MAC addresses displayed on inventory pages.
  • Asset export query errors now return HTTP 400 status code with descriptive bodies.
  • A bug that prevented copying or updating Nessus connector tasks has been resolved.
  • Fingerprint updates.

v2.15.1

2022-07-12

  • A bug that could lead to an error in the External Asset Report when no assets were present has been resolved.
  • A bug that could cause the Export API to return a 500 instead of 400 for invalid queries has been resolved.
  • A bug that caused some Explorer updates to fail on Windows has been resolved.

v2.15.0

2022-07-11

This release is a roll-up of the 2.14.x updates in addition to the following changes.

  • Rumble Enterprise customers can now sync asset and vulnerability data from the InsightVM API and upload data from Nexpose XML Export files.
  • Rumble Enterprise customers can now sync asset, software, and vulnerability data from the Nessus Professional API.
  • Rumble Enterprise customers can now generate an External Asset report.
  • Scan scopes can now be populated using external domains and IP addresses.
  • All inventory tables have been redesigned and are now more performant when displaying a large number of assets.
  • Integration tasks have been renamed from “Import” to “Connector” and can now run in parallel while connecting to third-party APIs.
  • New reports for software and vulnerabilities have been added.
  • The self-hosted platform’s web server HTTP timeouts can now be configured using environment variables.
  • A bug that affected JSON exports of task information has been resolved.
  • Fingerprint updates.

v2.14.11

2022-07-06

  • A bug that delayed task processing when many vulnerability records were present has been resolved.

v2.14.10

2022-07-01

  • An API endpoint was added for Nessus imports.
  • The scan engine now sets additional attributes for TLS certificates.
  • The site edit page is now much faster for sites with large numbers of subnets.
  • A bug has been fixed that prevented assets missing certain date/time fields from being imported from a Nessus file.
  • If the start time of a recurring task is changed, the change now saves successfully and queues an immediate run if appropriate.
  • Date range queries now work on Tenable / Nessus attributes. (Note that this requires a re-import of the appropriate data.)
  • A bug has been fixed that prevented using boolean search terms with the Vulnerabilities table.
  • A bug has been fixed that prevented some customers from importing assets from SentinelOne.
  • Censys Search data processed using file import is now handled correctly.
  • Fingerprints were updated for KVMs, routers, IP cameras, and other general network management equipment.
  • Links to query language documentation have been updated throughout the product.

v2.14.9

2022-06-27

  • Improved merging of AWS, Azure, and GCP assets imported from Tenable.io.
  • A bug was fixed with SentinelOne credential creation.
  • A bug was fixed which could result in an incorrect agent ID or template ID being written to tasks when they were updated via API.
  • A bug was fixed which prevented the asset route pathing report from rendering the source name properly in the report heading

v2.14.8

2022-06-24

  • A bug that prevented customer address information from being validated has been resolved.
  • A bug that prevented SSO settings from being updated correctly has been resolved.

v2.14.7

2022-06-24

  • The self-hosted platform install now supports Rocky Linux.
  • A bug in the scan engine that could lead to unexpected printer output has been resolved.
  • A bug in the e-commerce checkout with non-US addresses has been resolved.
  • Fingerprints were updated for Nokia SR OS and Cisco RV routers.

v2.14.6

2022-06-23

  • The Account API now supports scan template management.
  • The scan engine discovers additional services, including Elasticsearch, Logstash, and Prometheus.
  • Fingerprints were updated for various operating systems and for products by Aruba Networks, Axis, MikroTik, and Nokia.
  • Query “address” keywords now support CIDR notation.

v2.14.5

2022-06-16

  • The scan engine now sets additional attributes for TLS certificates.
  • SSO configuration now skips IdP-provided encryption certificates during setup.
  • Explorer initialization speed has been optimized.
  • A bug that could cause the Explorer service to timeout on startup has been resolved.
  • Explorers deployed on macOS can now be transferred between organizations successfully.
  • A bug has been fixed that could occasionally cause site deletion to trigger creation of an unnecessary site.
  • Last activity dates of users are now shown in the same time zone as the account creation date.
  • Fingerprint updates.

v2.14.4

2022-06-15

  • The Tenable integration now includes an option to import unscanned assets and is disabled by default.
  • The logic for merging Tenable/Nessus assets into the Rumble inventory has been improved.
  • The accuracy of first_seen and last_seen dates has been improved for Nessus imports.
  • The Tenable integration now provides more informative error messages for task failures due to invalid API keys and missing permissions.
  • New software and vulnerabilities reports have been added.
  • A preview of software and vulnerability attributes is now displayed when hovering over the Click To Copy button on the Asset details page.
  • The performance of the vulnerabilities table has been improved.
  • The JARM TLS fingerprint field and associated query have been deprecated due to concerns with fingerprinting accuracy and service impact.
  • The scan engine now flags TLS services with self-signed certificates and untrusted CAs.
  • CSV exports of asset information now include OS EOL and extended OS EOL dates.
  • Credentials limited to specific organizations can no longer be created by an administrator without access to the organizations.
  • Improved fingerprinting of Tenable/Nessus assets imported with a severity setting of low or higher.
  • Fingerprint updates.

v2.14.3

2022-06-10

  • Rumble Enterprise customers can now search inventory by hosted zone.
  • A fingerprint for the Cockpit application has been added and includes additional Linux OS fingerprinting capability.
  • Fingerprints were updated for various operating systems and for products by 2N, Grandstream, Huawei, and Wago.
  • A bug that caused software and vulnerabilities to be ignored when manually merging assets has been fixed.
  • A bug that could prevent task configuration from showing the list of available Explorers has been fixed.
  • A bug that could prevent using the console to contact support has been fixed.
  • A bug that prevented filtering some Fortinet Web Filter replies has been fixed.
  • Additional fingerprint updates.

v2.14.2

2022-06-07

  • Additional validation for scan targets has been added to hosted scans.
  • Additional validation for Tenable.io credentials has been added.
  • Asset inventory column selection and ordering now persist between queries.
  • Connector tasks now obey the start time set when they are created.
  • A bug that could cause hosted scans to timeout after an hour has been resolved.
  • A bug that prevented viewing third-party attributes for assets without Rumble attributes has been resolved.
  • A bug that affected the first seen and last seen dates for assets imported from Tenable.io and Nessus has been resolved.
  • A bug that persisted a task’s error message when copying the task has been resolved.
  • Fingerprint updates.

v2.14.1

2022-06-06

  • A bug that could prevent the Tenable connector from importing large sites has been resolved.

v2.14.0

2022-06-06

This release is a roll-up of the 2.13.x updates in addition to the following changes.

  • Rumble Enterprise customers can now run scans using Rumble-hosted Explorers.
  • Rumble Enterprise customers can now sync asset, software, and vulnerability data from the Tenable.io API and upload data from Nessus scan files.
  • The Azure integration can now import Azure Function Apps.
  • The ServiceNow integration can now export asset subnet tags.
  • Fingerprint updates.

v2.13.7

2022-05-27

  • The size limit for cloud-hosted scans has been increased from 6GiB to 10GiB.
  • A bug that prevented searching software by version has been fixed.
  • A bug that presented input fields for unselected credential types has been fixed.
  • Fingerprint updates.

v2.13.6

2022-05-24

  • Scans can now specify asn4:<id> and country4:<2-letter ISO code> in the scan and site scope and exclusion fields.
  • Bogus results caused by firewall interference are now automatically ignored in more cases.
  • Single organization administrators can now manage non-global credentials for their organization.
  • The Organization Overview report now includes asset tags when available.
  • Fingerprint updates.

v2.13.5

2022-05-19

  • A bug that prevented the self-hosted installer from completing has been resolved.

v2.13.4

2022-05-19

  • The Censys integration now reports the observed_at, extended_service_name, perspective_id, and source_ip for all services.
  • Fingerprint updates.

v2.13.3

2022-05-13

  • The size limit for cloud-hosted scans has been increased from 4GiB to 6GiB.
  • Fingerprint updates.

v2.13.2

2022-05-11

  • A bug affecting some users of scan templates has been fixed to ensure the scan configuration is followed.
  • A bug preventing the “TLS JARM hashes” report from properly running has been fixed.
  • A bug preventing the “TLS serial numbers” report from properly running has been fixed.
  • Fingerprint updates.

v2.13.1

2022-05-09

  • A bug that could lead to event processing terminating early has been resolved.

v2.13.0

2022-05-09

This release is a roll-up of the 2.12.x updates in addition to the following changes.

  • Asset information can now be viewed in aggregate across all organizations in the dashboard and asset inventory.
  • The AWS integration now imports Lambda instances.
  • The Azure integration now imports load balancers and AzureSQL instances.
  • The GCP integration now imports load balancers and CloudSQL instances.
  • Self-hosted installations now use an in-process task scheduler instead of system cronjobs for maintenance tasks.
  • Fingerprint updates.

v2.12.12

2022-05-03

  • A bug that could cause the service to reload during task processing has been resolved.
  • Fingerprint updates.

v2.12.11

2022-05-02

  • Software associated with assets is now tracked in the Rumble inventory.
  • Rumble Enterprise customers can now sync asset and software data from the SentinelOne API.
  • The AWS integration now imports RDS instances.
  • The Azure integration now imports scale set virtual machines.
  • AWS credentials enabling STS assume role workflows are simplified to only require a role name.
  • Credential access can now be toggled to allow or disallow all organizations during credential creation.
  • An intermittent issue that caused some external invitation emails to be missing activation codes has been fixed.
  • A performance issue that could cause long load times for the credentials page has been fixed.
  • A bug that could prevent group members from being displayed on an organization’s users page has been fixed.
  • Fingerprint updates.

v2.12.10

2022-04-19

  • Tags can now be applied, updated, and deleted in bulk using the API.
  • Speed of the RFC 1918 Coverage Report has been greatly improved.
  • Fingerprint updates.

v2.12.9

2022-04-18

  • Assets with external IP addresses will now be tagged with their geographic location and ASN when available.
  • The CrowdStrike and Miradore integrations can now be run as scan probes from the console and scanner CLI.
  • A bug that could prevent deleting services from the services inventory has been resolved.
  • A bug where certain analysis tasks could error when an asset-query-results rule is enabled has been resolved.
  • Fingerprint updates.

v2.12.8

2022-04-14

  • A bug that prevented new CrowdStrike credentials from being stored has been fixed.

v2.12.7

2022-04-14

  • The Organization Overview report can now be generated and emailed to desired recipients on a recurring schedule.
  • The organization users table now displays effective access for each user.
  • A bug that could prevent adding users to groups has been fixed.
  • Fingerprint updates.

v2.12.6

2022-04-12

  • A bug that caused VMware instances with non-unique UUIDs to be handled incorrectly has been fixed.
  • A bug that allowed IPs not in the scan scope to be used as primary addresses has been fixed.
  • A bug that reported Windows OSes incorrectly for VMware has been fixed.
  • The CrowdStrike integration now generates downloadable task data that can be used for importing CrowdStrike assets.
  • Added ability to truncate syslog to a specified line length.
  • Fingerprint updates.

v2.12.5

2022-04-08

  • The scan configuration site scope warning now accurately reflects the site default scope.
  • A bug that prevented searching for bssid wireless values has been fixed.
  • Fingerprint updates.

v2.12.4

2022-04-07

  • The Scan menu now provides an option to run a new scan using an existing template.
  • The Alert Rules form now handles very long queries in the Test Query action.
  • A bug that led to incorrect dashboard stats for multi-site organizations has been fixed.
  • A bug that caused reports for certain AWS attributes to show empty results has been fixed.
  • A bug that caused stale SNMP credentials to stay associated with an asset has been fixed.
  • The self-hosted rumblectl update command now also applies content updates.
  • Fingerprint updates.

v2.12.3

2022-04-06

  • The AWS connector now tags each instance with the associated AWS account email.
  • The CrowdStrike connector now handles API service outages more gracefully.
  • A bug that prevented the Organization Overview report from being visible in Rumble Professional has been fixed.
  • A bug that led to the scan engine logging a debug message related to LDAP has been fixed.
  • A bug that led to visual errors on the asset details screen has been resolved.
  • Fingerprint updates.

v2.12.2

2022-04-05

  • The Scan menu now links to Scan Template selection with a search interface.
  • The individual probe options in the Scan Config screen are now consistently sorted.
  • A bug that could lead to partial stats being shown in the dashboard for multi-site organizations has been resolved.
  • A bug that could prevent content self-hosted content updates from working when /opt was on a different file system from /tmp has been fixed.
  • A bug that could lead to duplicate pre-built queries in self-hosted installations has been resolved.
  • Fingerprint updates.

v2.12.1

2022-04-05

  • A bug that could prevent scan templates from being saved has been resolved.
  • Fingerprint updates.

v2.12.0

2022-04-04

This release is a roll-up of the 2.11.x updates in addition to the following changes.

  • A new print-friendly Organization Overview report is now available.
  • A new integration with the Google Cloud Platform is now available.
  • External users may be invited to the cloud console.
  • Scans templates are now available.
  • Self-hosted instances now sync pre-built queries from the cloud.
  • The scan engine now supports the Kerberos and LDAP protocols.
  • Fingerprint updates.

v2.11.16

2022-03-29

  • A bug that prevented exact = attribute matches from working has been resolved.

v2.11.15

2022-03-28

  • The self-hosted platform now supports scan imports larger than 4GiB.

v2.11.14

2022-03-28

  • The inventory search now supports a wider range of UTF-8 input for search patterns.
  • The API now handles temporary maintenance-related errors more consistently.
  • Fingerprint updates.

v2.11.13

2022-03-25

  • Long-running export requests now timeout after 90 minutes, from 30 minutes, for large organizations.
  • Fingerprint updates.

v2.11.12

2022-03-22

  • Fingerprint updates.

v2.11.11

2022-03-20

  • The update process for Explorers on the Windows platform is now more resilient to EDR/AV interference.

v2.11.10

2022-03-19

  • Fingerprint updates.

v2.11.9

2022-03-17

  • A bug that could lead to some metric queries timing out has been resolved.

v2.11.8

2022-03-17

  • A bug that could lead to concurrent task processing in the same organization has been resolved.
  • Fingerprint updates.

v2.11.7

2022-03-16

  • A bug that could lead to timeouts with large CrowdStrike imports has been resolved.

v2.11.6

2022-03-16

  • Fingerprint updates.

v2.11.5

2022-03-15

  • The self-hosted CLI now supports setting the superuser role and resetting MFA.
  • The scan engine now detects the Veeam Distribution Service API.
  • A bug that prevented {{organization.name}} from being used in certain organization alert templates has been resolved.
  • A bug that prevented login events from being displayed in the Events view has been resolved.
  • A bug that prevented sso-login events from being recorded when the connection was terminated mid-event has been resolved.
  • A bug that allowed update requests to interrupt scans has been resolved.
  • Incorrect outlier search result links have been fixed.

v2.11.4

2022-03-11

  • Alert rule queries now take into account assets found through integrations.
  • The console now correctly filters bogus ARP replies over a reasonable threshold.

v2.11.3

2022-03-11

  • The self-hosted rumblectl set-role command now also supports setting the superuser role.
  • The self-hosted rumblectl reset command now also resets the MFA token.
  • The Asset CSV import now supports cell widths of up to 16,384 characters (from 1,024).
  • A bug that prevented the self-hosted server from restarting in out-of-memory conditions has been resolved.
  • A bug that caused the Network Switch report to sometimes show a 500 error has been resolved.
  • Fingerprint updates.

v2.11.2

2022-03-10

  • The response time when exporting assets via the API has been improved.
  • The Asset inventory now displays the subnet tag descriptions on hover of subnet tags.
  • The Network Switch report can now be launched from the reports page.
  • Autocompletion of search keywords has been added for Sites and Queries.
  • A bug that caused the SNMP probe to default to community strings “public,private” when no communities were provided has been resolved.
  • A bug that prevented some third-party connectors from recording a task-completed event has been resolved.
  • A bug that caused self-hosted Explorer and Scanner offline updates to fail has been resolved.
  • Fingerprint updates.

v2.11.1

2022-03-08

  • The SSO group mapping form now displays a relevant error when the groups list is empty or no group has been selected.
  • The group column in the user table was not meant to be sortable and this has been fixed.
  • The group mappings tab no longer shows when a user has SSO disabled.
  • A bug that prevented service_ports_tcp and service_ports_udp search keywords from working as intended has been resolved.
  • The dashboard has been updated to display a helpful tooltip icon on the RTT latency chart that defines certain terms and metrics.
  • A regression in the VMware connector has been resolved.
  • Fingerprint updates.

v2.11.0

2022-03-07

This release is a roll-up of the 2.10.x updates in addition to the following changes.

  • The dashboard has been updated and now shows both most and least seen values for most stats.
  • The dashboard now has CSV exports for all stats and links to deeper views of each given stat.
  • The AWS and Azure integrations are now available to Professional Edition customers.
  • The Azure integration can now run from the console, Explorer, or scanner as a probe.
  • The Azure integration now identifies VM operating system information using disk image fingerprints.
  • The Azure integration now tracks the clientID, tenantID, and subscriptionID as attributes for each asset.
  • The Azure integration now creates a site per subscription ID.
  • The AWS integration now creates a site per account in addition to the existing site per VPC capability.
  • The AWS integration now supports using a provided session token.
  • The AWS integration now tracks the account name as an attribute for each asset.
  • The Account API now supports group management.
  • Asset outliers are now tracked in the inventory and within the asset details page.
  • Enterprise Edition customers can now access the Outlier Summary and Specific Outlier reports.
  • Enterprise Edition customers can now map users to groups based on SAML attribute rules.
  • The Explorer console URL can now be set through the RUMBLE_CONSOLE environment variable.
  • The web console now flags under-resourced Explorers in the Deploy view.
  • The web console now allows admins to force user logouts from the Team page.
  • The web console now allows limited administrators to view users and create new projects.
  • The scan engine now spends less time on per-VLAN SNMP enumeration when the device does not support it.
  • The scan engine now supports full SNMP v1 enumeration using non-bulk lookups, if necessary.
  • The scan engine is now much more conservative on a wider range of ICS ports.
  • The scan engine is now much more friendly to fragile Lantronix devices.
  • The scan engine now supports the Lantronix device discovery protocol.
  • The scan engine now detects the Java Debug Wire Protocol (JDWP).
  • The scan engine now detects and uses Qualys Cloud Agent correlation IDs.
  • The scan engine now reports more information from NTP services.
  • The self-hosted platform now supports a generate-certificate command.
  • A bug that could lead to stale asset attributes remaining across scans has been resolved.
  • A bug that could prevent the host-ping feature from finding all hosts has been resolved.
  • A bug that led to broken search links in the task details page has been resolved.
  • Fingerprint updates.

v2.10.6

2022-02-24

  • A bug that prevented CIDR addresses in the default scan scope of a Site from being used has been fixed.
  • Fingerprint updates.

v2.10.5

2022-02-22

  • Asset correlation has been improved for a variety of corner cases, including Cisco Nexus switches.
  • A bug that caused stale IPv6 addresses and UDP services to remain between scans has been resolved.
  • A bug that prevented single-org admins from seeing users on the team page has been resolved.
  • Fingerprint updates.

v2.10.4

2022-02-17

  • OS EOL dates are now reported for Red Hat Enterprise Linux, Fedora, and CentOS.
  • Fingerprint updates.

v2.10.3

2022-02-15

  • The asset route pathing report is out of beta.
  • Fingerprint updates.

v2.10.2

2022-02-11

  • The Account API now supports group management through new endpoints.
  • Asset and service search now supports new keywords for matching primary and secondary addresses.
  • The dashboard now tracks how many assets have been seen in the last 30 days across all sources.
  • The AWS integration now supports using a provided session token.
  • The asset route pathing report is now more accurate.
  • A bug that prevented some AWS asset attributes from being populated has been resolved.
  • A bug that mangled UTF-8 characters in the subject and message body of e-mail notifications has been fixed.
  • Fingerprint updates.

v2.10.1

2022-02-07

  • A bug in the HTTP scanner that could prevent images from being captured correctly has been resolved.

v2.10.0

2022-02-07

This release contains an important security fix:

  • A security issue has been resolved in the SSO SAML handler. This issue was found during internal review and could be abused to trigger a denial of service or limited leak of application internal data by an unauthenticated attacker.

This release is a roll-up of the 2.9.x updates in addition to the following changes.

  • The team page now supports user groups, providing more options when managing permissions/roles across your users.
  • IPv6 support now includes link-local asset discovery and PTR lookups for the DNS/mDNS probes.
  • AWS assets can now be synced from the standalone scanner, as a scan probe in the console, or imported from previous AWS connector tasks.
  • A bug where invited users skipped the initial SSO login when joining an organization with required SSO settings has been resolved.
  • A bug that prevented public IP addresses from populating an AWS asset’s IPv4 attribute has been fixed.
  • A bug where stale reverse DNS attributes could persist on rescanned assets has been resolved.
  • A bug where the services in an asset view were not properly sorted has been resolved.
  • The queries page now displays an Updated column containing the last-modified date and time for each query
  • The queries page now supports query execution across all assets, regardless of alive status.
  • Asset subnet tags are now included in JSON and XML asset exports.
  • Fingerprint updates.

v2.9.14

2022-01-28

  • HP iLOs will no longer be merged into their host assets when they share a MAC address.
  • A bug that prevented services from displaying after a third-party import has been resolved.
  • A bug that prevented Asset Modify rules from updating the HW field has been resolved.
  • A bug that could cause the CLI scanner to stack trace has been resolved.
  • The CLI Scanner censys-db sub-command now requires less memory.
  • Fingerprint updates.

v2.9.13

2022-01-27

  • Censys Avro files can now be converted to a database for faster lookups.
  • Fingerprint updates.

v2.9.12

2022-01-25

  • A regression that could lead to login errors after bulk permission updates has been fixed.
  • A regression that removed the service names from the asset details page has been fixed.
  • AWS internal hostnames are now reported in the asset name list.
  • Fingerprint updates.

v2.9.11

2022-01-24

  • Nmap XML exports are now much faster.
  • Fingerprint updates.

v2.9.10

2022-01-20

  • The scan engine now limits the SNMP enumeration speed to the Max Host Rate, reducing CPU usage on older switches.
  • The scan engine now ignores additional cases of FortiGate HTTP interception.
  • Fingerprint updates.

v2.9.9

2022-01-18

  • The scan engine now accepts IPv6 addresses and resolves AAAA records for hostnames.
  • The scan engine now skips protocol probes on TCP port 9106.
  • A bug that prevented uploading very large scans has been fixed.
  • Fingerprint updates.

v2.9.8

2022-01-14

  • Added an option to export only selected assets, services, or wireless.
  • Added a “Every N Hours” recurring task frequency option.
  • Autocompletion of search keywords has been added for Organizations, Tasks, and Events.
  • AWS and Azure connectors no longer set asset alive status and no longer are counted as offline or back online in the change report.
  • Rules now show when they were last processed, whether they triggered their action, and any error that occurred as a result.
  • The coverage report can be filtered by site.
  • A bug that could allow duplicate CrowdStrike assets after an import has been fixed. Any resulting duplicates are eliminated on the next CrowdStrike task run.
  • A bug which could lead to stalled rule processing has been fixed.
  • A bug that prevented importing operating system information from CrowdStrike for some Linux devices has been fixed.
  • A bug where scanning of some Lexmark printers interfered with the printer’s job queue has been fixed.
  • Fingerprint updates.

v2.9.7

2022-01-10

  • The scanner now supports configuration of reverse DNS timeouts and the SSH username.
  • Scan tags can now be provided for scan import tasks.
  • The closedPortsMap field has been removed from JSON exports.
  • CrowdStrike connector tasks now move preexisting CrowdStrike-sourced assets into matching scanned assets across sites.
  • A bug where task progress (on hover) could exceed 100% has been fixed.
  • A bug that caused the Azure integration to occasionally skip public IPs has been fixed.
  • A bug that caused a CrowdStrike connector task to send an API request exceeding length limits in specific instances has been fixed.
  • Fingerprint updates.

v2.9.6

2021-12-23

  • A bug that could lead to some events being processed incorrectly has been resolved.
  • Event templates now truncate results correctly.

v2.9.5

2021-12-22

  • A scan engine bug that could lead to an “invalid exclusions” error has been resolved.

v2.9.4

2021-12-21

  • The Query search now supports result count selection and remembers the setting between views.
  • The scan engine now correctly excludes broadcast addresses from the scan scope.
  • The Azure connector now ignores canceled subscriptions automatically.
  • The hostname selection logic has been improved for Canon printers.
  • The Explorer service now starts up slightly faster on Windows.
  • The Censys AVRO importer is now 4 to 8 times faster.
  • Fingerprint updates.

v2.9.3

2021-12-15

  • The CrowdStrike integration has been updated to improve correlation with existing assets.

v2.9.2

2021-12-13

  • A bug that prevented some AWS organizations from working with STS AssumeRole has been fixed.
  • A bug that persisted service products after asset changes has been fixed.
  • A bug that hid the Task Change Report has been fixed.
  • Improved product detection for Logstash and Neo4J.
  • Fingerprint updates.

v2.9.1

2021-12-08

  • The CrowdStrike integration now uses the Scroll API to better support large organizations.

v2.9.0

2021-12-06

This release is a roll-up of the 2.8.x updates in addition to the following changes.

  • The new Site Comparison report shows differences in assets between two sites, which can be in different organizations.
  • The team page now supports bulk user import and bulk permission management.
  • The layer 2 topology report has been updated with a search filter, site filter, and visual improvements.
  • The network bridges report has been updated with a site filter and visual improvements.
  • A bug that caused the has_public search filter to flag certain IPv6 addresses has been fixed.
  • A bug that caused project deletion to create new, blank organizations has been fixed.
  • A bug that caused Censys imports to mark other assets as offline has been fixed.
  • The bundled npcap version has been upgraded to 1.60.
  • Fingerprint updates.

v2.8.14

2021-12-03

  • A bug that prevented scans from running when non-loopback 127.x networks were present has been fixed.

v2.8.13

2021-11-24

  • A regression in the TLS version enumeration has been fixed.
  • Teredo addresses are no longer considered public IPs.
  • Improved detection of Chromebooks and ChromeOS.
  • Fingerprint updates.

v2.8.12

2021-11-21

  • The self-hosted platform now supports internal proxies for external API connections.
  • The self-hosted platform now supports internal webhook destinations for alerts.

v2.8.11

2021-11-19

  • The annotator role is now available.
  • Fingerprint updates.

v2.8.10

2021-11-18

  • A bug that prevented the Azure connector from working in self-hosted mode has been resolved.
  • The last hop calculation for the TCP traceroute is now more accurate.
  • Fingerprint updates.

v2.8.9

2021-11-16

  • Credentials can now be configured for single IP addresses and IP ranges in addition to CIDRs.
  • The scan engine now performs a light traceroute when an open TCP port is found.
  • The scan engine now tests for IP forwarding during scans of link-local targets.
  • The scan engine now includes Rumble/2 in HTTP user-agent strings.
  • The scan engine now limits ARP traffic to the Max Host Rate.
  • The OS EOL date for Windows Server 2019 (1809) has been updated.
  • Fingerprint updates.

v2.8.8

2021-11-12

  • The self-hosted platform now supports custom CSP headers to support external resources.
  • Tags with the case-insensitive key of “name” are now treated as additional hostnames.
  • Tags containing spaces are now consistently handled by conversion to underscore.
  • Meraki DNS interception is now ignored in a wider variety of configurations.
  • The CrowdStrike integration now tracks the last 10 recent logins per asset.
  • A regression in the Apple macOS end of life calculation has been fixed.
  • A few missing icons have been restored to the inventory view.
  • A panic in the FreeBSD scan processing chain has been fixed.
  • Direct print services on 9002 are no longer fingerprinted.
  • TLS versions are now consistently formatted.
  • Fingerprint updates.

v2.8.7

2021-11-07

  • A bug that caused daily scans to be scheduled incorrectly in UTC forward time zones has been resolved.
  • The self-hosted platform now respects proxy settings for external data sources (CrowdStrike, etc.).
  • Improved tvOS and Crestron fingerprints.
  • Additional UPnP fingerprints.

v2.8.6

2021-11-06

  • Improved tvOS, homepodOS, and bridgeOS fingerprints.

v2.8.5

2021-11-06

  • The self-hosted installer now supports manual database configuration.
  • The self-hosted platform now includes a database verify subcommand.
  • Improved iOS device identification.
  • Fingerprint updates.

v2.8.4

2021-11-05

  • The VMware probe now handles vCenter instances configured with multiple datacenters.
  • A race condition that could lead to Explorer updates mid-scan has been resolved.
  • The RDP TLS fingerprint will no longer break matching during asset correlation.
  • Stopped scans now indicate which user stopped them in the error message.
  • Active probes are now disable for some Lantronix and Rockwell PLC ports.
  • Fingerprint updates.

v2.8.3

2021-11-04

  • SAML SSO now specifies that the required NameID Format is unspecified, for Azure AD compatibility.
  • S3 storage operations which fail are retried.
  • A bug in Azure credential validation is fixed.
  • Additional detail has been added to the field help on the scan form.

v2.8.2

2021-11-02

  • Recurring tasks no longer schedule jobs when the previous job is still queued.
  • A bug that caused VMware-based OS detection to fail has been resolved.
  • Fingerprint updates.

v2.8.1

2021-11-02

  • A bug that caused out-of-scope assets to be marked as offline during scans has been resolved.

v2.8.0

2021-11-01

This release is a roll-up of the 2.7.x updates in addition to the following changes.

  • Support for Censys Search API and Censys Data imports (Enterprise).
  • Fingerprint updates.

v2.7.11

2021-10-27

  • An issue with Windows Explorer updates has been resolved.

v2.7.10

2021-10-24

  • An issue with restrictive umasks on the self-hosted platform has been resolved.
  • Support for VMware vCenter/ESXi virtual machine discovery (Enterprise).
  • Asset merging from third-party data sources has been improved.
  • TLS fingerprints are now reported as SHA256 hashes (base64).
  • Credentials for SNMP v2/v3 and VMware can be managed globally.
  • Serial numbers from A10 devices are now collected via SNMP.
  • The SNMP v3 probe now supports multiple credentials.
  • Scan configuration now has a Credentials tab.
  • Detailed task logs can be downloaded.
  • Light UX improvements and bug fixes.
  • Fingerprint updates.

v2.7.9

2021-10-21

  • A permissions issue with the self-hosted platform has been resolved.

v2.7.8

2021-10-15

  • The runZero Explorer on Windows now explicitly sets the service to automatic start.
  • RFC 1918 scans can be launched from the main Scan menu (Professional/Enterprise).
  • Fingerprint updates.

v2.7.7

2021-10-15

  • Credential validation issues with Azure now log detailed errors.
  • The self-hosted platform now supports Debian 9.
  • Fingerprint updates.

v2.7.6

2021-10-13

  • A bug that led to an application error during Azure connector configuration has been resolved.
  • Fingerprint updates.

v2.7.5

2021-10-13

  • A bug that prevented certain AWS and Azure assets from being imported has been resolved.
  • Fingerprint updates.

v2.7.4

2021-10-08

  • The self-hosted platform now supports Oracle Linux 7 and 8.
  • Fingerprint updates.

v2.7.3

2021-10-07

  • The AWS integration is now much faster for large numbers of accounts.

v2.7.2

2021-10-06

  • A bug that made it difficult to update existing Azure tasks has been resolved.

v2.7.1

2021-10-05

  • A bug that prevented the date picker from showing arrow icons has been resolved.
  • A bug that made it difficult to update existing AWS tasks has been resolved.
  • The sidebar is now collapsible using the chevron icon at the top.
  • The “Processing” link states are now handled more consistently.

v2.7.0

2021-10-05

This release is a roll-up of the 2.6.x updates in addition to the following changes.

Integrations

  • The Azure VM connector now supports multi-subscription and multi-directory access.
  • The AWS EC2 connector now supports ELB load balancers as importable assets.
  • Connector credentials are now automatically validated on save.
  • The Splunk add-on now supports self-hosted console endpoints.
  • The Splunk add-on now optionally imports asset services.
  • The Splunk add-on has been updated to use jQuery 3.5.0.
  • CrowdStrike asset merging has been improved.

Self-hosting

  • The self-hosted installer now includes the Explorer and scanner binaries.
  • The self-hosted console now supports detailed TLS configuration.
  • The self-hosted console now runs as an isolated subprocess.
  • The self-hosted console no longer enforces API rate limits.

User experience

  • Asset and service trends are now shown on the dashboard.
  • The Scan configuration view has been overhauled and simplified.
  • Imported scans are now tracked for the RFC 1918 coverage report.
  • The Services inventory now supports new address-related search keywords.
  • The Assets and Services inventory now support wildcard searches of hostnames with anchored patterns.
  • The Screenshot inventory is now faster and shows the correct total count.
  • A bug in the RFC 1918 coverage report that could lead to skipped IPs was fixed.

Authentication

  • Users with standard accounts that authenticate using SSO are now converted into SSO-only accounts.
  • SSO is supported for multiple domains using IdP or SP initiated authentication.
  • The MFA challenge now provides a Retry button for browsers that require user interaction (Safari).
  • The MFA enrollment now supports token or platform authentication mode as separate options.
  • Admin users can now set the first and last names of other users.
  • The Explorers, scanners, MSI wrapper, and verifier are now signed using a new EV certificate.

Scanner and fingerprinting

  • Subnet ping and host ping are now included in the Professional tier.
  • OS EOL tracking is now enabled for Windows 10 and APC firmware.
  • Windows 10 and Server 2019 OS versions are now tracked by range.
  • The Explorer and CLI scanner now detect and report an error when run within the WSL/WSL2 environments.
  • The CLI scanner upgrade now supports the –force option.
  • The scan engine now detects Bitdefender remotely.
  • A regression in the ARP probe on newer Windows builds has been resolved.
  • Fingerprint updates

v2.6.4

2021-09-16

  • The scan engine now detects Azure’s OMI WSMAN implementation.
  • Fingerprint updates.

v2.6.3

2021-09-16

  • The scan engine now detects WSMAN, ADB, and InfluxDB services.
  • Fingerprint updates.

v2.6.2

2021-09-14

  • A regression in SMB v1 detection has been resolved.
  • Fingerprint updates.

v2.6.1

2021-09-08

  • A bug that prevented some Azure VMs from being imported has been fixed.

v2.6.0

2021-09-07

  • Rumble Enterprise customers can now sync virtual machine inventory from the Microsoft Azure cloud.
  • The CrowdStrike connector has been overhauled to improve asset merging and avoid duplicates.
  • OS end-of-life dates for Windows, macOS, Ubuntu, Debian, and iLO assets are now tracked.
  • The self-hosted version of Rumble now supports offline mode & offline updates.
  • The self-hosted version of Rumble now supports RHEL 7 in offline mode.
  • The scan engine now surfaces NFS exports via discovered mountd services.
  • The scan engine now returns details for discovered PPTP services.
  • The dashboard loads faster for large organizations.
  • The UI now includes new, custom icons.
  • Fingerprint updates.

v2.5.8

2021-08-30

  • Stale asset expiration now applies to third-party sourced assets.
  • The scan engine now reports PPTP services.
  • Fingerprint updates.

v2.5.7

2021-08-27

  • The CrowdStrike connector has been overhauled to improve merging and avoid duplicates.
  • The scan engine now reports NFS exports.
  • Fingerprint updates.

v2.5.6

2021-08-23

  • The scan engine now implements the Cisco layer 2 traceroute protocol thanks to Chris Marget’s cisco-l2t project.
  • TCP port 1720 is no longer included in the defaults. This may be re-enabled once H.323 is fully implemented.
  • The scan engine now handles mangled SNMP responses better.
  • The HTTP/2 protocol is now reported at the asset level.
  • Fingerprint updates.

v2.5.5

2021-08-19

  • A regression in the service attribute report has been fixed.
  • The scan engine now reports additional SSH attributes.

v2.5.4

2021-08-19

  • The Explorer and scanner now support the Windows arm64 platform.
  • A scan engine hang in the DCERPC probe has been resolved.
  • Fingerprint updates

v2.5.3

2021-08-18

  • Third-party data source attributes are now included in all exports.
  • Third-party attributes now use the @source.type syntax for search.
  • The Merge feature in the asset inventory is now more consistent.
  • Large target exclusion lists are now supported for sites and scans.
  • Unresolvable hostname excludes are now ignored automatically.
  • The scan engine now records more information from McAfee ePO agents.
  • Fingerprint updates

v2.5.2

2021-08-12

  • Automatic queries are now available to Professional users as well as Enterprise.
  • A bug that led to some Windows desktops having the wrong type has been fixed.
  • CrowdStrike assets are now matched more accurately against Rumble assets.
  • The scanner now skips active protocol detection on port 9999.
  • Fingerprint updates

v2.5.1

2021-08-05

  • The default TCP port list now includes more SolarWinds products as well as port 7676 for JMS/IMBroker.
  • The estimated runtime for scans now takes into account the TCP port list (and excludes).
  • Juniper switch fingerprinting now uses a Juniper-specific OID instead of sysDesc.
  • Additional bogus SIP ALG services are now ignored by the Rumble scanner.
  • A bug that prevented offline-agent events from being generated in certain situations has been resolved.
  • A bug that could result in Explorers not reconnecting properly after an update has been resolved.
  • A bug that showed an incorrect bandwidth calculation in the task view has been resolved.
  • A bug that led to an error on CSV export with mixed-source assets has been resolved.
  • Fingerprint updates.

v2.5.0

2021-08-03

  • Rumble Enterprise customers can now sync AWS EC2 assets across accounts using STS roles.
  • Rumble Enterprise customers can now sync asset data from the CrowdStrike Falcon API.
  • The scan engine now better differentiates between Windows workstation and server variants.
  • The scan engine now detects various asset attributes and services using DCERPC.
  • The scan engine now detects multi-homed assets using DCERPC.
  • The dashboard can now show stats across all sites or just a specific site.
  • The new Unmapped MAC report highlights unscanned assets by switch port.
  • The Reports page has been improved with a new layout and inline search.
  • The Queries tab has been moved to a new navigation item.
  • Fingerprint updates.

v2.4.4

2021-07-26

  • The superuser role is now available as a default permission for SSO users.
  • The scan engine now gathers data from the Windows DCERPC endpoint mapper.
  • Fingerprint updates.

v2.4.3

2021-07-18

  • Fingerprint updates.

v2.4.2

2021-07-14

  • Layer-2 topology graphs are now available for environments using Fortinet switches.
  • The Topology and Network Bridges graphs can now be exported as PNG images.

v2.4.1

2021-07-13

  • This build fixes a bug in the Go runtime that could allow a remote attacker to cause a recoverable panic in the Rumble services and scan engine (CVE-2021-34558).

v2.4.0

2021-07-13

  • Rumble Enterprise customers can now sync asset data from Amazon Web Services EC2 and Miradore MDM data sources.
  • Rumble Enterprise customers can now self-host the platform on RHEL and CentOS distributions.
  • Credentials are now managed at the account level with per-organization access.
  • The Rumble self-hosted CLI offers new features and a better user experience.
  • Fingerprint updates.

v2.3.5

2021-07-04

  • A bug that prevented Explorer upgrades and scan stop requests from processing while a scan was active has been fixed.
  • A bug that led to the subnet ping mode missing subnets during large scans cases has been fixed.
  • A bug that led to an Explorer showing as offline unexpectedly has been fixed.
  • Fingerprint updates.

v2.3.4

2021-06-26

  • A regression in the Screenshots inventory tab has been fixed.
  • Fingerprint updates.

v2.3.3

2021-06-24

  • Tabs, fonts, and styles have seen a light update.
  • A number of small UX bugs were addressed.
  • Fingerprint updates.

v2.3.2

2021-06-16

  • The RFC 1918 coverage report now supports a starting date that can be used to exclude older scans.
  • The Your team page is now searchable, sortable, and supports bulk user actions.
  • Fingerprint updates.

v2.3.1

2021-06-09

  • A bug that prevented single-organization users from viewing sites and tasks has been fixed.
  • A bug that led to offline assets not actually being marked as offline has been fixed.
  • A bug that could prevent full enumeration of Cisco Catalyst switches has been fixed.
  • Fingerprint updates.

v2.3.0

2021-06-08

  • The new RFC 1918 coverage report highlights unscanned address space and hinted ranges.
  • SNMP v3 enumeration of Cisco Catalyst switches now handles per-vlan port mappings.
  • Fingerprint updates.

v2.2.5

2021-05-29

  • Tags are now always displayed with = instead of : to match the search engine syntax.
  • The Subnet Ping and Host Ping modes are now more reliable on large scans.
  • Fingerprint updates.

v2.2.4

2021-05-26

  • A bug that led to a stack trace in the rumblectl command for self-hosted mode has been fixed.
  • Fingerprint updates.

v2.2.3

2021-05-17

  • The self-hosted platform now removes older scanner/Explorer binaries during updates.
  • The scan engine now pulls layer-2 information from Force-10 switches.
  • The scan engine now ignores CheckPoint SMTP and SIP interception.
  • The scan engine now extracts hostnames from Zyxel switches.
  • An invalid fingerprint for Cisco IP phones has been fixed.
  • Multiple notifications can now trigger from a single event.
  • Agent fields are now included in the scan-started event.
  • Fingerprint updates.

v2.2.2

2021-05-16

  • The scan engine now extracts additional information from Zyxel switches.
  • The Explorers page now supports sorting, searching, and tagging.
  • Fingerprint updates.

v2.2.1

2021-05-14

  • The scan confirmation dialog now warns when a mix of public and private IPs are in the scope.
  • The SNMP v3 probe now supports sha224, sha256, sha384, and sha512 authentication.
  • The SNMP v3 probe now supports aes192, aes256, aes192c, and aes256c encryption.
  • The self-hosted platform now includes a CLI to manage user accounts.
  • Fingerprint updates.

v2.2.0

2021-05-11

Rumble 2.2.0 is a roll-up of previous 2.1.x releases along with some additional changes and features.

Web console

  • Enterprise customers can now export an HP iLO report which includes serial numbers, physical hardware information, and other fields useful for warranty tracking and server inventory.
  • Virtual machines now indicate the virtualization vendor in the asset hardware field and can be searched and filtered by vendor.
  • Virtual machines are now labeled with an icon in the asset view, and router icons are displayed with the other icons.
  • Virtual machine and legacy MAC prefixes are no longer used for age calculation, as they gave inaccurate results.
  • A new report for virtual machine vendors has been added.
  • Vendors in the NDAA Section 889 report have been expanded to include Aztech and subsidiaries.
  • The Name tag can be used to set a preferred hostname for any asset.
  • Tags in inventory views can now be clicked to search the inventory.
  • The alert notification templates can now include information about the name and internal IP address of the Explorer which carried out a scan.
  • The alert rules list now shows which rules are currently enabled.
  • Confirmation dialogs now require a typed response for destructive actions.
  • Page layout has been improved for browser window widths between 920 and 1200 pixels.
  • If a scan results in too many changes to list in the task report, the report now explains this.
  • Progress bars now use standard meter elements for smoother updating and better accessibility.
  • Icons and screenshots are now lazy-loaded to speed up initial page rendering.
  • Task duration is now rounded up to the nearest minute.

Explorer and scan engine

  • A better hostname is chosen for each asset by default.
  • VLANs are now tracked on each asset where possible.
  • Minecraft servers are now identified on the network.
  • HP iLO scans now return additional information.
  • Virtual machine hardware is reported if a better fingerprint is not available.
  • Pulse Secure VPN devices running newer firmware are now identified correctly.
  • Additional CA roots can be set via the RUMBLE_TLS_ADDITIONAL_ROOTCA variable.
  • Fingerprint updates.

Self-hosted platform

  • Self-hosted installations now sync license changes during updates.
  • Email validation is relaxed for the self-hosted platform.
  • Install instructions now use curl instead of wget for improved robustness.

Bug fixes

  • The last seen date for assets is now only updated when they have at least one open port and are therefore “alive”.
  • The estimated scan times in recurring task exports are now accurate when default ports are used.
  • A problem with password reset requests for accounts with no last name has been resolved.
  • A possible scan stall issue caused by endpoint software on macOS has been resolved.
  • A memory and CPU leak in the runZero Explorer has been resolved.
  • User name validation now works correctly when editing user preferences.
  • An issue with user invitations for SSO accounts has been resolved

v2.1.7

2021-05-03

  • The web console now includes a new HP iLO CSV export for warranty tracking (Enterprise).
  • Virtual machine and legacy MAC address prefixes are no longer used for age calculation.
  • Self-hosted installations now sync license changes during updates.
  • Virtual machines are now represented in the asset HW field.
  • VLANs are now tracked on each asset, where possible.
  • Tags are now clickable and lead to inventory searches.
  • Fingerprint updates.

v2.1.6

2021-04-28

  • Rumble Scans on macOS no longer stall when ICMP scans are blocked by endpoint software.
  • The web console now better supports browser widths between 920 and 1200 pixels.
  • An issue with user invitations from an SSO account has been resolved.

v2.1.5

2021-04-27

  • The runZero Explorer and runZero Scanner now collect additional information from HP iLO nodes.
  • Fingerprint updates.

v2.1.4

2021-04-26

  • A memory and goroutine leak in the the runZero Explorer and runZero Scanner has been fixed.
  • Fingerprint updates.

v2.1.3

2021-04-23

  • The runZero Explorer and runZero Scanner now avoid probes on vendor-specific SunRPC services.
  • The latest firmware of Pulse Secure VPNs is now fingerprinted correctly again.
  • An issue with the confirmation dialogs on Chrome has been resolved.
  • The dashboard now defines next steps for new organizations.
  • The bundled npcap version has been upgraded to 1.31.
  • Fingerprint updates.

v2.1.2

2021-04-19

  • The runZero Explorer and runZero Scanner now detect the Minecraft service.
  • Confirmation dialogs now require a typed response for permanent actions.
  • Small bugs have been fixed in the default notification templates.
  • Fingerprint updates.

v2.1.1

2021-04-14

  • This update disables automatic npcap upgrades while we investigate a stall issue.

v2.1.0

2021-04-13

Rumble 2.1.0 is a roll-up of previous 2.0.x releases along with some additional changes and features.

Web console

  • Custom notification templates are now available and can be configured as Text, HTML, and JSON formats.
  • Webhook notification channels can now include arbitrary HTTP headers for authentication.
  • Tasks can now be exported as CSV and JSON from the Recurring and Search tabs of the task view.
  • Tags be removed in bulk by specifying -tag in the inventory Tag dialog.
  • Asset CSV bulk imports now ignore cases where there are extra fields.
  • Specific TCP ports can now be excluded from the scan configuration.
  • User invitation links can now be copied to the clipboard.
  • UX tooltips are now easier to read across all platforms.
  • Alert management is no longer organization-specific.
  • Exports with complex queries are now much faster.

Integrations

  • Device serial numbers can now be exported in Cisco Smart Net Total Care format for warranty checks.
  • The Splunk add-on now supports proxy server configuration in version 1.0.11.

Explorer

  • The Explorer now rejects scans tasks when there is not enough free disk space for the scan results.
  • The Explorer now falls back to the install directory for temporary files if needed.
  • The Explorer now tries to upgrade the npcap driver automatically on Windows.

Scanner

  • AWS EC2 metadata is used to enrich scan results if the ec2:DescribeInstances permission is available.
  • SNMP v2 enumeration of ports and vlan membership now uses community indexing automatically.
  • Chromium installations using Snap packages are no longer used for web screenshots.
  • An overly aggressive mDNS fingerprint for LG webOS has been fixed.
  • EC2 instances now report the instance type as the hardware field.
  • Additional bogus SIP helper responses are now ignored.
  • LPD fingerprinting is now limited to a status request.
  • Fingerprint updates.

Events

  • A single event will only trigger a single notification per unique notification channel.
  • The agent-removed event is now generated for all web console agent removal actions.
  • The offline-agent event no longer includes recently removed or forgotten agents.
  • The task-failed event now includes the full organization and site name in the details.
  • The task-failed event is now generated for agent restarts and timeouts.

Self-hosted platform

  • SMTP configuration now supports additional TLS settings.
  • SMTP errors are now logged to syslog correctly.
  • Initial auto configuration is more complete.

v2.0.14

2021-04-06

  • The runZero Explorer and runZero Scanner will now gather AWS EC2 instance metadata where possible.
  • Fingerprint updates.

v2.0.13

2021-04-05

  • The runZero Explorer will now fallback to the install directory for temporary files.
  • Fingerprint updates.

v2.0.12

2021-04-03

  • Exports are now faster across the board, with major speedups for those using deep search queries.
  • The Rumble Verifier has been updated and now supports 2.x macOS binaries.
  • Various bugs related to the new tooltip implementation have been resolved.
  • Chromium will no longer be used for screenshots when installed via Snap.
  • Additional bogus SIP helper responses are now automatically ignored.
  • Self-hosted installs now log SMTP-related errors.
  • Fingerprint updates.

v2.0.11

2021-04-01

  • Fingerprint updates.

v2.0.10

2021-03-30

  • The runZero Explorer and runZero Scanner now collect additional Cisco-specific SNMP OIDs.
  • The Cisco Serial Number export is now available for all licensed clients.
  • Fingerprint updates.

v2.0.9

2021-03-30

  • The runZero Explorer and runZero Scanner no longer stall in a rare case when enumerating SNMP endpoints.
  • Fingerprint updates.

v2.0.8

2021-03-29

  • The runZero Explorer now automatically cleans temporary files left by interrupted scans.
  • The runZero Explorer now prepends “rumble-” to all temporary files.

v2.0.7

2021-03-28

  • The runZero Explorer out of disk space error has been improved for legibility.

v2.0.6

2021-03-28

  • The runZero Explorer now performs a disk space check before running a new scan.
  • The runZero Explorer now reports disk related errors more reliably.
  • Asset CSV imports are now accepted where the records have extra fields.
  • Fingerprint updates.

v2.0.5

2021-03-26

  • The runZero Explorer and runZero Scanner now better support enumeration of Catalyst switches.
  • Administrators can copy the invite link for direct sharing with team members.
  • Issues with image links on the self-hosted version have been resolved.

v2.0.4

2021-03-26

  • The runZero Explorer and runZero Scanner now handle the LPD protocol more carefully.
  • Fingerprint updates.

v2.0.3

2021-03-23

  • The runZero Explorer no longer reports an intermittent “no child processes” message on installation.
  • The runZero Explorer and runZero Scanner now always return wireless results when iwlist is present.
  • The web console now generates agent-removed events for each agent, including for bulk actions.
  • The web console now generates task-failed events for agent restarts and timeouts.

v2.0.2

2021-03-21

  • The runZero Explorer now logs connectivity issues with the websocket protocol in more detail.
  • The self-hosted Rumble platform now supports better automatic configuration.
  • Fingerprint updates.

v2.0.1

2021-03-20

  • A bug that resulted in deleted event rules being processed has been resolved.
  • A bug that could lead to scan stalls in Subnet Ping mode has been resolved.
  • Fingerprint updates.

v2.0.0

2021-03-16

Rumble 2.0 is a roll-up of the 1.16.x releases, along with the following changes:

Web console

  • The new Rules Engine supports advanced alerts and automated asset updates.
  • Organization-level Alerts are now managed at the global level.
  • The Explore menu item has been renamed to Reports.
  • The interface received light cosmetic updates.

Deployment

  • Rumble Agents are now runZero Explorers to better indicate their function.
  • runZero Explorers and runZero Scanners moved to the Deploy menu.
  • Self-hosting of the full platform is now available.

REST API

  • The Account API now provides organization, user, and event management.
  • Support for ServiceNow ® ITOM integration via three new API endpoints.

Scan engine

  • Microsoft Exchange and Outlook Web Access detection has improved.
  • A stall bug in the subnet and host ping modes has been fixed.
  • The number of bogus results ignored is now reported.
  • The npcap driver has been upgraded to v1.20.
  • Fingerprint updates.

v1.16.6

2021-03-06

  • Layer-2 topology reports now display the best matching port and not all ports where an asset was seen.
  • The Rumble Agent and runZero Scanner now handle subnet and host ping modes faster and more accurately.
  • The runZero Scanner now processes gzip-compressed imports faster.
  • Fingerprint updates.

v1.16.5

2021-02-27

  • Assets that were previously identified with through a TCP RST, but otherwise had no services, have been removed from the platform.
  • The Rumble Agent and runZero Scanner now collect more data about exposed SSH authentication methods.
  • A regression related to asset tracking based on the TCP/IP fingerprint has been resolved.
  • Fingerprint updates.

v1.16.4

2021-02-26

  • The Rumble scan engine now ignores assets where all TCP ports are closed and no other services are available. This reduces the reporting of bogus hosts when scanning through certain firewalls.
  • The task summary and task details now report how many assets were ignored due to having no valid services. This highlights how much network interference may be present.
  • The macOS binaries have moved to a new code signing process. Agents for macOS that have been offline for some time may require a manual update.
  • The live asset count and project asset count was calculated incorrectly for users with deleted organizations. This has been corrected.
  • Search queries that contained string matches against <% and %> now work as expected.
  • Fingerprint updates.

v1.16.3

2021-02-25

  • Fingerprint updates.

v1.16.2

2021-02-24

  • Rumble Agents can now have tags applied in the per-agent settings page.
  • Events are now regularly generated for offline agents.
  • Fingerprint updates.

v1.16.1

2021-02-21

  • The Rumble scan engine now supports a maximum TTL for all scan traffic.
  • The Rumble scan engine now supports subnet ping and host ping modes.
  • The Rumble scan engine now distributes scan traffic more evenly across subnets.
  • The Rumble scan engine now reports and tracks closed TCP ports.
  • The Rumble scan engine now reports additional ICMP fields.
  • The Rumble scan engine now auto-scales the group size.
  • Apple macOS is now partially supported on ARM systems.
  • Fingerprint updates.

v1.16.0

2021-02-09

  • This includes a roll-up of all 1.15.x point releases.
  • VMware ESXi versions are now reported correctly.
  • Fingerprint updates.

v1.15.6

2021-01-31

  • The Inventory Search, Exports, and Reports are now significantly faster for large organizations.
  • Fingerprint updates.

v1.15.5

2021-01-28

  • The Agents page will now flag any Windows Agents with an obsolete version of Npcap installed.
  • Fingerprint updates.

v1.15.4

2021-01-26

  • The JARM probe in the runZero Scanner and Rumble Agent has been upgraded.
  • Fingerprint updates.

v1.15.3

2021-01-23

  • The runZero Scanner and Rumble Agent now gather serial numbers from SNMP devices.
  • The 169.254.0.0/16 subnet is no longer ignored when processing scan results.
  • The runZero Scanner and Rumble Agent now detect the TeamViewer protocol.
  • Partial site scans now consider ARP cache data from the entire site.
  • The runZero Scanner now supports importing gzip-compressed scan data.
  • The runZero Scanner and Rumble Agent now detect the CheckMK service.
  • Fingerprint updates.

v1.15.2

2021-01-19

  • The dashboard now links to the top 5,000 results for asset types and service details.
  • Rumble-provided queries can now be saved as per-account copies and modified.
  • Partial site scans will now use ARP cache entries from the rest of the site.
  • Fingerprint updates.

v1.15.1

2021-01-16

  • This resolves an issue with the Crestron probe that could cause concurrent scans on the same agent to hang.
  • Fingerprint updates.

v1.15.0

2021-01-12

  • This is a roll-up of all 1.14.x point releases.
  • Fingerprint updates.

v1.14.9

2021-01-10

  • The Rumble Agent and runZero Scanner now support the Crestron discovery protocol.
  • The Rumble Agent and runZero Scanner now capture TLS fields from PostgreSQL services.
  • Fingerprint updates.

v1.14.8

2021-01-06

  • Rumble Agent proxy usage has been improved to handle additional corner cases.
  • Fingerprint updates.

v1.14.7

2021-01-05

  • Rumble Agent and runZero Scanner updates now use any proxies configured in the environment.
  • Web screenshots now ignore any proxies configured in the environment.
  • Fingerprint updates.

v1.14.6

2021-01-04

  • A minor memory leak in the Rumble Agent and runZero Scanner’s HTTP2 probe has been resolved.
  • Web screenshots now ignore any proxy configured for the Rumble Agent communication.
  • Web screenshots no longer leave zombies in additional environments.
  • Fingerprint updates.

v1.14.5

2020-12-28

  • A memory leak in the Rumble Agent and runZero Scanner has been resolved.
  • Web screenshots no longer leave zombies in environments without init.
  • Fingerprint updates.

v1.14.4

2020-12-24

  • Services with empty virtual hosts will be consolidated into the first non-empty virtual host service where applicable.
  • Subtasks created by a recurring scan will now carry the “defaults” parameters forward.
  • Fingerprint updates.

v1.14.3

2020-12-19

  • A memory leak in the Rumble Agent and runZero Scanner has been resolved.

v1.14.2

2020-12-17

  • The Rumble Agent and runZero Scanner runtime has been upgraded.
  • The Rumble Agent and runZero Scanner now use npcap 1.10.
  • The site scan API now handles custom probe configurations.
  • The task stop API documentation has been updated.
  • Fingerprint updates.

v1.14.1

2020-12-14

  • Agents can now be automatically assigned to their connected sites from the Manage menu.
  • Scan tasks configured through the API now handle the probes parameter correctly.
  • PAN-OS virtual MACs are now ignored for asset correlation.
  • Scan task parameters are now consistently normalized.
  • Fingerprint updates.

v1.14.0

2020-12-08

  • SNMP System Description fingerprints now take precedence over SSH-based OS matches.
  • Fingerprint updates.

v1.13.11

2020-12-02

  • A bug that caused certain API calls to return a 500 instead of a 400 error when called with a non-JSON content type has been resolved.
  • Bogus services caused by captive portals, honeypots, and certain firewalls are now automatically ignored.
  • Fingerprint updates.

v1.13.10

2020-12-01

  • Agent to cloud communication is now limited to the console.rumble.run hostname and two IPv4 addresses (13.248.161.247, 76.223.34.198).
  • The breadcrumbs are now navigable across the product user interface.
  • Fingerprint updates.

v1.13.9

2020-11-25

  • Inventory search boxes now have autocompletion for search keywords (name:, hardware: and so on). Completion can be triggered via keyboard (tab, enter) or mouse.
  • The documentation for search queries has been updated and cleaned up.
  • Tag editing dialogs now autocomplete from your top 50 most used tags.
  • Some search keywords have been updated to be more consistent.

v1.13.8

2020-11-23

  • The Rumble Agent and runZero Scanner now collect JARM TLS hashes
  • The Explore menu now offers additional reports, including JARM.
  • Fingerprint updates.

v1.13.7

2020-11-20

  • The fingerprinting engine was updated to support more precise device detection.
  • Support for new mDNS fingerprints, including M1-based Apple devices.
  • Various security fixes to address findings from an ongoing audit.
  • Fingerprint updates.

v1.13.6

2020-11-19

  • The task details page now shows the scan speed in the upper left section.
  • Fingerprint updates.

v1.13.5

2020-11-13

  • The Rumble Agent and Scanner have been updated to work with macOS Big Sur.

v1.13.4

2020-11-12

  • The Rumble Agent, Scanner, and Console now use the latest Go runtime.
  • Fingerprint updates.

v1.13.3

2020-11-10

  • Assets with both SMB v1 and v2 enabled are now fingerprinted more consistently.
  • The BACnet probe now supports multiple ports per scan.
  • Fingerprint updates.

v1.13.2

2020-11-08

  • Session and login timeouts can now be configured from the Account Settings page.
  • The Subnet Grid report is now faster and supports RTT, TTL, and Age color modes.
  • Fingerprint updates.

v1.13.1

2020-11-05

  • The new Account Settings page allows MFA to be enforced and provides the ability to block Support access.
  • Fingerprint updates.

v1.13.0

2020-11-03

  • This is a roll-up of all 1.12.x point releases.
  • Fingerprint updates.

v1.12.9

2020-10-25

  • The runZero Scanner and Rumble Agent now decompress non-negotiated gzip responses from HTTP services.
  • Fingerprint updates.

v1.12.8

2020-10-25

  • The Subnet Utilization report now sorts networks by density more accurately.
  • The Subnet Grid report is now slightly faster with large networks.
  • Asset correlation now ignores bogus replies for SMB and RDP.
  • Fingerprint updates.

v1.12.7

2020-10-24

  • The Team page now contains a tab showing which users have access to the active organization.
  • Users with per-organization admin roles are now able to manage user accounts.
  • Fingerprint updates.

v1.12.6

2020-10-22

  • Users with the “No Access” permission are now able to manage their own account settings.
  • Users can now have a Billing role that is limited to license and entity management.

v1.12.5

2020-10-21

  • Inventory searches with the haspublic keyword now handle multi-homed systems correctly.
  • Inventory searches for full and partial IPv4 addresses are now treated as host queries.
  • The Subnet Utilization percentage is now calculated correctly for sites with non-default masks.
  • Asset tags set from the Inventory page are now additive and will be merged into existing tags.
  • Asset tags are now shown on the overview page.
  • Small improvements to the Task Search page.

v1.12.4

2020-10-21

  • The runZero Scanner and Rumble Agent now handle an even wider range of SNMP devices when polling the ARP cache.
  • Fingerprint updates.

v1.12.3

2020-10-20

  • The runZero Scanner and Rumble Agent now handle a wider range of SNMP devices when polling the ARP cache.
  • Fingerprint updates.

v1.12.2

2020-10-17

  • The runZero Scanner terminal UI has been cleaned up and generally improved.
  • Fingerprint updates.

v1.12.1

2020-10-15

  • The runZero Scanner and Rumble Agent now deduplicate overlapping target network ranges.
  • Fingerprint updates.

v1.12.0

2020-10-13

  • This is a roll-up of all 1.11.x point releases.

v1.11.9

2020-10-11

  • The runZero Scanner can now automatically update when run with the upgrade argument.
  • The Rumble Agent can be installed via a static MSI wrapper.
  • Fingerprint updates.

v1.11.8

2020-10-04

  • The scan engine is now more consistent through the addition of UDP retries and by pre-warming the ARP cache for each target group.
  • Fingerprint updates.

v1.11.7

2020-09-28

  • The Rumble Agent and runZero Scanner now include npcap version 1.0.
  • Fingerprint updates.

v1.11.6

2020-09-23

  • Users with the the Viewer role are now restricted to the Dashboard, Inventory, Explore, and Agents screens.
  • Fingerprint updates.

v1.11.5

2020-09-21

  • A regression in the license expiration tracking of the runZero Scanner has been resolved.
  • Fingerprint updates.

v1.11.4

2020-09-18

  • Fingerprint updates.

v1.11.3

2020-09-13

  • Fingerprint updates.

v1.11.2

2020-09-11

  • Organizations can now be converted to Projects from the settings page.
  • The top-level organization navigation has been updated.

v1.11.1

2020-09-09

  • Accounts with a default organization role of “user”, but a per-organization role of “none” were inadvertently prevented from accessing certain features.
  • An intermittent crash in the Rumble Agent was identified and resolved.

v1.11.0

2020-09-09

  • This is a roll-up of all 1.10.x point releases.

v1.10.8

2020-09-08

  • Projects are now available as temporary, self-deleting organizations. These are useful for one-off scans and exploring historical data.
  • Web screenshots now try additional Chrome locations on the Windows platform.
  • Over 10,000 new SNMP fingerprints have been added.
  • Small bugfixes and cosmetic improvements.
  • Additional fingerprint updates.

v1.10.7

2020-09-01

  • Web screenshots now retry on timeouts and choose the best quality image automatically.
  • Web screenshots now use more concurrent Chrome processes on x86 systems, based on available memory.
  • The Rumble Agent and runZero Scanner now track CPU and memory usage across the life of a scan.
  • Fingerprint updates.

v1.10.6

2020-08-22

  • The Rumble Agent, runZero Scanner, and Rumble Console now compress raw scan by default. The scan.rumble output from the scanner has been renamed to scan.rumble.gz. The web console and API can import both compressed and uncompressed versions of this data. Existing scan data will be migrated to the compressed form automatically. This change helps with bandwidth usage by agents and speeds up large imports over the network.
  • The Tasks view now links to the inventory search for each associated site.
  • The status of agent-run scans is now updated more frequently.

v1.10.5

2020-08-21

  • The completed task list now shows the task runtime in the information column.
  • The task views now also link to the inventory view of each site.
  • Fingerprint updates.

v1.10.4

2020-08-17

  • A regression in the runZero Scanner that prevented API uploads from succeeding has been resolved.
  • Fingerprint updates.

v1.10.3

2020-08-14

  • Small bug fixes and dependency updates across the platform.
  • Fingerprint updates.

v1.10.2

2020-08-12

  • Site exports and imports now include the registered subnets.
  • Bulk asset updates are now possible by importing a modified CSV export from the Inventory screen.

v1.10.1

2020-08-11

  • A bug that made it difficult to query subnet tags with multiple subnets per tag has been resolved.
  • Fingerprint updates.

v1.10.0

2020-08-04

  • The console user interface received a light update around colors and styles.
  • Event logs are now available in the console.
  • Fingerprint updates.

v1.9.10

2020-08-03

  • A bug that prevented Scan Tags from being shown in the Scan Configuration form has been resolved.
  • The DNS and mDNS probes now always report the protocol, even for error responses.
  • Fingerprint updates.

v1.9.9

2020-08-02

  • Site scopes now automatically convert CIDR input into registered subnets.
  • Scan tasks can now have their Scope and Excludes pinned to their associated site using the string “defaults”.
  • Scan tasks can now be pinned to the default TCP service list using the string “defaults”.
  • A bug that caused non-Windows SMB-enabled services to be identified as Windows has been resolved.
  • A bug that caused SMB v1 to be reported incorrectly as been resolved.
  • Fingerprint updates.

v1.9.8

2020-07-29

  • A bug that prevented the Delete and Merge buttons in the Service Inventory toolbar from working has been resolved.
  • A bug that led to the wrong title being shown in the FTP Service Attribute report has been resolved.
  • Fingerprint updates.

v1.9.7

2020-07-22

  • A bug that prevented the Inventory Import action from recognizing valid scan data has been resolved.
  • The Rumble Agent and runZero Scanner are now much more reliable for lossy network environments.

v1.9.6

2020-07-21

  • The TCP probes have been updated to be less bursty. This resolves an issue where scans consisting of mostly HTTP services can timeout and lose valid responses.
  • The TCP fingerprinter now handles unexpected termination more gracefully. This improves the reliability of AWS ELB scans and should help with a reliability across a range of services.

v1.9.5

2020-07-20

  • All paid plans now support Continuous recurring scans. These scans will run back-to-back and can simplify continuous monitoring. An agent running continuous scans will not run additional scans unless the Concurrency setting is increased beyond 1.
  • Out-of-date agents will be upgraded prior to new scans being run. For the few agents where upgrades are impossible (read-only partitions, network filters, etc), this can delay each scheduled scan by up to five minutes.

v1.9.4

2020-07-18

  • The Rumble Agent and runZero Scanner now include a TLS CA root bundle to work around connectivity issues on older platforms. Bundle selection can be controlled via the environment
  • Fingerprint updates.

v1.9.3

2020-07-16

  • The web screenshot features now tries even harder to prevent orphaned Chrome.exe processes.
  • The Rumble Agent now removes all agent-related files on uninstall.
  • Rumble Agents can now be reassigned to other organizations.

v1.9.2

2020-07-12

  • The Export API now supports an optional fields parameter that determines which fields are exported in JSON/JSONL exports. The fields parameter is supported for Assets, Services, Wireless, and Sites.

v1.9.1

2020-07-09

  • A bug in the scan engine that could cause scans to hang when probing unresponsive SSH daemons has been resolved.
  • A bug in the scan engine that could result in SMBv1 being reported erroneously on some NAS devices has been resolved.

v1.9.0

2020-07-06

  • A bug in the TFTP probe that could lead to missing results in some cases has been fixed.
  • The SNMP probe now gathers the route table from many types of switches and routers.
  • TCP SYN scans of non-local targets now try harder when there is congestion.
  • Fingerprint matches that include a hardware version are now given priority.
  • Fingerprint matches for SSH daemons now support more platforms.
  • The permanent organization and permanent site can now be deleted/recreated.
  • The Scan Configuration page now shows a notice when input validation failed.
  • The Scan Configuration now shows SNMP parameters at the top of the form.
  • The Network Bridges report now links all external IPs to an internet cloud.
  • The Network Bridges report now uses subnet masks from Sites.
  • The Subnet Utilization report now provides a Scan link for each network.
  • The Subnet Utilization report now uses subnet masks from Sites.
  • The Subnet Grid report now handles errors more gracefully.
  • A bug that prevented some users from logging in has been resolved.
  • Search queries are now slightly faster across assets and services.

v1.8.14

2020-07-02

  • Tasks are now searchable and sortable via the Search tab.
  • A regression in numerical search queries has been resolved.

v1.8.13

2020-07-01

  • The Scan Configuration page now provides an estimated runtime through a confirmation dialog.
  • Trial accounts are now longer limited to scanning a /16 and may now scan a full /8.
  • The Rumble Agent now supports log configuration using the environment. See the documentation for details.
  • The Rumble Agent and runZero Scanner now collect SSH pre-auth banners and host keys.
  • Bogus service responses from Fortigate helpers on ports 80 and 8008 are now ignored.
  • Fingerprint updates.

v1.8.12

2020-06-24

  • The Rumble Agent and runZero Scanner now handle a wider range of ppp-based link types on Linux and macOS.
  • Bogus service responses from Fortigate helpers on ports 21, 25, 80, 110, 143, 8008, 8010, and 8020 are now ignored.
  • Fingerprint updates.

v1.8.11

2020-06-22

  • Bogus service responses from Cisco H.323 helpers on port 1720 are now ignored.
  • The Rumble Agent now stores additional diagnostics in the raw task data.
  • Fingerprint updates.

v1.8.10

2020-06-21

  • Bogus service responses from Fortigate SIP ALG helpers on ports 2000 and 5060 are now ignored.
  • A regression in HTTP handling with redirects and TLS+HTTP headers has been resolved.
  • Fingerprint updates.

v1.8.9

2020-06-20

  • The Rumble Agent and runZero Scanner now handle malformed HTTP responses and redirects better.
  • Fingerprint updates.

v1.8.8

2020-06-18

  • ICMP Echo probes now record the IP header information from the response (useful for Ripple20/Treck detection).
  • The Rumble favicon.ico MD5 fingerprint database has been contributed to the Recog project.

v1.8.7

2020-06-16

  • The Rumble Agent and runZero Scanner now support “cooked” interface types (ppp-based VPNs).
  • The scan engine now extracts additional information from Netgear routers.
  • Fingerprint coverage for Netgear routers has been improved.

v1.8.6

2020-06-15

  • Fingerprint updates.

v1.8.5

2020-06-15

  • Fingerprint updates.

v1.8.4

2020-06-15

  • Fingerprint updates.

v1.8.3

2020-06-14

  • Asset Inventory and Search Inventory performance has been improved.
  • The bundled npcap driver in the Rumble Agent and runZero Scanner for Windows has been upgraded to version 0.9994.
  • Fingerprint updates.

v1.8.2

2020-06-09

  • The runZero Scanner CSV output now includes populated UUID values.
  • The runZero Scanner now creates a standalone bridges.json file for third-party processing.
  • Fingerprint updates.

v1.8.1

2020-06-09

  • A bug that could cause agent uninstalls to crash on BSD platforms has been resolved.

v1.8.0

2020-06-09

  • This release is a roll-up of the 1.7.x changes listed below.

v1.7.13

2020-06-08

  • Sites now support registered subnets. Assets can be queried via the associated Site subnet tags.
  • Tags can be set with empty values and queried more precisely through the Inventory search.
  • Asset fingerprinting via favicon.ico hashes has been implemented.
  • The runZero Scanner now creates a standalone topology.json file for third-party processing.
  • Assets now store the MAC-to-IP relationship in the hidden _macs.ipmap attribute.
  • The Rumble Agent and runZero Scanner now support OpenBSD on x86 (64-bit).
  • Fingerprint updates.

v1.7.12

2020-06-05

  • This release fixes a bug that prevents the Rumble Agent from restarting automatically after an update on certain Debian-based distributions.
  • Fingerprint updates.

v1.7.11

2020-06-04

  • A reliability bug in the Rumble Agent and runZero Scanner for BSD-based platforms (macOS, FreeBSD, NetBSD, DragonFly BSD) has been resolved. This bug would manifest as missing scan results in the TCP SYN and ARP probe responses.
  • The bundled npcap driver in the Rumble Agent and runZero Scanner for Windows has been upgraded to version 0.9992.

v1.7.10

2020-06-02

  • The Rumble Agent and runZero Scanner now support FreeBSD, NetBSD, and DragonFly BSD. FreeBSD and NetBSD support cover the following architectures: x86 (64-bit, 32-bit), ARM v5, ARM v6, and ARM v7. DragonFly BSD is supported on x86 (64-bit).
  • The Rumble Agent and runZero Scanner now support additional Linux architectures. These include x86 (64-bit, 32-bit), ARM v5, ARM v6, ARM v7, ARM 64-bit (aarch64), MIPS (BE/LE), MIPS64 (BE/LE), PowerPC64 (LE), and s390x (IBM Z).
  • The Rumble Agent now runs in standalone mode when no supported services backend is detected.
  • The Rumble Agent now supports automatic updates in standalone mode on non-Windows platforms.
  • The Rumble Agent binary now supports command-line flags (-h, -v, -l) and displays usage.

v1.7.9

2020-05-27

  • MAC address fingerprints are now live. The initial set includes fingerprints for devices manufactured by Amazon, Google, Honeywell, August, SimpliSafe, TRENDnet, FLIR, Microsoft, Belkin, Meross, LG, Logitech, Hunter, Lutron, Orbit, Arlo, Panasonic, Sony, Vizio, Chameleon, iRobot, SharkNinja, Netatmo, Nintendo, HP, Intel, Lenovo, Dell, and PC Engines. MAC fingerprints are used as a fallback when more precise fingerprinting is not available.
  • Microsoft SQL Server versions obtained from the network are now mapped to specific releases and patch levels, enabling queries that look for end-of-life versions and missing patches.
  • Chromecast devices now return additional service attributes, including information about the wireless network that they are connected to. Fingerprinting of older Chromecast models (Gen 1) has been improved. MAC addresses and additional IP addresses from the Chromecast web endpoint is now applied to the asset.
  • MySQL and MariaDB version detection now also applies the appropriate OS fingerprint, if known.
  • HTTP services that return JSON responses now camelCase the attribute names and support a wider range of data types. This impacts JSON-based HTTP interfaces such as ElasticSearch and Riak HTTP.
  • OS and Hardware matching is more precise after adjustments were made to the weighting and priorities. The most precise and most confident fingerprint should always be chosen going forward.
  • The confidence of the OS match is now reported as the asset-level match.score attribute. This may be renamed to match.os.score in the future as we accommodate more granular hardware weights.
  • NTLMSSP-based OS matching now disqualifies systems that are obviously not Windows (BSD-based stacks, etc).
  • Brother printers now use distinct hardware and firmware (OS) fingerprints. This should address cases where the firmware version overrode the hardware model by mistake.
  • Release notes are now consolidated across the Platform, Agent, and Scanner.
  • Versioning is now shared across the Platform, Agent, and Scanner.

Archived release notes

Prior to version 1.7.9, release notes and versions were split between the Platform, Agent, and Scanner. You can find these archived release notes at the links below.