Vancouver |
- Leverage Exploit Prediction Scoring System (EPSS) score for vulnerability prioritisation
- Use the Exploit Prediction Scoring System (EPSS) integration to import the EPSS data that is related to common vulnerabilities and exposures (CVEs) from First.org to enrich the NVD data in your instance to
prioritize and remediate vulnerabilities.
- GitHub Application Vulnerability Integration
- Import Static application security testing (SAST) and Software Composition Analysis (SCA) data with the GitHub Application Vulnerability Integration to help you view the vulnerability alerts in the repositories
of your GitHub environment.
- Veracode Vulnerability Integration
- The following enhancements to version 4.1 of the Veracode JSON Vulnerability Integration help you to perform the following tasks:
- Add multiple Severity values provided by Veracode on the integration configuration page to help you filter imports. Only the records that match your filters are displayed.
- Configure the time in hours for scheduled jobs with the start time buffer property (sn_vul_veracode.import_starttime_buffer). The value that you enter is subtracted from a job's
Start Time (delta_start_time) to help you avoid conflicts.
- Retrieve all of an application's associated projects with the Links project Integration. Imported data, such as Last SCA Scan Date, is displayed on the discovered applications, scan
summaries, and application vulnerable item (AVI) records.
- Triage your imported application vulnerabilities with ServiceNow workflows. The following options on the configuration page are activated by default:
- Fortify Vulnerability Integration
- Starting with version 2.2, triage your imported application vulnerabilities with ServiceNow workflows. The following options on the configuration page are activated by default:
- Agile management integration with Vulnerability Response
- Leverage the tools for issue tracking and agile management, such as Atlassian
Jira, for vulnerability remediation. Vulnerability Response is integrated with Atlassian
Jira to create issues that correspond to vulnerabilities. They’re synchronized with the issue entity in Jira and the vulnerability item entity in Vulnerability Response bidirectionally to reflect the latest updates.
- Veracode Vulnerability Integration
- Integrations were added to version 4.0 of the Vulnerability Response Integration with Veracode so that you can do the following tasks:
- Use the Veracode Categories Integration to import the category data.
- Use the Veracode CWE Integration to import the remediation recommendations for threat information that is reported by Veracode.
- Use the Veracode SBOM Integration to upload and parse SBOMs that are generated by Veracode in the CycloneDx format.
- View the Veracode DevOps Integration on the Application Vulnerability Integrations list in Application Vulnerability Response. If you have a DevOps Change Velocity license, this feature is structured so that DevOps users do not need a SecOps license to view the summary details for
the third-party vulnerability scans. There’s no impact or change to Application Vulnerability Response.
- Import data via a JSON REST API with the Veracode Application List, Veracode Scan Summary, and Application Vulnerable Item integrations.
- Importing parameters that were added to the Veracode Vulnerability Integration instance
- Starting with version 4.0 of the Vulnerability Response Integration with Veracode, you can modify the following import parameters:
- import manual: Import manual penetration testing results from Veracode.
- import_sca: Import Software Composition Analysis (SCA) vulnerabilities.
- status: Import findings in Open, Closed, or both Open and Closed states.
- policy_sandbox: Import records that correspond to a policy or to a sandbox. These records might be related to the application testing in your environment.
- policy_rule_passed: Import only the records that have passed a policy rule. These records might be related to the application testing in your environment.
- Viewing the integration dashboards from the Vulnerability Manager workspace
Starting with version 19.0 of Vulnerability Response and version 2.1, the following dashboards are only available from the workspaces:
- Watchdog overview dashboard
- Qualys overview dashboard
- Rapid7 integration run status dashboard
- Prisma Cloud Compute (CVR) integration run status dashboard
- Vulnerability Approvals dashboard
- Vulnerability Remediation dashboard
- Vulnerability response usage dashboard
- Microsoft TVM integration run status dashboard
- Tenable integration run status dashboard
- Qualys integration run status dashboard
- Timestamps (heartbeats) to indicate that the queue is alive
- Starting with v19.0 of Vulnerability Response, timestamps (heartbeats) are sent periodically to indicate that the queue is alive and processing valid data. Previously, the integration processes were timing out after one hour,
even if the import queue entry was still being processed. As a result, the integration run status was being updated as an error.
- Timestamps (heartbeats) to indicate that the queue is alive
- Starting with v19.0 of Application Vulnerability Response, timestamps (heartbeats) are sent periodically to indicate that the queue is alive and processing valid data. Previously, the integration processes were timing out
after one hour, even if the import queue entry was still being processed. As a result, the integration run status was being updated as an error.
- Timestamps (heartbeats) to indicate that the queue is alive
- Starting with v2.1 of Container Vulnerability Response, timestamps (heartbeats) are sent periodically to indicate that the queue is alive and processing valid data. Previously, the integration processes were timing out after one
hour, even if the import queue entry was still being processed. As a result, the integration run status was being updated as an error.
- Timestamps (heartbeats) to indicate that the queue is alive
- Starting with v14.9 of Configuration Compliance, timestamps (heartbeats) are sent periodically to indicate that the queue is alive and processing valid data. Previously, the integration processes were timing out after one
hour, even if the import queue entry was still being processed. As a result, the integration run status was being updated as an error.
- New detection key NIC for Rapid7 Insight VM
- Starting with v19.0 of Vulnerability Response, a new detection key Network Interface Controller (NIC) is added for Rapid7 InsightVM. It’s activated by default. New detections are calculated based on the existing key combinations and the NIC.
- New integration instance parameter to close stale detection for Rapid7 InsightVM
- The close_stale_detections parameter closes the stale detections that are no longer coming through the Rapid7 API via Rapid7 Comprehensive Vulnerable Item Integration -
API.
- Rapid7 Data Warehouse solution populated onto vulnerable items directly by Rapid7
- Starting from v19.0 of Vulnerability Response, the preferred solution, generated by Rapid7 Data Warehouse, is directly populated onto the vulnerable items by Rapid7 bypassing the need for Vulnerability Solution Management.
- Categorizing the unmatched cloud assets from Qualys, Rapid7, and Tenable integrations into Unclassed Hardware or Cloud Resource class
- Starting from v20.0 of Vulnerability Response, you can categorize the unmatched cloud assets from Qualys, Rapid7, and Tenable integrations into the Unclassed Hardware or Cloud Resource class
by using the sn_sec_cmn.unmatched_cloud_resource_enabled system property.
- Identifying the assets with agent from Tenable.sc integration
- Starting from v20.0 of Vulnerability Response, you can identify the assets under agent scans from Tenable.sc integration.
- Populating malware information from Qualys
- Starting with v12.9.2 of Qualys, malware information from the Qualys knowledge base would be populated and shown as a related list on the Third-party Entry (QID).
Starting with version 12.9.2 of Qualys, you
have the option to choose between Basic Authentication or OAuth for rest API calls.
- Quick Start Tests for Vulnerability Response
After upgrades and deployments of new applications or integrations, run quick start tests to verify that Vulnerability Response works as expected. If you customized Vulnerability Response, copy the quick start tests and configure them for your customizations. |
Washington DC |
- Black Duck Vulnerability Integration 1.0
- Identify and mitigate the open-source code vulnerabilities detected by Black Duck Software Composition Analysis (SCA) tool ingested into Application Vulnerability Response to reduce the risks.
- GitHub Application Vulnerability Integration v1.1
- Import application information from your GitHub repositories with the GitHub Repos Integration. Imported data is stored in the Discovered Applications [sn_vul_app_release] table. The GitHub CodeScan and Dependabot integrations require current application data that is imported by the GitHub Repos Integration.
Enhancements to the (OAuth) authentication credentials on the GitHub Configuration page.
- Enhancements to the Veracode Vulnerability Integration v4.2
- Select Get More Details on Veracode application vulnerable items (AVITs) on the Application Vulnerable Item [sn_vul_app_vulnerable_item] table or from the list views in the Vulnerability Response Workspaces to view the following data imported from Veracode:
- HTTP Source request and Source response details for Dynamic Application Security Testing (DAST) scans are displayed on the HTTP Request/Response related list.
- Solution recommendations from Veracode are displayed on the Findings related list.
- HTTP Source request, Source response, and recommendations are displayed on the Details tab In the Vulnerability Response workspaces.
- The Description column is supported on the Application Vulnerable Item [sn_vul_app_vulnerable_item] table.
- Enhancements to Application Vulnerability Response AVIT Vulnerability Integrations
- View details such as total processing times, average times for pre- and post-integration run processes, and reports on the integration run records for the Fortify (v2.3), Invicti (v1.1), and Veracode (v4.2) Application Vulnerable Item (AVIT) Integrations.
- Leverage Exploit Prediction Scoring System (EPSS) score for vulnerability prioritization
- Enrich the NVD data in your instance to prioritize and remediate vulnerabilities by using the Exploit Prediction Scoring System (EPSS) integration to import the EPSS data that is related to common vulnerabilities and
exposures (CVEs) from FIRST.org.
- Ingest Known To Be Used in Ransomware Campaigns
- Beginning with v21.0.5 of Vulnerability Response, a new field, Known To Be Used in Ransomware Campaigns, is ingested from the Cybersecurity & Infrastructure Security Agency (CISA) Known Exploited Vulnerabilities (KEVs)
catalog.
- Generate solutions by Rapid7 InsightVM using solution_id
-
Beginning with v21.0.5 of Vulnerability Response, there’s an update in the solution creation process for Rapid7 InsightVM. Previously, solutions were generated based on the information provided in the solution_summary, solution_fix, and
solution_type fields. However, with this update, Rapid7 InsightVM utilizes the solution_id sent by the scanner to create solutions even if the solution_summary, solution_fix, or solution_type fields are empty.
|
Xanadu |
- Scan vulnerabilities on running hosts
- Starting with v3.0.3 of Vulnerability Response Integration with Palo Alto Networks Prisma Cloud Compute, you can scan vulnerabilities on running hosts. The Prisma Host APIs enable retrieval of comprehensive vulnerability information for a specific host and enable assignment and
remediation workflows
- Populating the CPE information for a Tenable TPE
- The newly added Softwares column in the Third-Party Vulnerability Entries table populates the Common Platform Enumerations (CPEs) information for the Tenable plugins.
|