Asset Change Tracking & Notifications (Alerts) #
Beta 3 is here and ships with network change tracking and notifications (edit: now alerts in v1.0.0)! Combined with recurring scans, Rumble now provides detailed asset tracking across local, remote, external, and cloud assets with notifications sent by email or webhook (including Slack!). This release also includes keyword-based search for the Inventory, a major overhaul of the scan engine, and tons of small improvements. Check out the release notes below for a complete list of changes since Beta 2.
Product Documentation #
Documentation has been updated and consolidated into our new product documentation portal. If you can't find something, please drop us a line and let us know.
Release Notes #
-
Asset change tracking, notifications, notification rules, and notification channels have been implemented. Combined with recurring scans, this provides basic network monitoring and change notification, with support for internal notifications, email groups, and anything that exposes web hooks, including Slack.
-
The Inventory now supports custom search queries, with defined keywords, which also apply to JSON and CSV exports.
-
Task details are now displayed, including recurring scan schedules, and change reports for Scan tasks.
-
Rumble scans now distribute probes across all targets more evenly, limiting per-host packet rates to 50/s unless overridden with --max-host-rate. This improves the consistency of scan results against low-performance network connected devices (printers, power device network cards, and low-end internet of things devices, such as the ESP32).
-
Incoming links to the Rumble Console no longer force reauthentication.
-
Scan tasks that are sent to an agent, but not reported on within 15 minutes are automatically requeued. This resolves situations where jobs become stuck due to a terminated, reset, or otherwise unavailable agent (for example, a laptop suspend).
-
Rumble binaries (agent and scanner downloads) can now be validated independently using the Rumble Verifier. The verifier is provided with PGP signatures for each platform and SHA-256 sums.
-
ARP and ICMP ECHO probes will now now retry automatically for non-responsive hosts. This improves the consistency of detection of low-powered network connected devices, especially on wireless networks.
-
Target hostnames entered into the scan scope are now resolved by either the agent local nameserver or a custom set of nameservers specified in the scan configuration. Target hostname resolution is now consistent across all supported architectures.
-
Scan exclusions can be configured per-site and per-scan. Site exclusions set the default for all new scans of that Site.
-
Hostnames entered into the scan scope are now used for asset correlation; all addresses resolved from a given hostname are grouped together, and probes using HTTP and TLS specify the host header and server name extension as appropriate.
-
runZero Scanner output now includes global settings in the config record.
-
Improved progress reporting based on the relative work load of a given probe. Scans that supply a large port range will now reflect their progress more accurately.
-
ICMP ECHO scans now drop replies received from out-of-scope ranges, preventing ghost assets from being reported.
-
Rumble Agent and runZero Scanner now use npcap v0.993, which includes a number of bug fixes and performance improvements.
-
The MAC fingerprint database has been updated using the latest data from the mac-ages project.
-
Tons of small UI updates.
-
New Rumble icons!
