Rumble 2.13 Sync assets & software from SentinelOne, track more cloud resources, view cross-organization inventory, and schedule automated reports

What's new with Rumble 2.13? #

• Sync asset and software inventory from SentinelOne
• Explore software identified through runZero scans
• Track more cloud resources from AWS, Azure, and GCP
• Work with your asset inventory across organizations
• Schedule and email the Organization Overview Report

Sync assets and software from SentinelOne #

Rumble Enterprise users can now enrich their inventory with an authenticated API connection to SentinelOne. This enables you to search for SentinelOne attributes in Rumble and find assets missing SentinelOne (not source:sentinelone and (type:server or type:laptop or type:desktop)). Rumble automatically correlates SentinelOne assets to scanned assets based on unique fields.

The SentinelOne integration also imports software inventory data. Software attributes include publisher, product, version, installation date, and installation size.

Set up the connection to SentinelOne.

Explore software identified through Rumble scans #

View, search, and export the new software inventory, including vendor, name, and version as well as the corresponding asset in the new software tab. This inventory is populated through third-party integrations, such as SentinelOne, and by identifying network-exposed software through normal unauthenticated scans.

See what is in your software inventory.

Track more cloud resources from AWS, Azure, and GCP #

Discover databases and load balancers in AWS, Azure, and GCP.

Rumble now synchronizes the following cloud asset types:

AWS

• EC2 - Provides scalable computing capacity in the Amazon Web Services (AWS) Cloud
  • Query (for version 2.1 and later): @aws.ec2.type:="ec2"
• Elastic Load Balancer - Automatically distributes incoming application traffic across multiple targets and virtual appliances in one or more availability zones
  • Query: has:@aws.elbv2.loadBalancerArn
• Lambda - Serverless, event-driven compute service that lets you run code without provisioning or managing servers
  • Query: @aws.lambda.type:"lambda"
• RDS - Collection of managed databases including Aurora, MySQL, MariaDB, PostgreSQL, Oracle, and SQL Server
  • Query: @aws.rds.type:="rds"

Azure

• Virtual Machine - Computing service that allows users to host their applications or systems in the cloud
  • Query (for version 2.6 and later): @azure.vm.type:="Microsoft.Compute/virtualMachines"
• Virtual Machine Scale Sets - A group of load balanced VMs to provide high availability to your applications
  • Query: @azure.vmss.type:="Microsoft.Compute/virtualMachineScaleSets/virtualMachines"
• Azure SQL - Family of fully managed SQL database services, built upon the same SQL Server engine
  • Query: @azure.azsql.type:="Microsoft.Sql/servers"
• Azure Cosmos DB - Fully managed NoSQL database for modern app development with support for MongoDB, Cassandra, Gremlin, and Table
  • Query: @azure.cosmos.type:="Microsoft.DocumentDB/databaseAccounts"
• Load Balancer - Evenly distributes load (incoming network traffic) across a group of backend resources or servers
  • Query: @azure.lb.type:="Microsoft.Network/loadBalancers"

GCP

• Compute Instance - A virtual machine (VM) hosted on Google's infrastructure
  • Query (for version 2.12 and later): @gcp.vm.type:="compute#instance"
• CloudSQL - Fully managed relational database service for MySQL, PostgreSQL, and SQL Server
  • Query: @gcp.cloudsql.kind:="sql#instance"
• Load Balancer - High-performance, scalable load balancing on GCP
  • Query: @gcp.lb.kind:="compute#urlMap"

For AWS and GCP you may need to set up additional APIs or credentials to enable Rumble to inventory these resources. Review the AWS documentation or GCP documentation to see if this is necessary before trying the queries above.

Work with your asset inventory across organizations #

You can now work with your asset inventory across organizations and do things like:

• View the dashboard with aggregated visualizations
• Search across organizations in the inventory
• Export cross-organizational inventory data

Rumble uses organizations to separate logical entities for role-based access control (RBAC). Our Professional and Enterprise users told us they would like to search and report across organizations. We listened.

This feature is only available in Rumble Enterprise and Professional. To try out this feature, select All Organizations in the Organizations dropdown on the upper right of your screen. Rumble continues to enforce per-organization RBAC, so All Organizations only includes the ones to which you have at least view permissions.

Schedule and email the Organization Overview Report #

You can now schedule the Organization Overview Report and automatically email a link when the report is ready. This report provides a high-level overview of the organization and can optionally include asset details and web screenshots. Print-friendly, this report can be converted to a PDF and shared with external stakeholders. Read more about the Organization Overview Report

Schedule and email the Organization Overview Report.

Release notes #

The Rumble 2.13 release includes a rollup of all the 2.12.x updates, which includes all of the following features, improvements, and updates.

New features #

• Sync asset and software inventory from SentinelOne
• Explore software identified through Rumble scans
• Track more cloud resources from AWS, Azure, and GCP
• Work with your asset inventory across organizations
• Schedule and email the Organization Overview Report

Integration improvements #

• The CrowdStrike integration now generates downloadable task data that can be used for importing CrowdStrike assets.
• The CrowdStrike connector now handles API service outages more gracefully.
• The CrowdStrike and Miradore integrations can now be run as scan probes from the console and scanner CLI.
• The AWS connector now tags each instance with the associated AWS account email.
• Credential access can now be toggled to allow or disallow all organizations during credential creation.
• AWS credentials enabling STS assume role workflows are simplified to only require a role name.
• Added ability to truncate syslog to a specified line length.
• A performance issue that could cause long load times for the credentials page has been fixed.
• A bug that prevented new CrowdStrike credentials from being stored has been fixed.
• A bug that caused reports for certain AWS attributes to show empty results has been fixed.
• A bug that caused VMware instances with non-unique UUIDs to be handled incorrectly has been fixed.

Inventory management improvements #

• The organization overview report can now be generated and emailed to desired recipients on a recurring schedule.
• The Alert Rules form now handles very long queries in the Test Query action.
• Speed of the RFC 1918 Coverage Report has been greatly improved.
• A bug where certain analysis tasks could error when an asset-query-results rule is enabled has been resolved.
• A bug that reported Windows OSes incorrectly for VMware has been fixed.
• A bug that prevented the organization overview report from being visible in Rumble Professional has been fixed.
• A bug that prevented searching for bssid wireless values has been fixed.
• A bug that led to visual errors on the asset details screen has been resolved.
• A bug that could prevent deleting services from the services inventory has been resolved.
• A bug that could lead to partial stats being shown in the dashboard for multi-site organizations has been resolved.
• A bug that could cause the service to reload during task processing has been resolved.
• A bug that caused stale SNMP credentials to stay associated with an asset has been fixed.

Scan engine improvements #

• The scan configuration site scope warning now accurately reflects the site default scope.
• The individual probe options in the Scan Config screen are now consistently sorted.
• The Scan menu now provides an option to run a new scan using an existing template.
• The Scan menu now links to Scan Template selection with a search interface.
• Assets with external IP addresses will now be tagged with their geographic location and ASN when available.
• A bug that led to the scan engine logging a debug message related to LDAP has been fixed.
• A bug that could prevent scan templates from being saved has been resolved.
• A bug that allowed IPs not in the scan scope to be used as primary addresses has been fixed.

Self-hosted platform improvements #

• The self-hosted rumblectl update command now also applies content updates.
• A bug that could prevent self-hosted content updates from working when /opt was on a different file system from /tmp has been fixed.
• A bug that could lead to duplicate pre-built queries in self-hosted installations has been resolved.

Fingerprinting changes #

• Support for Ubiquiti Discovery Protocol version 2
• Additional support for products by 2N, Amag, AVTECH, AXIS, BitDefender, Bosch, Buffalo, Clearly IP, D-Link, Datamax-O'Neil, Develop, Devolo, Digium, EnGenius, FS, Heatmiser, Honeywell, HP, Moxa, Netgear, OctoPrint, ORing, Panasonic, Poly, Raspberry Pi, Ricoh, Rockwell Automation, Roku, Ruckus, Samsung, Savant Systems, SiliconDust, Silex Technology, Sony, Synaccess, Synology, Tenda, TP-LINK, TrendMicro, Ubiquiti, VMware, WAGO, Whirlpool, Xerox, Yealink, and Zyxel

User access and management improvements #

• The organization users table now displays effective access for each user.
• An intermittent issue that caused some external invitation emails to be missing activation codes has been fixed.
• A bug that could prevent group members from being displayed on an organization’s users page has been fixed.
• A bug that could prevent adding users to groups has been fixed.

API improvements #

• Tags can now be applied, updated, and deleted in bulk using the API.

Start your free trial #

Want to take Rumble for a spin? Sign up for a free trial to try out these capabilities free for 21 days.