runZero 3.10 New integrations page, UX improvements, Black Hat 2023!

What's new in runZero 3.10: #

• Integrations page and menu updates
• Redesigned Explorer detail page
• Coming soon!

Integrations page and menu updates #

Previously, runZero customers used the Connect and Export menus to find and utilize integrations in the runZero console. As of 3.10 the Connect drop-down menu has been renamed to Integrate, and a new page has been added to the left menu bar titled Integrations.

The integrations page displays all available integrations for runZero, with direct links to documentation and configuration pages where applicable. The integrations page shows not only the inbound integrations for runZero but our outbound and custom integrations as well, all in one place. We hope this change makes it easier for new and existing customers to configure integrations. It also showcases how runZero can work with other products and technologies in your ecosystem.

Redesigned Explorer detail page #

Officially released in 3.9.6, a redesign of the Explorer detail page refreshes the view of all existing details, and allows runZero users to view Explorer tasks and their status from the details page. Additionally, you can now edit Explorer details directly from the details page.

Coming soon: Want to see what we’ve been devOTing ourselves to lately? #

We have a new feature coming in August to assist with discovering fragile devices in OT environments and beyond. Our R&D teams have worked hard these past few months to make this a reality, and we’re excited to introduce it!

Protocol improvements #

Through this release the research team has added or improved the following items:

• Improved discovery of SSDP services providing visibility into devices that may need those services disabled
• Added additional data extraction capabilities to our SSDP and UPnP probes
• Added detection of SOCKS proxies
• Improved our detection and handling of spoofed/invalid NTLMSSP versions in the SMB probe

Fingerprint improvements #

New fingerprints were added for products by Debian, DW, FRRouting Project, Google, Huawei, IADea, IBM, IndigoVision, ISC, Lexmark, MiniDLNA Project, Netgear, Nokia, ONVU Technologies Group, OpenBSD, Palo Alto Networks, QSI, ServerTech, Siemens, Siqura, Sony, StarSat, Tycho, and Ubiquiti.

Rapid response #

The research team published a blog post about finding vulnerable instances of the Fortinet SSL VPN in response to the publication of a critical vulnerability that could allow remote unauthenticated exploitation.

Release notes #

The runZero 3.10 release includes a rollup of all the 3.9.x updates, which includes all of the following features, improvements, and updates.

New features #

• An integrations page has been added to improve visibility and simplify configuration.
• An update to the Trends tab of Attack Surface Management graphs has been added to show enhanced date and time data.

Product improvements #

• Assets with hostnames starting with a numeric prefix are now allowed to merge.
• Inventory searches using keyword organization properly warn that it cannot be used unless either that specific organization or the All Organizations option are chosen from the drop-down in the upper right of the console.
• Improved detection of various printer models.
• The Explorer details page has been redesigned.
• Improved database performance for asset, site, and organization delete operations.
• Improved database performance for outlier and vulnerability processing.
• Improved database performance for concurrent integration processing.
• Additional MAC address detection through SSDP and UPnP services.
• Improved operating system and hardware fingerprinting of Palo Alto Networks devices.
• Trial accounts can now create Custom Integrations.
• Discovery of SSDP services has been improved.
• Improved handling of email send errors.
• Asset correlation has been improved for switches with overlapping MAC addresses.
• Improved detection of AIX systems.
• Reduced OS fingerprinting false positives against assets with non-Microsoft SMB stacks.
• Improved handling of login tokens.

Integration improvements #

• Improved import of assets from Azure Active Directory.

Bug fixes #

• A bug that could cause the MDNS probe to panic in limited scenarios has been resolved.
• An issue that could result in the old Explorer details pages being shown has been resolved.
• A bug preventing Microsoft 365 Defender OAuth Client Credential tokens from accessing Azure government environments has been resolved.
• A bug that could result in invalid Last Seen values for Rapid7 assets has been resolved.
• A bug that could lead to stale service entries has been resolved.
• A bug causing some goals to return an error has been resolved.
• An issue that could prevent alert rule actions from modifying asset ownership based on software, service, or vulnerability query results is resolved.
• An issue where dynamic content did not have the header Cache-Control: no-store has been resolved.
• A bug has been fixed that could cause scans to be dropped with explorer failed to queue task when the Explorer was already handling the configured maximum number of simultaneous scans.
• A bug causing the task start time to be shown for the scan start time has been resolved.
• A bug that could prevent the creation of new goals has been resolved.
• A bug that could prevent those with the annotator role from viewing or modifying Asset Ownership has been resolved.
• An issue that could prevent navigation to the Account settings page has been resolved.
• A bug causing JavaScript errors to be thrown when adding or editing Google Workspace connector tasks has been resolved.
• A bug with thumbprint validation for the LDAP integration has been resolved and the related error messages have been improved.
• A bug where the link to help for query syntax led to a missing page has been resolved.
• A bug preventing the Explorer interface and addresses from being populated has been addressed.