runZero 3.5 Automatic asset ownership mapping

|
Updated

What's new with runZero 3.5? #

Automatic asset ownership mapping and tracking #

runZero Enterprise customers can now track asset ownership automatically using existing integrations, configurable rules, and customizable ownership types. The default ownership type, Asset Owner, is automatically populated by supported integrations, and can be used as-is, renamed, reordered, or hidden through the new Ownership section in the user interface. Alert Rules can be used to automatically assign owners to assets based on inventory search criteria (subnet, operating system, tag, site, etc.). Ownership coverage is shown on the dashboard, queryable via inventory searches, and can be customized per-asset in the asset detail view. Learn more about asset ownership or check out the following interactive demonstration.

Integration performance and scalability #

The 3.5 release delivers the following performance and scalability improvements to runZero integrations:

  • The AWS integrations now store associated AWS account IDs in the asset attributes.
  • The Qualys integration has been improved to better handle API rate limiting.
  • The InsightVM connector now supports longer timeouts for large sites and slower consoles.
  • The Nessus file importer now handles data files without vulnerability details.
  • The CrowdStrike connector now avoids asset duplication when processing large datasets.
  • The CrowdStrike connector now handles larger datasets with lower resource usage.
  • The Microsoft 365 Defender connector now reports details on failed upstream API calls.

Additionally, this release also includes the following integration bug fixes:

  • A bug that reported an incorrect match.probe for Qualys assets has been resolved.
  • A bug that could cause large InsightVM imports to fail has been resolved.
  • A bug where integrations using the Microsoft Graph API may have their token expire between paged responses has been resolved.
  • A bug that could lead to asset duplication in Tenable, InsightVM, and Qualys imports has been resolved.
  • A bug that could lead to duplicate assets from CrowdStrike has been resolved.
  • A bug that could prevent very large CrowdStrike syncs from completing has been resolved.
  • A bug that could cause CrowdStrike vulnerability imports to fail due to session expiration has been resolved.
  • A bug that could cause the CrowdStrike connector to fail when missing Spotlight permissions has been resolved.

User interface improvements #

The 3.5 release includes several changes to the user interface to improve the performance of the runZero console.

Newly designed Tasks page

The newly designed Tasks page provides an overview of all active scans, connectors, and processing tasks, with a responsive layout and live updates as jobs run. This change should come as a welcome update for folks with complex and sprawling environments.

runZero Tasks Overview

Selecting a specific task will show the current progress for both the data collection and processing phases, as well as child tasks when a recurring task has been selected.

runZero Task Details

Safely update stored credentials

Stored credentials can now be safely updated. The 3.5 release brings a new interface for credential updates that allows non-secret parameters to be viewed and modified, while secret parameters can be updated, but not viewed. Credentials can now be verified directly from the interface, with an option to skip validation where a direct test is not possible.

runZero Credential Update

Improved dashboard and reporting performance

The dashboard has been overhauled to improve performance, especially for organizations with dozens of sites and hundreds of thousands of assets. In addition to the dashboard, the Subnet Utilization, Asset Attribute, and Service Attribute reports have also been reworked to provide faster results across large sites.

runZero Dashboard

New protocols and fingerprints #

The runZero scanner now supports the Bitdefender, NDMP, Munin, MySQL X, and Spotify Connect protocols over TCP, improved support for capturing Telnet banners and improved OS/firmware detection via BACnet UDP probe, and introduced new UDP probes for CoAP, Minecraft Bedrock, L2TP, Dahua DHIP, KXNnet, Webmin, and the PlayStation discovery protocol. Common non-unique virtual MAC addresses related to Fortinet virtual interfaces, Juniper switches, and Project Calico systems are now excluded automatically. The scanner will now automatically parse processes and services from systems running Checkmk agents.

SNMP fingerprinting of Huawei, Hikvision, Fortinet, and WatchGuard device models was substantially increased. Additional fingerprints covered include products by ACTi, Alibi, Allied Telesis, Amazon, Anker, APC, Araknis Networks, Aruba Networks, Atlona, Audio Enhancement, AXIS, Bachmann, Bang & Olufsen, BeyondTV, Bodet, Bosch, Bose, Cacti, Canon, Cisco, CommScope, CP Plus, Crestron, Dahua, Dell, Eaton, Elgato, Everfocus, Google, Haier, HCC Embedded, Hillstone Networks, Hitron Technologies, Honeywell, HP, IndigoVision, Integra, MediaKind, Meraki, Mercury Security, Microsoft, Mitel, Netgear, Onkyo, OpenWRT, Palo Alto Networks, Panasonic, Pelco, Pioneer, Polaroid, Poly, Raisecom, Riverbed, Samsung, SharkRF, Sangoma, Sharp, Shelly, Soniq, Sony, Speco Technologies, SpinetiX, Synology, Technicolor, Tintri, Toshiba, TP-Link, Turck, Ubiquiti, VivoTek, Vizio, W Box Tech, WatchGuard, Western Digital, Yamaha, Yealink, Zoho, ZTE, and Zyxel.

New Rapid Response queries #

During the 3.5 release, queries were added to quickly identify Lexmark printers and to locate ESXi servers missing a critical patch.

Release notes #

The runZero 3.5 release includes a rollup of all the 3.4.x updates, which includes all of the following features, improvements, and updates.

New features #

  • The Asset Ownership feature allows you to manage asset owners across your asset inventory.
  • The task page has been redesigned for improved user experience.
  • A new canned query for VMware ESXi servers that could be targets of the ongoing ESXiArgs ransomware campaign has been added.
  • The scanner now parses running processes and services from checkmk.
  • Stability and performance of third-party asset correlation has been improved.
  • Fingerprint updates.

Product improvements #

  • A new canned query for Lexmark printers which may be vulnerable to CVE-2023-23560 has been added.
  • The scanner interface selection logic has been improved.
  • Public API endpoints to export directory users and groups have been added.
  • The Last checkin column on the Registered Explorers table has been renamed to Online status.
  • Task details pages now include a Created by column.
  • A new canned query for surfacing cloud compute assets with GPU hardware has been added.
  • Queries now include an option to limit results to only live assets.
  • Asset matching based on attributes is more consistent across lossy networks.
  • Excluded scan targets are now no longer matched or marked as offline.
  • Site imports now automatically trim trailing whitespace from CIDRs.
  • Asset inventory searches with the mac keyword have been improved to support the Cisco MAC address format and additional delimiter characters.
  • The consistency of matching based on asset attributes has been improved.
  • Service exports now include a service_id field.
  • New scans and recurring scans can now be saved even when the current license has been exceeded.
  • Confirmation dialogs for removal actions are now more consistent across the product interface.
  • Modifications to recurring scans with a past start date will no longer immediately launch a task.
  • Self-hosted installations of runZero now support inclusion of custom JavaScript in UI web pages.
  • The organization and client switching dropdown menus can now be filtered if there are more than 5 organizations or clients.
  • Registered API clients now show the user that created them.
  • The formatting of dashboard category reports has been improved.

Integration improvements #

  • Amazon Web Service account IDs are now visible in a new per-asset attribute.
  • Support for importing Nessus files without vulnerability details has been improved.
  • Microsoft 365 Defender tasks now report details on failed upstream API calls.
  • The help text on Google Workspace credentials has been improved.

Bug fixes #

  • A bug that could cause early removal of Tenable assets has been resolved.
  • A bug that could cause attribute reports to export incorrect data has been resolved.
  • A bug that may prevent the mDNS probe from completing has been resolved.
  • A bug that would allow you to save an invalid URL in credential forms has been resolved.
  • A bug that could prevent creation of new self-hosted clients has been resolved.
  • A bug that could result in a 500 error on the dashboard when selecting a site with no existing metrics has been resolved.
  • A bug that could prevent updating payment information has been resolved.
  • A bug that could prevent searching for tasks associated with deleted sites has been resolved.
  • A bug that could display an incorrect value for Explorer architecture in the console has been resolved.
  • A bug that could cause the asset CSV export to fail for some users has been resolved.
  • A bug that could intermittently prevent scan completion when scanning IPv6 endpoints with the mDNS probe enabled has been resolved.
  • A bug that prevented highlighting outlier attributes on the asset details page has been resolved.
  • A bug that could prevent the creation of new offline assets has been resolved.
  • A bug that could cause paused tasks to fail when unpaused has been resolved.
  • A bug that could cause assets to be duplicated has been resolved.
  • A bug that could prevent manually merging some assets has been resolved.
  • A bug that could cause incorrect project expiration information has been resolved.
  • A bug that could cause an excess of temporary files in self-hosted installations has been resolved.
  • A bug that could prevent asset attribute imports from reporting all results has been resolved.
  • A bug that prevented the latest Windows Explorers from embedding npcap has been resolved.
  • A bug causing the scan setup page to scroll to the right during the product tour has been resolved.
  • A bug where integrations using the Microsoft Graph API may have their token expire between paged responses has been resolved.
  • A bug that could prevent successful import from Shodan has been resolved.
  • A bug that prevented InsightVM connector options from persisting correctly has been resolved.
  • A bug that could result in incorrect processing of wireless entries has been resolved.

Written by HD Moore

HD Moore is the founder and CEO of runZero. Previously, he founded the Metasploit Project and served as the main developer of the Metasploit Framework, which is the world's most widely used penetration testing framework.

More about HD Moore
Subscribe Now

Get the latest news and expert insights delivered in your inbox.

Welcome to the club! Your subscription to our newsletter is successful.


Related Articles

runZero Insights
Ensure compliance with DORA’s ICT risk framework using runZero
Learn how to uncover unmanaged and unknown assets— including IT, OT, and IoT— to meet DORA's hidden risk requirements using runZero.
Life at runZero
Employee Spotlight: Doug Markiewicz
Doug Markiewicz is a strategic Customer Success Engineer with a passion for solving complex cybersecurity problems. Learn more about his journey as...
runZero Insights
Evolving from IT to IoT: Flax Typhoon preyed on the lesser knowns
A look at Flax Typhoon's latest operations, and how runZero’s unknown and IoT asset visibility can help calm the storm for security teams.
runZero Insights
How runZero finds unmanaged devices on your network
How do you find unmanaged devices on your network when they aren't accounted for? Learn how you can use runZero to find unmanaged devices on your...

See Results in Minutes

Get complete visibility into IT, OT, & IoT — without agents, credentials, or hardware.

© Copyright 2024 runZero, Inc. All Rights Reserved