CISA KEV, EPSS, & Queries!
Vulnerability enrichment and visibility just got better! New integrations with the CISA Known Exploited Vulnerability (KEV) catalog and the Exploit Prediction Scoring System enable you to track vulnerabilities that are known to be exploited in the wild or that are very likely to be exploited given their characteristics.
Head over to the runZero Platform and use kev:true to find assets and vulnerabilities that match the catalogs from CISA (and other KEV lists in the near future), kev:cisa to search specifically for CISA KEV items, or epss:>score to match EPSS values. Any vulnerabilities or assets identified by the KEV queries or that have an EPSS score above 0.9 should be considered a high priority for further investigation.
For bonus points, these updates also included major performance enhancements for “cve” keyword queries of asset inventories. Go check it out and let us know what you think!
Cisco Meraki Cloud Integration & Topology
runZero now integrates with Cisco Meraki Cloud. This addition imports your devices, clients, and topology into the runZero user interface. The runZero Switch Topology report now overlays Meraki cloud data with SNMP scan data, giving you the best of both worlds, especially in hybrid environments.
User Experience Improvements
runZero dashboards have been updated to improve your user experience and to provide enhanced functionality. Dashboard layouts can now be fully customized using our widget library, and a new customizable bookmarks widget ensures you can quickly access your favorite reports, views, and external websites. Plus, dashboards can now be exported in CSV and PNG formats to make them easy to share.
A new theater/kiosk mode and fullscreen display options have also been added, and adjusted colors throughout the product are designed to improve accessibility, legibility, and consistency. Tables now support a mono-spaced font variant and offer text casing preferences via the "Prefs" dropdown so you can find the one that works best for you.
Other Notable Enhancements
You can always get real-time updates on everything we’re releasing in our documentation center, but here are some additional highlights that you won’t want to miss:
- Thousands of new fingerprints, additional discovery protocols (including XDMCP, Syslog, and improved EtherNet/IP support), and end-of-life data for additional OSs have been added.
- Automatic subdomain discovery via the domain: scan keyword now returns more results across more domains.
- The runZero scan engine now supports Microsoft SQL Server enumeration via TDS version 8.
- Microsoft Graph API integrations (AzureAD/EntraID, Defender 365, Intune) now support arbitrary $filter parameters.
