Nucleus Release - May 19, 2021
Synack Connector
Announcing our latest Bug Bounty connector: Synack. With the new Nucleus / Synack Connector, the gap between vulnerability management and crowdsourced security testing is much smaller. You can now easily (and automatically!) inject Synack sourced security testing data into your vulnerability management process so that you can manage both sets of data in the same VM process.
Remember that connector builds are based on customer requests, so be sure to let us know if there are connectors that you’d like to see built, and hit that subscribe button to see when they’ll be coming to your Nucleus instance.
Editing Custom Findings After Creation
We’re committed to improving our ability to deliver on application security and penetration testing workflows for our customers, so in this release, we’ve added the ability to do something that a lot of you have been asking for, which is to edit ALL fields of custom findings once the custom finding has been created.
Previously if you wanted to update Port/Service information for a custom finding, you would have to create a new instance of the custom finding, forcing you to copy and paste data from another instance. But now you can keep your finding record intact while changing the location of the custom finding instance itself.
Easier Filtering
We’ve continued to make it even easier to extract the specific information you are looking to use in other systems with updates to filtering on both the Active Vulnerabilities and Asset Management pages. One place of note, in particular, is that you can now use a custom date selector to filter the discovered and last seen dates for vulnerabilities on the Active Vulnerabilities page, giving you more targeted metrics for reporting purposes.
For example, do you want to know which vulnerabilities were discovered in your environment before the Mayan calendar ended?
Or how about vulnerabilities that haven’t been scanned for since you last moved out of your parents’ house? We’ve got you. Just use the new custom date range filter.
Asset Merging
In this release, we’ve made asset merging a little easier for all. Now when two assets are merged in the UI, we’ll automatically update the new merged asset to include secondary matching information from the asset that was merged in. This means that after two assets are merged, future asset ingests won’t result in the old assets being created again!
Connector Improvements
This release comes with a slew of improvements to existing connectors – there’s a little of something for everyone.
Some highlights include being able to import all containers, hosts, and deployed images in one go from Prisma Cloud as well as setting additional metadata on assets from Bug Crowd. Scroll down to see a full list of connector changes.
Complete list of changes and bug fixes…
NEW There is a new Synack connector for ingesting bug bounty vulnerabilities.
UPDATE You can now use a custom date selector to filter the discovered and last seen dates for vulnerabilities on the Active Vulnerabilities page.
UPDATE The Bug Crowd connector now sets additional metadata on assets.
UPDATE Now when assets are merged the merge is permanent by default. Secondary matching information is updated to include primary information (such as asset name or IP address) from non-primary assets automatically unless disabled during the merging of the assets.
UPDATE The Prisma Cloud connector has been updated to ingest at a much faster rate with more input from users on what specifically to import.
UPDATE The vulnerability details excel report has been updated to include the Asset Owner field on the Scan Data tab as well as the vulnerability’s exploitability and user comments on each Severity tab.
UPDATE You can now identify vulnerabilities that already have comments from the Active Vulnerabilities page.
UPDATE Custom finding instances on device assets can now be edited to change the service or port after creation.
UPDATE Miscellaneous optimizations to improve the speed of automation rules and asset counting.
UPDATE Asset search on Asset Management page filtering now allows for special characters.
UPDATE Qualys WAS Scan ingestion now includes setting the HTTP request body if provided.
UPDATE You can now specify regions for vulnerability ingest rules for the AWS connector.
UPDATE Improvements to the speed of asset synchronization and vulnerability ingestion for the AWS connector.
UPDATE Ingestion of vulnerabilities from Rapid7 InsightVM and Nexpose now also set the vulnerability’s exploitability based on additional criteria from Rapid7.
UPDATE When ingesting OWASP Dependency Check scan files, an Informational finding for files with no vulnerable dependencies is no longer created.
UPDATE Extended support for additional columns in Alertlogic scan files.
UPDATE The Nucleus Custom Finding JSON file now supports setting exploitability as a boolean value in addition to a string.
BUG FIX Filtering for an unknown operating system in the Asset Management page now also includes operating systems that are set as Unknown.
BUG FIX The Assetnote connector now links to the correct support page.
BUG FIX In limited situations vulnerabilities ingested from Assetnote would not set the instance path.
BUG FIX Improvements to the way that dynamic fields are applied to asset groups in asset processing rules.
BUG FIX In limited situations the vulnerability description and recommendation for Sonatype NexusIQ vulnerabilities was not comprehensive.
BUG FIX In limited situations container images ingested from Prisma Cloud would have empty brackets appended to the container path.
BUG FIX The Sonatype NexusIQ connector no longer allows for importing of unsupported scan types.
