What's new on Nucleus Security

Nucleus is the leading Vulnerability Management platform for Large Enterprises, MSPs/MSSPs, and Application Security Teams that want more from their vulnerability management tools.

New
March 26, 2021

Nucleus Release - March 25, 2021

Vulnerability Due Dates

As organizations mature their vulnerability management programs, it has become increasingly common (and necessary) to set and track Service Level Agreements (SLAs) for how and when a vulnerability is treated. This can be particularly helpful in large organizations, where security policies define expected remediation effort and timelines for different classes of vulnerabilities in different situations.

In this release we’re introducing our first foray into SLAs, Vulnerability Due Dates. Vulnerability Due Dates allow you to set when remediation efforts on vulnerabilities must be completed by, and track and report on vulnerabilities that are approaching their due date or have exceeded that date.

Using the Nucleus Automation Engine, you can create vulnerability processing rules which, based on all of the available vulnerability and asset criteria, enable you to automatically set due dates for vulnerabilities. Rules can be configured to set the due date as a set number of days, weeks or months from the time of ingestion, or the vulnerability’s discovered date.

Once set, you can identify and measure vulnerabilities in the Active Vulnerabilities page by due date, including whether a due date is not set, when a vulnerability is due within days, weeks or months, and when vulnerabilities are overdue!

Assetnote

This release we’re excited to announce a new connector with Assetnote! Assetnote is an Attack Surface Management platform that identifies an organisations external facing systems and continuously monitors those systems for exploitable vulnerabilities.

We’ve worked closely with the team at Assetnote to create a connector that integrates with the Assetnote Notification Pipeline so that when assets and vulnerabilities are discovered across your environment, they surface in to your Nucleus project(s) in real time. When combined with the Nucleus Automation engine, you can create powerful and intelligent rules to suit your specific use case.

Read about setting up the Assetnote connector here.

Quick Filters and Bulk Edits for Active Vulnerabilities

The Active Vulnerabilities page has received a face lift to ensure that you are able to identify and track the vulnerabilities that matter most. We’ve introduced an updated Quick Filter pane at the top of the page that shows you rolled up numbers of vulnerabilities based on different tracked metrics. Using these filters, in one click you can drill down to the vulnerabilities that are most important to you.

We've also added the ability to multi-select vulnerabilities on the Active Vulnerabilities list, as well as a Modify menu to bulk update attributes of vulnerabilities. Currently we only support setting due dates in bulk, but you should be on the lookout for other actions such as setting: severity, status, and exploitability in bulk in the future as well.

Additionally, we’ve also updated the Source column with vulnerability source tool icons to make it easier for you to quickly identify where a vulnerability came from.

Asset Certificate Summary View

We added a Certificate Summary view to the Assets menu to make it easy to view and report on certificates. This view includes all the usual filters for quick drilldowns. Plus, you can export to a downloadable report in one click.

Complete list of changes and bug fixes

  • NEW You can now set when a vulnerability is due by Automation rules and manually in the UI.
  • NEW There is a new Assetnote connector.
  • NEW There is now an asset certificate summary page to view all certificates on all identified hosts.
  • UPDATE The Active Vulnerabilities page’s top pane has been updated with improved quick filters, showing unique and all instances of vulnerabilities.
  • UPDATE The vulnerability details excel report now includes an exploitable column.
  • UPDATE The Qualys connector now ingests all exploitability information into the vulnerability description.
  • UPDATE Source code repository branches and container image repository tags no longer count towards individual asset counts. I.e., one application license is consumed for one source code repository and one container image repository.
  • UPDATE Vulnerability source tools now use icons.
  • UPDATE There have been speed improvements to calculating and displaying vulnerability analytics.
  • BUG FIX In certain circumstances scan imports from Prisma Cloud were not matching vulnerabilities correctly.
  • BUG FIX Group imports from Qualys now work even if there is no WAS account access.
  • BUG FIX There was an issue with OWASP scan imports creating too many findings for non-vulnerable informational findings.
  • BUG FIX There was an issue with importing the same asset multiple times from Microsoft Defender for Endpoint.
  • BUG FIX There was an issue with calls to Microsoft Defender for Endpoint timing out in certain situations.
  • BUG FIX Occasionally Nested Asset groups were not showing correctly when assets were ingested from Qualys.
  • BUG FIX In certain situations asset decom rules were not applying to assets with Assessments.
  • BUG FIX Nested asset groups that didn’t exist when setting an asset processing rule weren’t nesting correctly 100% of the time.
  • BUG FIX There was an issue where scans with specific attributes within zip files not always ingesting correctly.
Read More
emoji negative reaction for 'Nucleus Release - March 25, 2021' emoji neutral reaction for 'Nucleus Release - March 25, 2021' emoji positive reaction for 'Nucleus Release - March 25, 2021'
Thank you for your feedback.
New
March 16, 2021

Nucleus Release - March 16, 2021

Phew. It’s been a great start to the year here at Nucleus Security with another release jam packed full of new functionality. See below to find out more!

Ticketing Automation

In this release we have turbo-charged our ticketing automation functionality so you can get more out of ticket workflow management.

Tickets that have been raised using one of our ticketing connectors are now responsive to changes in the vulnerability source tool. For example, when a new instance of a vulnerability that has been previously raised in an open ticket is found, that existing ticket will be automatically updated with new information. What’s more, you can optionally have a ticket close in the downstream system when it’s been identified as remediated in Nucleus!

It’s now also easier to retrospectively run ticketing rules over existing data sets. This means that if you decide to turn on ticketing in a Nucleus project later down the line, you can raise tickets against existing vulnerabilities that match your ticketing rule at the tap of a button.

Finally, where supported within the ticketing system, Nucleus will automatically upload a csv file containing all of the affected assets for easier data export and parsing by support teams. We hope that this change will make it simpler to remediating vulnerabilities for technical teams.

Notifications

We’ve made a change to our notifications section which we hope you’ll agree, make a lot more sense: we’ve moved the automation rule configuration for chat connectors to the Notifications section within Automation, rather than Ticketing & Issue Tracking.

We’ve also released a brand new connector for Microsoft Teams. This one has been asked for by a lot of customers, so if you haven’t yet had a chance to check it out, do so today!

API & Nucleus Custom File Schema

There are a few improvements to the Nucleus Custom File Schema, making it easier to get asset and finding data in to Nucleus:

  • the scan date can now also include the timezone
  • secondary hostnames and ip addresses can be set for host assets
  • you can now pass HTTP requests and responses within a finding encoded using base 64, which Nucleus will automatically decode

The API has also been updated to return a container image’s tag, repository URL, digest and distro when querying for assets.

Multi Factor Authentication via TOTP

This release we’ve introduced improved support for Multi Factor Authentication (MFA) by enabling the use of TOTP tokens for users. User can now configure a TOTP token by navigating to their User Profile, selecting the 2-Factor Auth tab and following the steps to set it up with their app of choice (e.g. Google Authenticator).

Connector Changes

Tenable.io & Tenable.sc

The Tenable.io connector now supports ingesting by asset tag and network in addition to the existing ingestion by scan functionality. This update makes the connector far more flexible, as you can now ingest large volumes of data across different scan types using a single tag.

The Tenable.sc connector has similarly been updated to also be a host-based connector. In addition to importing by asset, this connector can now leverage Queries to import vulnerabilities in to a Nucleus project using custom logic that is defined in your instance of Tenable.sc.

Both connectors have also been updated to improve the speed of vulnerability ingestion, and to ingest any additional asset information as Additional Metadata, which can be used as asset criteria in Automation rules.

Note: Tenable has decommissioned the API’s which are used for ingesting by scan in both Tenable.io and Tenable.sc. Nucleus will continue to support ingesting by scan until these scan API’s have been removed. Consequently we highly encourage customers to migrate existing vulnerability ingestion automation rules to leverage one of the new ingestion methods.

SonarQube & SonarCloud

The SonarQube and SonarCloud connectors have both been updated to allow for more configurability on import. Now when setting up the connector, you can choose which types of findings (vulnerabilities, security hotspots, bugs and/or code smells) to import in to Nucleus.

We’ve also updated the connectors to ingest far more data in to Nucleus:

  • asset ingesting is now branch aware so that vulnerabilities appear in the asset’s correct branch in Nucleus
  • additional asset information is now ingested as Additional Metadata, which can be used as asset criteria in Automation rules
  • the Sonar vulnerability database is synchronised with Nucleus so that each vulnerability has a lot more information such as code examples and relevant links.

Qualys WAS

We’ve made some minor updates to the Qualys WAS connector to improve the speed of import. The connector now also ingests CVSSv3 scores for each vulnerability where available.

Complete list of changes and bug fixes

  • NEW There is a new Microsoft Teams connector.
  • NEW Tickets can be automatically closed once remediated in Nucleus
  • NEW Tickets will automatically update when new instances of the same vulnerability are identified
  • NEW Tickets now include a CSV file containing affect assets
  • NEW Ticketing rules can be run retrospectively against all existing vulnerabilities
  • NEW We now support MFA by TOTP.
  • NEW The Tenable.io connector now allows import by asset tag and network.
  • NEW The Tenable.sc connector now allows import by asset and query.
  • NEW The Tenable.io, Tenable.sc, SonarQube and SonarCloud connectors now ingest additional asset information as Additional Metadata.
  • NEW The Nucleus Custom Finding schema now supports setting a timezone in the scan date.
  • NEW The Nucleus Custom Finding schema now supports setting secondary hostnames and ip addresses for host assets.
  • NEW The Nucleus Custom Finding schema now supports sending HTTP requests and responses encoded as base 64.
  • NEW There is now an Any vs All selector for Asset Groups for the reports Custom Vulnerability Summary, Custom Vuln Details and Executive Brief.
  • UPDATE The Tenable.io and Tenable.sc connectors have been updated to ingest data more quickly.
  • UPDATE The SonarQube and SonarCloud connectors are now branch aware.
  • UPDATE The SonarQube and SonarCloud connectors now show more vulnerability information such as code examples and links.
  • UPDATE The Qualys WAS connector has been updated to ingest data more quickly.
  • UPDATE The Qualys WAS connector has been updated to ingest CVSSv3 scores where available.
  • UPDATE The Executive and Technical reports now mark passed and failed compliance findings as green and red respectively.
  • UPDATE Vulnerability criteria for ticketing automation rules now include vulnerability description, vulnerability solution, vulnerability discovered date, Nucleus risk score, CVE, CVSS score and RF (Recorded Future) score.
  • UPDATE Querying asset information from the API now also returns container information if relevant/available.
  • UPDATE The Microsoft Defender for Endpoint connector has been updated to use CVSS scores to set the severity rather than Microsoft’s custom severity.
  • BUG FIX In rare circumstances certain hosts were not importing correctly from Tenable.io.
  • BUG FIX In rare circumstances when creating tickets the Jira connector would time out.
  • DEPRECATED Vulnerability ingestion by scan for both the Tenable.io and Tenable.sc connectors have been deprecated.
Read More
emoji negative reaction for 'Nucleus Release - March 16, 2021' emoji neutral reaction for 'Nucleus Release - March 16, 2021' emoji positive reaction for 'Nucleus Release - March 16, 2021'
Thank you for your feedback.
Create your own newsfeed