February 2026
New Features
Auto Asset Decommissioning
We’ve introduced Auto Asset Decommissioning, a powerful new capability designed to keep asset inventories accurate, relevant, and free from noise, particularly for environments with high asset churn.
Overview
Auto Asset Decommissioning allows the platform to automatically decommission assets that have not been tested or checked in within a configurable timeframe. This removes the need for manual clean-up and ensures reporting reflects only assets that are actively present in the environment.
Key Capabilities
New Settings Page: A dedicated Auto Asset Decommission page is available within the Settings menu.
Global Control: Enable or disable auto-decommissioning at any time with a single toggle.
Service-Specific Thresholds: Configure inactivity timeframes per service type, including Managed Vulnerability Scanning, Penetration Testing, Red Team Assessment, Ransomware, and ASM.
Customisable Defaults: Sensible default thresholds are provided and can be overridden to suit operational needs.
Automatic Enforcement: Assets that exceed the configured inactivity period are automatically decommissioned.
What Happens to Decommissioned Assets
Removed from active dashboards and reports.
Retained in audit and history logs for full traceability.
Reflected consistently across APIs and reporting outputs.
Logged with system notifications to maintain visibility and accountability.
This feature brings Rootshell in line with industry-standard asset hygiene practices, significantly reducing operational overhead and ensuring asset data remains accurate and actionable at scale.
ServiceNow Ticketing Integration with SSO (OAuth)
We’ve added a new authentication option for the ServiceNow ticketing integration, supporting SSO-enabled ServiceNow instances via OAuth.
Overview
In addition to the existing username and password method, users can now connect ServiceNow using OAuth. This enables secure, modern authentication aligned with ServiceNow SSO configurations and enterprise security standards.
Key Details
OAuth-Based Connection: Configure ServiceNow using host, client ID, client secret, and redirect URL.
Dual Support: Both authentication methods are supported in parallel, allowing flexibility during transition.
Future-Proofing: The username and password method is planned for deprecation in 2026, making OAuth the recommended approach going forward.
This update ensures continued compatibility with ServiceNow environments while improving security and aligning with modern authentication practices.
Platform Improvements
ConnectWise Ticketing Integration
We’ve delivered several improvements to the ConnectWise Manage integration to enhance usability, compatibility, and export reliability.
What’s Improved
Expanded Board Selection: The board dropdown now supports more than 100 boards, with the ability to search by typing for faster selection.
Ticket Title Trimming: Ticket titles are now automatically trimmed to 100 characters to meet ConnectWise limits and prevent export failures.
Flexible Host URL Validation: Host URL validation has been relaxed to support ConnectWise instances using custom or non-standard domains.
Optional Board Statuses: Board statuses are now optional during setup, allowing exports to boards without predefined statuses.
⚠️ Note: If no closed status is configured, the platform will be unable to automatically close tickets via bi-directional sync.
These updates improve reliability and flexibility when working with ConnectWise across diverse customer environments.
Bulk Ticket Creation from Affected Instances Across All Integrations
We’ve extended bulk ticket creation to support all connected ticketing systems directly from the Affected Instances view. Users can now select multiple affected instances and export them as individual tickets to Jira, ServiceNow, Freshdesk, ConnectWise, or TOPDesk in a single action.
This enhancement removes repetitive manual steps, significantly speeding up workflows where many affected instances need to be raised as separate tickets, while retaining the correct context for each instance.
Enhanced IP Allow listing Warning Modal
To help prevent accidental service disruption, we’ve enhanced the IP allow listing workflow with a new warning modal when allow listing is enabled.
What’s Improved
When a user enables IP allow listing, the platform now presents a clear prompt reminding them to:
Review and confirm that all required supplier IP addresses are included.
Acknowledge that enabling allow listing without these entries may disrupt active assessments and delay report delivery.
Why This Matters
This improvement helps avoid unintended access blocks during critical assessment phases, supporting smoother collaboration and reducing the risk of delays against agreed SLAs.
This small but important safeguard improves reliability and transparency when managing network access controls.
Enhanced CVSS Score Filtering
We’ve improved issue filtering by extending CVSS score filters to support multi-select options, bringing them in line with the existing Risk Rating filters.
What’s New
Multi-select CVSS filtering allows users to select multiple score ranges in one view.
Filter issues by CVSS score thresholds such as “7 and above”, rather than relying solely on High or Critical risk ratings.
Works consistently with existing filtering behaviour across the platform.
Why This Matters
This enhancement gives users greater precision when identifying impactful vulnerabilities, particularly for compliance-driven use cases such as Cyber Essentials, where CVSS thresholds are more relevant than risk ratings alone.
