Platform Improvements: Nessus, Qualys and Burp

Improved Nessus CVSS Scoring

In our ongoing efforts to provide seamless integration and data accuracy, we’ve introduced an important enhancement for Nessus imports in the platform.

Key Features:

1. Automated CVSSv3 Ratings: Where available, Nessus imports will now automatically use CVSSv3 ratings.
2. Fallback Mechanism: In the absence of CVSSv3, the platform will default to CVSSv2 ratings and, ultimately, to the default rating from Nessus.
3. Aligned Risk Ratings: Ensure that risk assessments in the platform are consistent with those in your Nessus console.

By automatically reverting to CVSSv3 ratings, this enhancement addresses the discrepancies between Nessus and the platform, particularly where the platform previously defaulted to CVSS v2.0 scoring. Upon importing Nessus results—whether via file, manual API, or auto-import—the platform will intelligently analyse the content and use the appropriate scoring version.

Enhanced Qualys WAS Pagination and Search

With the latest update, we’ve made some valuable improvements to the Qualys WAS integration in the platform to enhance your experience.

Key Improvements:

• Scan Name Search: Users can now search for specific scan names when using the manual API import option for Qualys.
• Dropdown for Scan Result Duration: A new dropdown feature allows users to select the duration for which the platform will search scan results. Options range from 1 day to 3 months, with 3 months being the default setting.

These improvements make it easier to locate and import specific scan results, providing you with more control and flexibility when working with Qualys WAS data.

Enhanced Burp Enterprise Imports

Continuing our commitment to providing actionable insights for better cybersecurity decision-making, we’ve improved the import functionality for Burp Enterprise in the platform.

Key Improvement:

• Inclusion of Request and Response Excerpts: Now, imports from Burp Enterprise will contain any available Request and Response excerpts. This provides users with more comprehensive information, facilitating a deeper understanding and more effective remediation.

This enhancement ensures that you have all the relevant data at your fingertips, empowering you to make informed decisions regarding vulnerabilities and their remediation.

Refined User Assignment Modal

To make the user assignment process more intuitive, we’ve made some adjustments to the “Confirm Assignment” modal within the platform.

Key Improvement:

• Clearer Wording and Labels: The updated modal now features refined wording and button labels, asking users whether they’d like to assign the selected user(s) to “All Instances” affected by the issue, or only to those that are “Unassigned.”

This enhancement simplifies the user assignment process, providing clearer choices to ensure that the right individuals are tasked with issue remediation.

Follow us on LinkedIn for more information about Rootshell Security and all the latest updates.

Get in touch with us to learn more about our platform today.