Platform

Rootshell Platform – Patch Notes July 2024

10 min read
Stay ahead of the game
Loading

click here to copy URL

November 2024

Application Features

New Features

Data Archiving for Enhanced Performance

Summary: In response to the growing datasets of our long-term clients and the observed impact on system performance, we are introducing a new data archiving feature. This feature will allow users to manage the accumulation of data from MVS projects and other areas by enabling the archival of scan data over configurable periods. This enhancement is designed to improve the speed of data retrieval and the overall performance of the platform.

Key Enhancements:

  • Configurable Archiving Settings: Users can now set archiving timelines specific to each service offering within their tenant. This will help in managing data more effectively and maintaining platform performance.

  • Improved Query Performance: By limiting the data queries to a user-defined period (e.g., last 6 months, 12 months), the system will perform more efficiently, reducing the time taken to calculate compliance and view affected hosts.

  • Service-Specific Default Settings: Initial default settings for archiving include:

    • MVS: 12 months

    • Penetration Testing, Ransomware, Red Team Assessment: Each set to 2 years

User Story: Users requiring daily import of scans will benefit from this feature, as it ensures that regular importing does not compromise the platform’s performance.

How to Use: Navigate to the settings menu and then select Data Queries option within your tenant to configure the archiving settings for each service. Users can adjust the timeline according to their specific needs, choosing from several predefined intervals or specifying a particular number of scans. There is also a project-based option to set data to archive, allowing for greater control over individual project data management.

Acceptance Criteria: Users are able to:

  • Configure the archiving timeline for each type of service offering within their tenant.

  • Apply these settings to ensure that the database queries consider only the relevant, user-defined data range, enhancing performance.

  • Select individual projects and phases/scans to be manually archived.

Enhancing System Efficiency: With the introduction of data archiving, we are committed to providing a scalable solution that accommodates the growing needs of our users without sacrificing performance. This feature will help maintain a high level of system responsiveness and efficiency, even as data volume grows.

Custom Import Frequency Settings for Scanner Integrations

Summary: To address the challenges posed by some supported scanner API rate limits, we are introducing a new feature that allows users to customize the frequency of their auto-import calls. This feature is designed to optimize API usage and prevent exceeding the restrictive API limits set by some scanner providers, thus enhancing integration efficiency.

Key Enhancements:

Customizable Import Frequencies: Users can now set custom frequencies for their checking of data imports from integrated scanning providers at the tenant level. This flexibility helps manage API calls more efficiently.

Default and Individual Importer Settings: Users can set a default API import checking frequency that applies to individual scanner integrations.

User Story:

  • As a user utilizing Qualys, I want to be able to set a default API chek import frequency for my tenant that optimizes API usage, ensuring efficient operations without hitting API rate limits.
  • As an end-user employing Qualys for vulnerability data imports, I need the ability to adjust the polling frequency to once or twice a day to stay within the entry-level API limits.

How to Use: Users can manage their import settings by adjusting the settings for individual scanner integrations within the Connected Accounts page.

Acceptance Criteria: Users should be able to:

  • Customize the API check import frequency for individual scanner integrations within Connected Accounts.

Enhancing Integration Flexibility: This new feature significantly enhances the flexibility of our scanner integrations by allowing users to tailor the frequency of imports. By enabling efficient management of API utilization, we help ensure that our clients can maintain optimal operation of their vulnerability management processes without exceeding API limits and also provide protection for any existing scanning providers that may impose these API restrictions.

Support for Qualys WAS Reports Integration

Summary: Expanding on our current integration with Qualys VM (Vulnerability Management) reports, we are excited to announce the addition of support for Qualys WAS (Web Application Scanning) reports. This new feature aligns with the Qualys Web Application module, providing enhanced capabilities for importing and managing web application scans.

Affected Platform Area: This update specifically enhances our existing Qualys Integration by incorporating the web application scanning component.

Key Enhancements:

  • Comprehensive WAS Report Support: Users can now import Qualys WAS reports into the platform, allowing for the consolidation of web application vulnerability data.
  • Streamlined Integration Process: The integration process for WAS reports is implemented similarly to that of VM reports, ensuring a familiar and intuitive user experience.
  • Enhanced Automation Capabilities: With the inclusion of WAS reports, users can leverage Auto DR (Dynamic Remediation) for web application vulnerabilities, streamlining the remediation process.

User Story: As a user, this integration improvement enables me to import multiple web application scans in a single entry. This capability allows for the effective use of Auto DR, facilitating more efficient management and remediation of vulnerabilities identified in web applications.

How to Use: Users can access the Qualys WAS reports integration through the same modal used for VM reports. The process to import WAS reports is designed to be straightforward and mirrors the existing method for VM reports, ensuring ease of use. Detailed steps and guidelines can be found in the platform’s help section or directly through the integration interface.

Acceptance Criteria: Users should be able to:

  • Import Web Application Reports from Qualys directly into the platform.
  • Utilize the same user interface and process as the Qualys VM report integration to import Qualys WAS reports.
  • Leverage the imported data for enhanced vulnerability management and remediation within the platform.

Advancing Web Application Security Management: By supporting Qualys WAS reports alongside VM reports, we enhance our platform’s capability to manage a broader spectrum of security vulnerabilities, particularly those related to web applications. This integration not only broadens the scope of our cybersecurity tools but also strengthens our users’ ability to address and remediate web-based threats efficiently.

Delta Threshold Settings for Auto DR

Summary: In response to user feedback on the Auto DR process, we are introducing a new delta tolerance level setting that enhances control over automated dynamic remediation actions. This feature is designed to prevent incorrect or premature Auto DR actions caused by problematic scan imports, such as those with the wrong scope or incomplete data.

Affected Platform Area: This update specifically improves the Auto Dynamic Remediation functionality.

Key Enhancements:

  • Configurable Change Threshold: Users can now set a specific Delta Tolerance Level for detected changes within the Auto DR calculation. If the amount of changes exceeds the predefined percentage (ranging from 10% to 90%), the scan will require human intervention.
  • Safeguard Against Erroneous Auto DR: This new setting acts as a safeguard, ensuring that significant changes detected in a scan are verified by a human before any remediation is applied.
  • Notification System: When the threshold is triggered, the system will send both an email and an in-platform notification to all users with access to the project, alerting them that the scan requires review.

User Story: As a user who relies on Auto DR for efficient vulnerability management, I find it beneficial to set a threshold for changes detected during the Auto DR calculation. This ensures that if the changes exceed 50% of the total issues, for example, the process requires human review and is not automatically published, preventing potential errors in auto remediation.

How to Use: To utilize this feature, navigate to the project-based auto importer settings and set the desired threshold for Auto DR without human intervention. If this threshold is exceeded during a scan, the scan will be placed in a “DR with human intervention” draft status. Users will receive notifications and can review the scan to decide the appropriate course of action.

Acceptance Criteria: Users should be able to:

  • Configure the Delta Tolerance Level setting within the auto importer settings of a project.
  • Receive notifications via email and in-platform alerts when the threshold is triggered.
  • Review and approve changes in a draft status before any remediation actions are finalized.

Ensuring Reliable and Accurate Auto DR Processes: With the introduction of this threshold setting, our platform provides users with greater confidence in the Auto DR process, ensuring that only verified changes are automatically remediated. This feature enhances the platform’s reliability, mitigating risks associated with automated processes and reinforcing the importance of accuracy in dynamic remediation.

Operational Features

New Features

Custom Import Frequency Settings for Qualys Integration

Summary: To address the challenges posed specifically by Qualys’ API rate limits, we are introducing a new feature that allows channel partners and end clients to customize the frequency of auto-import checks. This feature is designed to optimize API usage and prevent exceeding the restrictive API limits set by Qualys, thus enhancing integration efficiency.

Key Enhancements:

  • Customizable Import Frequencies: Users can now set custom frequencies for their data imports from Qualys at both the tenant and platform instance levels. This flexibility helps manage API calls more efficiently.
  • New Scanner Management Page: A new page in the tenant overview will display all auto-importers set up within the tenants, providing a centralized view and management options.
  • Default and Individual Importer Settings: Users can set a default import frequency that applies to all auto-importers within their tenant or customize settings for individual importers based on specific needs.

User Story:

  • As a platform partner utilizing Qualys, I want to be able to set a default import frequency for my clients that optimizes API usage, ensuring efficient operations without hitting API rate limits.
  • As an end-user employing Qualys for vulnerability data imports, I need the ability to adjust the polling frequency to once or twice a day to stay within the entry-level API limits.

How to Use: Users can manage their import settings through the new Scanner Management page accessible from the tenant overview. Here, users can configure the default settings for all auto-importers or adjust settings for individual importers as required. The interface provides intuitive options for setting frequencies such as per hour, every two hours, or daily, depending on the user’s API plan with Qualys.

Acceptance Criteria: Users should be able to:

  • Access the Scanner Management page to view and manage all auto-importers.
  • Set a default import frequency for all auto-importers within a tenant.
  • Customize the import frequency for individual importers based on differing client needs.

Enhancing Integration Flexibility: This new feature significantly enhances the flexibility of our Qualys integration by allowing users to tailor the frequency of imports. By enabling efficient management of API utilization, we help ensure that our clients can maintain optimal operation of their vulnerability management processes without exceeding API limits and also provide protection for any existing scanning providers that may impose these API restrictions.

  • Customisable Branded Knowledge Base Article Link – To enhance support for our partners, we have introduced the capability to customize the Knowledge Base (KB) link within the platform. Partners can now set their documentation link to a branded KB, aligning help resources with their own branding and support strategies. This new feature facilitates a more personalised user experience and ensures that partners can direct their users to the most relevant and customized help resources.

Other posts you might like