The Rootshell Platform – Patch Notes February 2024

Application Features

New Features

• Black Kite Intelligence Integration – We are excited to announce the integration of Black Kite Intelligence into our platform. This powerful feature enables users to seamlessly import their data from Black Kite, covering all 19 modules available on their platform.

  Key Benefits:

  • Effortless Data Import: Users can now select a company within Black Kite and import the relevant data directly into our platform using a secure API connection.

  • Comprehensive Coverage: This integration encompasses all 19 modules from Black Kite, ensuring a broad range of data is accessible for enhanced cybersecurity insights.

  • Automated Data Sync: As with all our API integrations, users have the option to set up regular automatic imports. This ensures your data is always up-to-date, allowing for real-time decision-making and analysis.

  How to Use: To begin using this feature, navigate to the connected accounts section within the platform and select Black Kite Intelligence. Follow the simple setup process to link your Black Kite account.

  Enhanced Security Posture: By integrating Black Kite Intelligence data, our platform reinforces its commitment to providing comprehensive cybersecurity solutions. This enhancement empowers users with more in-depth data, bolstering their security posture against emerging threats.

• TopDesk Ticketing Integration – We are pleased to introduce the integration of TopDesk Ticketing into our platform. This feature bridges the gap between cybersecurity and issue resolution by allowing users to assign and raise vulnerabilities directly within the TopDesk ticketing system.

  Key Benefits:

  • Streamlined Issue Management: This integration facilitates the seamless transfer of identified vulnerabilities from our platform to TopDesk, enabling efficient tracking and resolution.

  • API-Driven Integration: Users can establish a connection between our platform and TopDesk via an API, ensuring a secure and reliable data exchange.

  • Enhanced Remediation Process: By utilizing TopDesk’s robust ticketing system, users can prioritize and address vulnerabilities more effectively, leading to a stronger security posture.

  How to Use: To activate this integration, go to the ‘Connected Accounts’ section in our platform. Here, you can enter your TopDesk API details to establish the connection. Once set up, the system will allow for the direct assignment and raising of vulnerabilities within TopDesk for prompt remediation.

  Closing the Loop on Cybersecurity: Integrating with TopDesk Ticketing signifies our commitment to not just identifying cybersecurity threats but also ensuring they are efficiently managed and resolved. This integration is a step forward in providing an end-to-end security solution.

• New Featurette Module – We are excited to unveil our latest addition to the platform: the Featurette Modal. Designed to enhance user experience, this modal serves as an informative guide, spotlighting new features and providing helpful explanations on specific pages within the platform.

  Key Benefits:

  • Enhanced Visibility of New Features: The Featurette Modal ensures that users are immediately informed about the latest updates and functionalities added to our platform.

  • On-Page Guidance: It offers contextual explanations and guidance, making it easier for users to understand and utilize new features effectively.

  • User-Centric Design: With this addition, we aim to enhance user engagement and ensure our platform remains intuitive and user-friendly.

  How to Use: The Featurette Modal will automatically appear when new features are added or when there are important announcements. Users can also access it on specific pages where additional information or guidance is provided about the platform’s functionalities.

  Staying Informed and Empowered: This featurette is part of our ongoing commitment to provide a seamless and informative user experience. By keeping users updated and well-informed, we empower them to make the most of our platform’s evolving capabilities.

• Enhanced Asset Management: In our continuous efforts to provide clarity and accuracy for asset management, we’re introducing a new visual feature. This enhancement is designed to help clients identify and address the issue of duplicate assets within their tenant, ensuring both data integrity and accurate licensing.

  Key Features:

  • Asset Prioritization Overview: Clients can quickly view the percentage and number of assets that have a prioritization rating, as opposed to those that don’t.

  • Identification of Duplicate Assets: A simple query will highlight duplicate assets by IP and/or hostnames, prompting necessary action.

  • Un-grouped Asset Tracking: Clients can see how many assets are not part of any asset groups.

  User Story: This feature was developed in response to the need for clients to have a clear understanding of their asset status, including prioritization, duplicates, and grouping. The visual bar provides an at-a-glance insight, helping clients make informed decisions regarding their asset management and understand how these factors influence their decision making.

  How to Use: Clients can access this feature directly on their asset dashboard. The visual bar and its components offer an intuitive and immediate understanding of the current asset status. Hovering over each section provides additional details and guidance.

  Enhancing Operational Efficiency and Transparency: With this new feature, we aim to empower our clients with better control over their asset management and a clearer understanding of how asset specifics impact their platform licensing. This enhancement is a step towards more transparent, efficient, and accurate operational processes on our platform.

Improvements

• Enhanced MTTR Calculations for Vulnerability Scanning – We are pleased to announce an important improvement in the calculation of Mean Time to Remediate (MTTR) metrics for users utilizing regular vulnerability scanning on our platform. This enhancement is designed to provide more accurate and meaningful insights into the remediation timelines of identified vulnerabilities.

  Key Enhancement:

  • Refined Calculation Methodology: The platform now incorporates the parent/child relationship between recurring issues in subsequent scans into the MTTR calculations. This means changes to the calculation to include the parent issues and not just the latest child, resulting in more precise MTTR metrics.

  • Updated Compliance Dashboard Insights: The improved MTTR calculations are now integrated into the Compliance dashboard, offering users more accurate insights into their remediation efforts.

  Impact on Historical Data:

  • Changes to Historic MTTR Metrics: Users may notice adjustments in their historical MTTR metrics for vulnerability scanning data. This change is due to the improved calculation method.

  • Penetration Testing Data Unaffected: It’s important to note that MTTR metrics for penetration testing results remain unaffected by this update.

  User Story: As a user engaged in regular vulnerability scanning, understanding the efficiency of remediation efforts is crucial. The improved MTTR calculations allow for a more accurate reflection of remediation timelines, enhancing the ability to track and improve security processes.

  How to Use: Users can view the updated MTTR insights directly on the Compliance dashboard. The platform automatically applies the new calculation methodology to both current and historical vulnerability scanning data.

  Advancing Remediation Tracking: This improvement in MTTR calculations underscores our commitment to providing users with precise and actionable data. By enhancing how we calculate and present these metrics, we aim to empower our users with better tools for managing their cybersecurity posture effectively.

• Bulk import of affected hosts – In our ongoing effort to streamline workflows on our cybersecurity platform, we are introducing a significant enhancement for penetration testers: the ability to add multiple affected hosts to a vulnerability at once via bulk import.

  Key Benefits:

  • Efficiency in Data Entry: Pen testers can now upload a csv or JSON file containing IP details, significantly reducing the time spent on manual data entry.

  • Enhanced Usability: This feature simplifies the process of adding host or asset details, including IP, port, protocol, and services, especially beneficial for large-scale tests.

  • Precision and Speed: The bulk import capability ensures both accuracy and efficiency, allowing for quicker setup and response times in vulnerability assessment.

  Feature Description: Previously, adding hosts or assets to our platform required manual input of details such as IP, port, protocol, and services. This feature introduces a streamlined process where users can upload a .txt file with each line item containing an IP detail, thereby populating affected hosts more efficiently. This new functionality supports the upload of specifically formatted csv and JSON files, enhancing the platform’s capability to ingest data quickly and accurately. It is designed to handle IP addresses, port numbers, protocols, service details, and hostnames in a user-friendly manner, catering to the needs of pen testers conducting extensive and complex assessments.

  How to Use: To utilize this feature, navigate to the new issue or edit issue screen in our platform and select the option for bulk import. Upload your formatted file, and the system will automatically populate the affected hosts with the provided details.

  Streamlining Cybersecurity Assessments: This feature is a testament to our commitment to enhancing the efficiency and effectiveness of cybersecurity assessments on our platform. By reducing the time and effort required for data entry, we empower pen testers to focus more on critical analysis and response strategies.

• Enhanced Dynamic Remediation (DR) Options: In response to client feedback, we’ve enhanced our Dynamic Remediation (DR) feature. This improvement allows users to set more specific parameters in how DR, including Auto DR, functions, particularly beneficial for environments with dynamically changing assets like laptops and mobile devices.

  Key Improvements:

  • Flexibility in Asset Management: Users can now opt to have the platform ignore missing assets during the DR process, focusing instead on port changes and issue discrepancies.

  • Tailored Remediation: This enhancement enables more precise control over the remediation process, ensuring that it aligns with the unique characteristics of the user’s IT estate.

  User Story: For users with large estates where assets frequently connect and disconnect from the network, the improved DR functionality offers a much-needed solution. This feature allows them to leverage Auto DR efficiently, without the complication of transient devices impacting the remediation process.

  How to Use: To utilize this enhanced feature, go to the Dynamic Remediation settings within your project. Select your preferred DR mode and configure the asset comparison option as per your requirement.

  Streamlining Remediation in Dynamic Environments: This update underscores our commitment to providing flexible, user-centric solutions in cybersecurity management. By accommodating the varying dynamics of user environments, we ensure that our DR feature remains effective and relevant, regardless of the complexity of the user’s IT estate.

• CVSSv4 Scoring Integration in the Open Source Calculator: We are excited to announce the integration of the Common Vulnerability Scoring System (CVSS) version 4.0 into our platform’s in-built open source calculator. This feature allows users to generate accurate CVSS 4.0 scores directly within the platform, enhancing our issue resolution and risk assessment capabilities.

  Key Features:

  • CVSS 4.0 Vector Calculation: Users can now build and calculate CVSS 4.0 vectors within the adding/edit issue process.

  User Story: When creating an issue, users can open the CVSS modal, select a CVSS 4.0 vector, and generate a corresponding vector. This integration simplifies the process of assessing and documenting the severity of vulnerabilities.

  Enhancing Vulnerability Assessment Accuracy: This feature is a significant step in aligning our platform with the latest industry standards in vulnerability scoring. By incorporating CVSS 4.0 calculations, we provide our users with a more robust and precise tool for assessing and addressing cybersecurity risks.

• Enhanced Rapid7 Integration: We are pleased to announce an enhancement to our Rapid7 integration, mirroring the functionality we offer with our Qualys integration. This improvement allows users to not only auto-import Rapid7 network scans but also to incorporate scheduled reports that compile the results of hourly agent scans.

  Affected Area:

  • Rapid7 Integration (Auto-Imports): This improvement impacts the existing Rapid7 integration, specifically the auto-import functionality.

  User Story: Users with a Rapid7 connection can now benefit from more comprehensive data integration. This includes the ability to automatically import both network scans and collated reports from Rapid7, offering a broader and more detailed view of their network’s security posture.

  How to Use: Users can select their preferred import type (scan or report) when setting up or managing their Rapid7 integration in the platform. This option is available for API imported results, ensuring a tailored and efficient data integration process.

  Broadening Integration Capabilities: With this update, we aim to enhance the flexibility and depth of our Rapid7 integration. Users can now harness the full range of Rapid7’s capabilities, from comprehensive network scans to detailed agent-based reporting, ensuring a more robust and nuanced understanding of their cybersecurity landscape.

• Enhanced Audit Log Functionality: We have updated the audit log feature in response to user feedback requesting more granular control and searchability. This enhancement makes it easier for users to access and interpret specific log information, improving the overall utility of the audit logs.

  Key Enhancements:

  • Advanced Filtering Options: Users can now filter audit logs by projects or phases, allowing for more targeted searches.

  • Keyword Search Within Log Content: There is now the capability to search for specific keywords within the content of the log, particularly within the JSON data.

  • Improved Performance: The initial load of the Audit Log will be restricted to 30 days with the ability for users to then expand on the date range for which they wish to analyse.

  User Story: Users needed the ability to quickly find specific information within extensive audit logs. For example, identifying changes made to an executive summary in a large project. The improved audit log functionality directly addresses this need by offering enhanced filtering and search capabilities.

  How to Use: Access the improved audit log via the usual interface. Utilize the new filtering options to narrow down your search scope and use the keyword search function to quickly locate specific entries.

  Enhancing Log Accessibility and Utility: This upgrade to the audit log feature is part of our commitment to providing robust and user-friendly tools. By improving the granularity and readability of audit logs, we empower our users to efficiently track and review changes within their projects, enhancing transparency and accountability in their operations.

Operational Features

• Enhanced Brand Customization for Security Providers: We are pleased to announce a new operational feature that significantly enhances brand visibility for our security provider partners on the platform. Building on existing options such as logo uploads and PDF report customization, partners can now personalize their platform instance with their own branding colour schemes and select a custom name for their instance.

  Key Enhancements:

  • Custom Branding Colour Schemes: Partners can now apply their brand’s colour palette to the platform’s interface, ensuring a consistent brand experience for their users.

  • Instance Naming Flexibility: Security providers have the option to name their platform instance according to their preference, further reinforcing their brand identity.

  Existing Features:

  • Logo Customization: Partners can upload their logos to reflect their brand identity.

  • PDF Report Configuration: Customization options for PDF reports allow for branded report generation.

  User Story: As a security provider, enhancing brand presence and ensuring a consistent brand experience across all touchpoints is crucial. This feature enables providers to seamlessly integrate their brand identity into the platform, from visual elements to naming conventions.

  How to Use: Partners can access these customization options in the platform’s settings. Here, they can upload their branding colour schemes and logos, configure PDF report settings, and set their preferred instance name.

  Strengthening Partner Brand Presence: This new feature is part of our ongoing commitment to support our partners in their branding efforts. By providing enhanced customization capabilities, we aim to help security providers strengthen their brand presence and offer a more personalized experience to their users.

• Automated Tenant Access Management for Consultants: In response to the needs of our PMO functions, we are introducing a new operational feature that automates user management for consultants working across multiple client projects and tenants. This feature simplifies the process of managing access permissions, enhancing security and operational efficiency.

  Key Enhancement:

  • Automatic Removal of Access: After a consultant has completed their role in a project and it has passed the QA process, the platform will automatically remove their access from the tenant after specified number of days after the project’s end date.

  User Story: PMO personnel often face challenges in managing the access rights of testers and consultants who work on different projects. With this feature, once a tester is aligned to a job and it concludes, our platform, will automatically remove the user from the tenant, streamlining user management and maintaining security protocols.

  How to Use: Clients can access this feature in the QA Reports Dashboard. Here, they can configure the auto-removal settings, including the timeframe and specific user roles to be removed after project completion.

  Enhancing Security and Operational Efficiency: This feature is designed to assist PMOs in maintaining optimal security and efficiency in user management. By automating the process of removing access rights, we help ensure that only current project members have access to sensitive client data, reducing the risk of unauthorized access.

• Enhanced Visualization for Managing Client Assets: In line with our commitment to providing accurate and transparent pricing models, we have implemented an operational improvement. This enhancement focuses on presenting asset counts only to security providers, specifically regarding unique and duplicate assets within a client’s tenant.

  Key Improvement:

  • Accurate License Quoting: By visualizing the total number of unique and duplicate assets in the tenant overview, sales personnel and platform license sellers can now provide more accurate quotes.

  • Total Asset Overview: The inclusion of total asset counts aids in comprehensive understanding and transparent communication, especially for channel quotes.

  User Story: This feature assists sales personnel and platform license sellers in understanding the exact number of unique assets within a client’s tenant. Accurate identification of unique and duplicate assets is crucial for precise platform license quoting.

  How to Use: Sales personnel and license sellers can view these details directly on the tenant overview screen. The display of unique and duplicate assets, along with the total asset counts, provides a quick reference to assist in the quoting process.

  Streamlining Sales and Pricing Accuracy: This operational improvement is a significant step toward enhancing the efficiency of our sales process and ensuring pricing accuracy for our security platform. By providing a clear visualization of client asset counts, we aim to facilitate better decision-making and maintain transparency in our pricing strategies.

• Integration of Jira Service Management and Email Support Options: We are introducing a new operational feature for security providers on our platform, enabling them to directly integrate their Jira Service Management project or specify an email address for first-line client support. This feature is designed to streamline the support process and enhance communication between security providers and their clients.

  Key Enhancements:

  • Jira Service Management Integration: Security providers can now link their Jira Service Management project with the platform, allowing for seamless management of client support tickets.

  • Email Support Option: For providers who do not use Jira, there is an option to specify an email address where client queries can be directed.

  • Centralized Support Management: Both these options can be managed within the Tenant Overview → Support Settings page, offering a centralized location for support configuration.

  User Story: As a security provider, managing first-line support efficiently is crucial. This new feature allows providers to either integrate their existing Jira Service Management project for ticket management or use a dedicated email address to handle client queries, ensuring a more streamlined support experience.

  How to Use: Security providers can access this feature by navigating to the Tenant Overview and selecting the Support Settings page. Here, they can choose to integrate their Jira Service Management project or enter an email address for support queries. Once set up, client support interactions will be routed through the chosen method.

  Enhancing Client Support Experience: This feature is a significant step towards enhancing the support infrastructure for our security provider partners. By offering flexible options for support management, we aim to facilitate better communication and quicker resolution of client queries, ultimately improving the client experience on our platform.

Improvements

• Streamlined Retest Process for Penetration Testing: We are introducing an operational improvement to streamline the retest process in penetration testing on our platform. This enhancement addresses the current challenges in assigning consultants to retests and ensures better integration of the retest phase into our workflow and dashboards.

  Key Enhancements:

  • Direct Assignment of Consultants to Retests: Users can now cleanly assign a consultant specifically for the retest phase, improving clarity and accountability.

  • Enhanced Retest Scheduling: The platform now allows for precise scheduling of the retest phase with ‘from’ and ‘to’ dates.

  • Improved Dashboard Integration: Retest phases are now prominently displayed in the State of Play and QA dashboards at the tenant overview, providing better visibility and tracking.

  • Dedicated QA Process for Retests: The QA process for retests has been refined, ensuring that any QA tasks or comments are directed to the retest consultant, not the original tester.

  User Story: As a PMO user, when reopening a phase for a retest, I can now specify the retest details, including dates and the assigned consultant. This information will be reflected in the relevant dashboards and QA processes, ensuring smooth and efficient retesting workflow.

  How to Use: When reopening a phase for a retest, select the ‘Reopen for retest’ option and provide the required details, including the retest dates and the consultant assigned. The platform will automatically update the dashboards and route the QA process accordingly.

  Enhancing Efficiency in Penetration Testing Retests: This operational improvement is part of our ongoing commitment to enhancing the efficiency and effectiveness of the penetration testing process on our platform. By providing a more streamlined approach to managing retests, we aim to improve the overall experience for both PMO users and consultants.