The Rootshell Platform – Patch Notes May 2024

Summary: We are excited to announce the launch of our platform’s Public API v1, a powerful new feature designed to provide enterprise users with extensive capabilities for data integration and automation. This API facilitates a wide range of tasks, enabling both the extraction of data from and the ingestion of data into the platform.

Key Features:

• Broad Task Automation: Users can automate a multitude of tasks, enhancing efficiency and reducing manual workload.
• Custom Data Integration: The API is especially beneficial for clients with bespoke reporting requirements or those using third-party providers not officially supported by the platform.
• Comprehensive Documentation: A full list of actions, endpoints, and usage guidelines is available in the official API documentation, ensuring users can easily implement and maximize the API’s capabilities.

User Story: Enterprise users seeking to streamline their cybersecurity workflows or integrate custom data sources now have the tool to do so. Whether it’s automating data extraction for analysis, feeding in data from unsupported third-party tools, or customizing reporting outputs, the Public API v1 opens a realm of possibilities for enhancing and personalizing their cybersecurity infrastructure.

How to Use: Enterprise users can access the Public API v1 through the platform. Detailed documentation, including a list of available endpoints and instructions for use, is provided to guide users through integrating the API into their operations. This documentation is accessible within the platform’s help section or directly through the official API documentation page.

Empowering Users with Flexibility and Control: The introduction of Public API v1 is a testament to our commitment to providing flexible, powerful tools that meet the evolving needs of our users. By enabling enhanced data integration and automation capabilities, we aim to empower enterprise users to tailor the platform to their specific requirements, thereby optimizing their cybersecurity processes and strategies.

• Mitre Att&ck Integration for Enhanced Red Team Assessment Reporting

Summary: We are thrilled to introduce a significant new feature to our platform – the integration of the Mitre Att&ck framework into our red team assessment reporting. This unique addition allows for a more structured and comprehensive analysis of vulnerabilities based on the globally recognized Mitre Att&ck tactics and techniques, offering clients unparalleled insights into their cybersecurity posture.

Key Features:

• Alignment with Mitre Att&ck Framework: The platform now supports the alignment of reported vulnerabilities with specific Mitre Att&ck tactics, providing a clear understanding of how identified issues relate to known attack methodologies.
• Bespoke Project View Layout: A new project view layout has been developed to detail the Mitre tactics associated with individual vulnerabilities, making it easier for clients to understand the context and implications of each finding.
• Visual Mitre Att&ck Matrix Overlay: Clients can now visualize how their vulnerabilities map onto the Mitre Att&ck matrix, providing a stylistic and intuitive representation of areas requiring attention.
• Targeted Improvement Recommendations: By highlighting specific areas of the Mitre Att&ck matrix where vulnerabilities have been identified, the platform guides clients on where to focus their remediation and improvement efforts.

User Story: For clients undergoing red team assessments, understanding the broader implications of identified vulnerabilities is crucial. This integration allows clients to not only pinpoint specific issues but also see how these vulnerabilities fit into known attack patterns and tactics, enabling a more targeted and effective cybersecurity strategy.

How to Use: Clients can access the new Mitre Att&ck framework integration through projects that are of type “Red Team Assessment”. The bespoke project view and visual matrix overlay are available for all red team assessments, providing immediate insights into how vulnerabilities align with Mitre Att&ck tactics.

Advancing Cybersecurity Analysis and Strategy: This integration marks a significant advancement in how cybersecurity assessments are conducted and reported on our platform. By providing a direct link between identified vulnerabilities and the Mitre Att&ck framework, we empower clients with the knowledge to not only remediate current issues but also strategically enhance their defences against complex attack scenarios.

• Asset Level Permissions (ACLs)

Summary: We are delighted to introduce Asset Level ACLs, a significant enhancement to our platform’s access control capabilities. This new feature complements the existing project and phase-level permissions system by offering granular control over user access at the asset level. Users can now be granted access to specific asset groups or selections of assets, facilitating tailored data access that aligns with their roles and responsibilities.

Key Enhancements:

• Granular Access Control: Users can be assigned permissions to access specific asset groups or individual assets, providing a higher level of data protection and access management.
• Cross-Project Asset Accessibility: This feature enables users to access assets that span across multiple projects, eliminating the need to duplicate permissions for each project or phase.
• Secure Data Management: By restricting access to sensitive data to only those who require it, the platform enhances its security posture and protects against unintended data exposure.

User Story: In a complex cybersecurity environment, ensuring that team members have access only to the assets relevant to their work—without exposing sensitive information from other projects—is crucial. Asset Level ACLs address this need by allowing administrators to precisely control access rights, ensuring that users can perform their duties efficiently while maintaining the integrity and confidentiality of data.

How to Use: Administrators can configure Asset Level ACLs via the platform’s permissions module. This involves selecting the asset groups or individual assets and specifying the users that should have access. Detailed guidance on setting up Asset Level ACLs is available in the platform’s knowledgebase documentation, ensuring a smooth implementation process.

Advancing Security and Collaboration: The introduction of Asset Level ACLs marks a significant advancement in how access is managed within our platform. By providing more detailed control over who can see and interact with specific assets, we not only enhance security but also facilitate more efficient collaboration among team members. This feature is particularly beneficial for organizations managing large-scale or highly sensitive projects, where access control is paramount.

Application Improvements

• Main Dashboard – Issue Breakdown has been limited to the most recent 100 issues to improve performance.
• Default User Notifications – Issue Regression notifications have been included as part of the default enabled notifications for new users to the platform.
• Issue Recasting & Suppression – Improvements have been made to enable users to recast or suppress issues based on IP and Port rather than just the issue level.
• Issue Comments – The issue sidebar view has had a refresh to make it clearer to read the most recent comment and CVEs affecting an issue. Issue comments now contain a full date and timestamp for better tracking comments and actions on a particular day. Comments made against Vulnerability Scanning issues will be passed up and down the parent/child stack, meaning whatever instance of the issue you are viewing, the latest comments will be present to the user.
• Export Questionnaires – Users are now able to export completed questionnaires to PDF.
• Performance Improvements – The engineers have been hard at work to make sure all areas of the platform are running at their optimum speeds, areas of focus in particular have been around Assets, Asset Groups and the One Issue View.
• Operating System Information – Has now been included by default into the assets scanned by Rapid 7 Nexpose and Qualys.

Summary: We are thrilled to introduce the launch of our platform’s Public API v1, a cutting-edge feature designed to significantly expand the capabilities of our channel partners and users alike. This powerful API provides extensive opportunities for data integration and automation, enabling the creation of custom solutions and integrations for tools not officially supported by the platform. As a channel partner, you can now leverage this API to enhance your service offerings and deliver tailored cybersecurity solutions to your clients.