The Rootshell Platform – Patch Notes November 2023

Application Features

New Features

• SLAs – Customisable Content – We understand that every organisation has unique needs and communication styles, especially when it comes to service level agreements (SLAs). That’s why we’re thrilled to introduce customisable SLA email content in the latest update to the platform.

Key Features:

• • • Customisable Email Frequency: Decide how many chase emails you’d like the platform to send to help you prompt your colleagues and departments to act on outstanding issues.

    • Flexible Timing: Specify the number of days before or after an SLA deadline for an issue to trigger these emails.

    • Tailored Language: Use your own company-specific or bespoke operational language to ensure that the message resonates with your workforce.

This feature allows you to automate the process of chasing colleagues for SLA-related issues, making it more efficient and aligned with your organisational culture. Take control of your SLA management today with this new functionality in the platform.

• Nessus CVSSv3 – In our ongoing efforts to provide seamless integration and data accuracy, we’ve introduced an important enhancement for Nessus imports in the platform.

  Key Features:

  • Automated CVSSv3 Ratings: Where available, Nessus imports will now automatically use CVSSv3 ratings.

  • Fallback Mechanism: In the absence of CVSSv3, the platform will default to CVSSv2 ratings and, ultimately, to the default rating from Nessus.

  • Aligned Risk Ratings: Ensure that risk assessments in the platform are consistent with those in your Nessus console.

  By automatically reverting to CVSSv3 ratings, this enhancement addresses the discrepancies between Nessus and the platform, particularly where the platform previously defaulted to CVSS v2.0 scoring. Upon importing Nessus results—whether via file, manual API, or auto-import—the platform will intelligently analyse the content and use the appropriate scoring version.

Improvements

• LA Inheritance for Reappearing Issues – In previous versions, conducting regular scans led to daily SLA resets for reappearing issues. We’ve refined this behaviour; now, for reappearing issues, the platform will inherit the SLA from the first occurrence. This improvement ensures that your SLA tracking is accurate, particularly for issues that reappear and fall outside the expected SLA for remediation.

• Enhanced Qualys WAS Pagination and Search – With the latest update, we’ve made some valuable improvements to the Qualys WAS integration in the platform to enhance your experience.

  Key Improvements:

  • Scan Name Search: Users can now search for specific scan names when using the manual API import option for Qualys.

  • Dropdown for Scan Result Duration: A new dropdown feature allows users to select the duration for which the platform will search scan results. Options range from 1 day to 3 months, with 3 months being the default setting.

  These improvements make it easier to locate and import specific scan results, providing you with more control and flexibility when working with Qualys WAS data.

• Enhanced Burp Enterprise Imports

  Continuing our commitment to providing actionable insights for better cybersecurity decision-making, we’ve improved the import functionality for Burp Enterprise in the platform.

  • Inclusion of Request and Response Excerpts: Now, imports from Burp Enterprise will contain any available Request and Response excerpts. This provides users with more comprehensive information, facilitating a deeper understanding and more effective remediation.

  This enhancement ensures that you have all the relevant data at your fingertips, empowering you to make informed decisions regarding vulnerabilities and their remediation.

• Refined User Assignment Modal

  To make the user assignment process more intuitive, we’ve made some adjustments to the “Confirm Assignment” modal within the platform.

  • Clearer Wording and Labels: The updated modal now features refined wording and button labels, asking users whether they’d like to assign the selected user(s) to “All Instances” affected by the issue, or only to those that are “Unassigned.”

  This enhancement simplifies the user assignment process, providing clearer choices to ensure that the right individuals are tasked with issue remediation.

Operational Features

Project Velma Integration for Next-Level Threat Intelligence

We’re excited to announce a game-changing addition to the platform’s suite of features—native support for Project Velma, a revolution in threat intelligence.

Key Features:

• Real-Time Vulnerability Identification: Velma isn’t just another threat intelligence tool; it’s your panoramic lens on the cyber landscape, identifying vulnerabilities that are actively being exploited in real time.

• Actionable Insights: Go beyond mere detection and into the realm of actionable intelligence that enriches your understanding of the threats you face.

• Proactive Threat Management: With Velma, you’re not just reacting to threats—you’re anticipating them. Make confident, informed decisions about which vulnerabilities to prioritize for remediation.

• Automated CVE Watchlist: As a platform partner, you now have the option to allow Velma to automatically add to your CVE watchlists those exploits that are actively being exploited. Simply head to the ‘Tenant Overview’ and ‘Threat Intelligence’ menu to activate this feature.

Transform your cybersecurity approach with Project Velma. Take control, anticipate threats, and protect what matters most—all from within the platform.

Vulnerability Correlation Database—A Revolution in Remediation Management

We’re taking the platform to the next level with the introduction of a comprehensive Vulnerability Correlation Database, a key component of our Project Velma and One Issue View initiatives.

Key Features:

• Advanced Correlation Algorithms: Utilizing advanced mathematical equations, this database correlates abstract vulnerability data, aiming to provide you with a unified, efficient view of your security landscape.

• One Issue View Beta: This database is the backbone of our new One Issue View beta feature coming soon, providing a correlated view of vulnerabilities to simplify remediation efforts.

• Massive Database: At launch, the database contains over a quarter of a million vulnerabilities, with the capacity for rapid expansion.

• Universal Data Ingestion: The platform can now ingest vulnerability data from any source, automatically correlating the data to eliminate duplication and streamline your remediation process.

This database isn’t just an incremental improvement—it’s a ground-breaking leap forward that will transform how you manage vulnerability remediation, providing you with unprecedented insight and control.

Enhanced Tenant Overview—Streamlined Onboarding and Customization

Channel partners, we’ve listened to your needs! The latest update brings substantial improvements to the Tenant Overview section, enabling a more streamlined and customizable experience for both you and your clients.

Key Features:

• Default Text for Test Types: Now, set default text for critical test types such as Executive Summary, Assessment Context, Caveats, and Scope. This text will auto-populate with essential variables like assessment dates and company names, making report generation more efficient.

• Flexible Application: Apply these settings to new tenants by default via the ‘Setup Groups’ option, offering you flexibility and control over client onboarding.

This feature aims to minimize the administrative overhead for channel partners, making it easier than ever to onboard new tenants and deliver a tailored experience.