October 15, 2024
New Features and Updates
Vulnerability Assessment with Cisco Secure Endpoint – Additional supported Application
Cisco Secure Endpoint now supports Docker.
All Samples script
Because the List Users endpoint now supports pagination the “all samples” script was updated to provide the new values for page size and pagination.
Bug Fixes
In the Application Security Module, you could not share application names across multiple Cisco Vulnerability Management instances in the same domain. This issue has been resolved.
When you generated an export using the API, if you used the “easily_exploitable” parameter, the export might have contained vulnerabilities that weren't easily exploitable. This issue has been resolved.
For connectors that only import open vulnerabilities, existing vulnerabilities that are not reimported will be closed.
On the Fixes tab of the Vulnerability Management Explore page, the selected Page Size entries were not highlighted correctly. Now this issue has been resolved, ensuring accurate display of the selected number of entries.
On the Vulnerability Management > Activity > Exports page, the export status filters are now all selected when you land on the page. To remove one of the filters, you click on one of the colored circles.
September 30, 2024
Bug Fixes
Some vulnerabilities that were no longer present on Cisco Secure Endpoint might not have been closed. This issue has been resolved.
The license expiration banner was not consistently aligned across the Vulnerability Management, Vulnerability Intelligence and Application Security Module pages. This issue has been resolved.
On the Export Details page, the information in the table cells did not wrap correctly which made it difficult to read. This issue has been resolved.
When users selected to display more rows on the Users or Roles pages, the table would display a scrollbar instead of expanding the table to show all rows. The table now expands to show the specified number of rows without a scrollbar.
September 16, 2024
New Features and Updates
UI Rebrand
The Cisco Vulnerability Management UI has undergone an update to reflect the new Cisco brand. The changes update the name of the Application Security Module (formerly AppSec), Vulnerability Intelligence (formerly VI), Cisco Security Risk Score (formerly Kenna Risk Score), Data Importer (formerly Kenna Data Importer), Virtual Tunnel (formerly Kenna Virtual Tunnel), and Agent (formerly Kenna Agent).
These updates align with our growth and evolution as part of the larger Cisco Security portfolio. They reaffirm our dedication to providing a more comprehensive, unified experience for our customers.
There is no impact to functionality.
Custom Search Query Improvement
You can now use the “predicted_exploitable:true” search term to search for vulnerabilities that have Predicted Exploits.
Bug Fixes
Vulnerabilities that InsightVM reported in two or more filesystem locations on the same asset, were only reported as a single vulnerability in Cisco Vulnerability Management. This issue has been resolved.
504 errors might have occurred when using the Bulk Update Vulnerabilities API endpoint. This issue has been resolved.
A Snyk toolkit task failed because of a deprecated API URL. This issue has been resolved.
August 30, 2024
New Features and Updates
Cisco Vulnerability Management Agent Release – 1.3.2079
For users of the Agent, release 1.3.2079 patches the Agent golang libraries to address CVE-2023-45288. To download the Agent, click here.
Bug Fixes
The Data Importer connector only supports “open” and “closed” statuses for vulnerabilities. The help article for Data Importer was updated to indicate that if users supply a status other than “open”, the vulnerability will be set to “closed”.
On the VM Explore tab, filters for service ticket due dates were not working as expected: the due date might have been incorrect because of time zone translation, and vulnerabilities might have displayed that did not match the filter due dates. These issues have been resolved.
Crowdstrike connector runs might have failed intermittently. This issue has been resolved.
Risk meter scores for some vulnerabilities were not reindexed when the scores changed, so the incorrect score displayed in Cisco Vulnerability Management. This issue has been resolved.
When using the list view on the VM Dashboard page, the page was slow to load if many child risk meters were present. This issue has been resolved.
When you used the API to create a vulnerability, the "last seen" field was empty when you viewed the vulnerability in the UI. This issue has been resolved.
The Nexpose fix solution field was missing embedded links. This issue has been resolved.
August 15, 2024
New Features and Updates
Help Center Update
The Kenna Help Center has undergone an update to reflect the new Cisco Vulnerability Management brand. The changes that we made were to update the logo, text references, and adopt Cisco’s color and naming conventions. These updates align with our growth and evolution as part of the larger Cisco Security portfolio. They reaffirm our dedication to providing a more comprehensive, unified experience for our customers.
There is no impact to functionality.
Bug Fixes
During a connector run, the Tanium Connect connector might have synched 0 assets. When this happened, no errors displayed in the log files. This issue has been resolved.
When you navigated to the “activity/exports” page to view your exports, the page might not have loaded, and a 500 error might have displayed. This issue has been resolved.
If you didn’t include a status parameter when you used the Bulk Update Vulnerabilities API endpoint, a duplicate vulnerability was created instead of updating the original vulnerability. This issue has been resolved.
When you tried to create a ticket using the Jira Ticketing Connector, a “The reporter specified is not a user” error message might have displayed. This issue has been resolved.
When you were using an on-premises Jira instance, only the first 100 users displayed in the assignee selection list. You can now search for the username of the assignee. Note that being able to search for more than 100 assignees is only available via a Connector setting that Cisco Support enables for customers.
Server-side validation was added for asset inactivity, and purge limits.
Vulnerabilities might not have had a fix assigned to them even if the connector provided a valid fix. The issue has been resolved.
July 31, 2024
New Features and Updates
Dynamic Service Level Agreements (SLA)
When creating or editing an SLA, you can now choose to have the SLA due date updated automatically when the Risk Score changes between risk categories: low, medium, high. Scores typically need to change by 20 points to graduate from low to medium risk, and end users have the capability to define due date buckets based on custom score ranges for their environment. Note that if you have configured custom ranges for setting due dates, those ranges will be used instead of the default ranges.
Choosing the dynamic SLA option does not affect any dues dates that were manually set, including those that were set using the API. On the details page for a vulnerability, you can see which due dates were updated and the source of the update.
Note that the dynamic SLA feature is not automatically applied to existing SLAs. If you want to use the dynamic SLAs functionality, you must edit your existing SLAs and select the Dynamic SLAs option.
For more information refer to the SLA article.
Vulnerability Assessment with Cisco Secure Endpoint – Additional supported Operating systems and Applications
Cisco Secure Endpoint now supports the following applications and Operating Systems:
- Supported for MacOS only: Filezilla, VMWare Fusion, Postman, Visual Studio Code, Zoom.us
- Supported for Windows only: Git
- Supported for both MacOS and Windows: PyCharm, Evernote, VMWare Remote Console, VLC, Wireshark, IntelliJ IDEA
- Supported Operating Systems: Debian 10, 11, 12
For more information about supported applications and Operating Systems, refer to the Cisco Secure Endpoint article.
Vulnerability Intelligence+ (VI+) enhancements
The Cisco Vulnerability Management Vulnerability Intelligence+ (VI+) data snapshot now uses large language models (LLMs) and new machine learning (ML). These techniques are used to generate tags for STRIDE+ threat, outcome, prerequisites, and components for CVEs in the VI+ data feed. This allows Cisco Vulnerability Management to provide high-quality vulnerability intelligence about the CVEs.
Note: STRIDE is a model that categorizes different types of threats. STRIDE stands for Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, and Elevation of privilege.
UI update
In the Cisco Vulnerability Management console, the page size component for paginating tables was inconsistent. The component has been updated so that it has unified color, stroke, padding, and margin spacing across pages.
API Updates
Custom role user API enhancements
To allow users with custom roles to perform more tasks and work more efficiently, they can now access some of the Cisco Vulnerability Management API endpoints. For a list of endpoints that custom role users can use, refer to the API Key Generation and Permissions article.
API key assignment enhancements
Administrators can now more easily and efficiently manage API key access for users, including those with custom roles. API keys allow your users to access the Cisco Vulnerability Management API. The following API key assignment enhancements are available:
- Users can generate their own API Key if an administrator has given them permission.
- Administrators can grant API key access to multiple non-administrator users simultaneously.
- Administrators can revoke API key access from multiple non-administrator users simultaneously.
- Administrators can force multiple users to change API keys simultaneously.
Calculate Asset Group Metric endpoint
A new API endpoint, Calculate Asset Group Metric, was created to return updated metric value calculations for an asset group based on its ID and the specified metric name.
Bug Fixes
Vulnerability descriptions that contained HTML tags might have displayed HTML elements on the VM Explore page. This issue has been resolved.
Now when an informational Qualys QID is updated with a complete name and description, new vulnerabilities associated to that QID are created with the correct name and description instead of the generic ‘Informational’ attributes.
A "Verification of Credentials Failed" error message might have displayed when setting up the InsightVM connector. This issue has been resolved.
When you changed the role of a user from “admin” to “read-only”, in the audit logs the user was still reported as an admin. This issue has been resolved.
On the VM Explore page, search parameters including the string “status:” were not accepted unless you included an HTML character escape (for example, "HW_STATUS\: Absent"). The colon no longer needs to be escaped, which aligns with Explore search syntax more broadly.
Risk meters are displayed on the Dashboard only when the appropriate score range filter is selected.
The List Fix Alternatives endpoint now returns a “not found” error when a user searches for assets that they do not have access to.
On the VM Explore page, if a vulnerability has more than 10 tags, a Show more button now displays. After you click the button, it changes to a Show less button which when clicked hides the extra tags.
On the VM Explore page, when you hover over a tag, the text color no longer changes to blue, and the cursor does not change to a pointer.
On the VM Explore page Vulnerability tab, you can add a column for Asset Priority that you can use to show the asset severity.
July 15 2024
New Features and Updates
Virtual Tunnel Client: Release – 1.4.9
- Base OS upgraded to Rocky 9.3
API Updates
To allow users with custom roles to perform more tasks and work more efficiently, they can now access some of the Cisco Vulnerability Management API endpoints. For a list of endpoints that custom role users can use, refer to the API Key Generation and Permissions article.
Bug Fixes
Some invalid search queries did not display an error in the UI. For example, if you searched for "asset_status_changed_at”, no error message displayed even though it’s an invalid search string.
June 28, 2024
New Features and Updates
Centralized user management
Cisco Vulnerability Management now uses centralized user management for credential storage, and management of client authentication. Using this advanced security method offers a more secure, and simple single sign-on experience for Cisco Vulnerability Management users. Cisco Vulnerability Management uses centralized user management for the following:
- authenticating users when they log into the UI using username/password
- authenticating users when they log into the UI using SAML (SSO)
- password reset
As a result of this change, users must log in to Cisco Vulnerability Management once in the next 12 months. When they log in, Cisco Vulnerability Management uses centralized user management to save their credentials. This will be transparent to the user. If users do not log in once in the next 12 months, Cisco Vulnerability Management will force them to change their password the next time they do log in.
For more information, refer to the FAQ article.
CrowdStrike connector update
CrowdStrike connector fixes now contain more descriptive titles.
CVE Data ingestion improvement
Cisco Vulnerability Management now supports ingesting version 5.0 of CVE data from MITRE Corporation, which ensures that there will be no disruption in the data feed.
Vulnerability Intelligence Search improvement
If you enter an invalid search term in the Search field on the VI Explore page, a message displays to help you enter the correct syntax.
VM Explore page improvements
On the VM Explore page, buttons and text alignment were updated to improve readability and usability.
May 31, 2024
New Features and Updates
Tanium Connect Cloud Connector
Cisco Vulnerability Management now supports the Tanium Connect Cloud Connector using the Tanium Connect Module. This native-API-to-API connector delivers Asset locators such as hostname, FQDN, NETBIOS, IP Address, & Cloud Compute resources such as EC2, tags, Vulnerabilities, De-duplication Logic across other connectors.
For more information refer to this article.
Bug Fix
The AWS Inspector 2 toolkit task failed with an 'undefined method ipv4_addresses for nil' error when lambda findings were returned by AWS. To resolve this issue, lambda findings are filtered out because they continue to be unsupported.
May 15, 2024
Bug Fixes
If you were using the Docker package-based toolkit to host the Contrast security data connector, some vulnerabilities might have been flagged in the Docker package. To fix this problem, download the latest Docker image which ensures that you are running the most up-to-date and stable version of all Linux packages.
Now when you use the API to create child risk meters that have tags with uppercase letters, the tag facets display on the risk meter page in the UI.
April 30, 2024
New Features and Updates
Integration of Cisco Vulnerability Management with Cisco Secure Workload
Cisco Secure Workload utilizes micro-segmentation to stop threats from any workload from proliferating across the network. Powered by Cisco Security Risk Scores from Cisco Vulnerability Management, Secure Workload clients can now apply virtual patches and micro-segmentation policies based on the most impactful vulnerabilities in the client environment. For more information, see the Cisco Secure Workload release notes.
Virtual Tunnel Client: Release – 1.4.9
For users of the Virtual Tunnel, release 1.4.9 introduces a new option for customizing YUM settings to improve package management flexibility, and enhances the menu to include build information, which offers immediate visibility into the software's version and build details. To download the Client, click here.
Bug Fixes
The QualysWas toolkit task intermittently failed when it was on parsing the qualys_was_get_webapp_findings response. This issue has been resolved.
Tag filter checkboxes on risk meters were not displaying correctly due to letter case mismatches (upper case vs. lower case). The filter checkboxes now display as selected when a risk meter is using them, even if the case is mismatched at risk meter creation.
There was an undefined local variable in the AWS GuardDuty task. This issue has been resolved.
The description of the Edit Asset Groups role permission was updated to more accurately describe the actions that the user can perform when given the permission. The description now states: Create, update, or delete asset groups. Users will be able to create any new risk meter.
If you included remote_code_execution with the max/min_risk_meter_score parameters in a Search Vulnerabilities call no results were returned. This issue has been resolved.
Administrator users and custom role users were not seeing the same scores for risk meters on their dashboard. Custom role update jobs were modified to operate more closely in line with risk meter updates to better align metrics.
API Updates
The Whitesource toolkit task API was updated from version 1.3 to 1.4. You can now also specify the API hostname.
April 15, 2024
New Features and Updates
Cisco Vulnerability Management Agent Release – 1.3.2069
For users of the Agent, release 1.3.2069 improves Nexpose connector timeout handling, and adds improved security with DynamicUser execution. To download the Agent, click here.
Bug Fixes
An Appsec asset that has a single, remediated finding in Checkmarx now closes in Cisco Vulnerability Management after a connector run no longer finds the asset.
When you cleared out the notes field for a vulnerability, instead of the note value being set to nil it was set to an empty string (" "). As a result, the note field still contained a value, and the vulnerability was returned when you used the UI to perform a search such as "exists:notes". This issue has been resolved.
April 01, 2024
New Features and Updates
The BugCrowd connector is now available in the EU region.
Bug Fixes
When you uploaded an nMap generated output file containing <hosthint> elements to the CVM nMap connector, a parser error might have occurred. This issue has been resolved.
March 15, 2024
New Features and Updates
Duo Universal Prompt
Cisco Vulnerability Management now supports optionally enabling Duo Universal Prompt. For information about setting it up, refer to the information here.
Perform a full run of a connector
Administrators can now perform full connector runs instead of contacting Cisco Support for assistance. Supported connectors are: QualysGuard Vulnerability Management, Qualys WAS, Veracode, Tenable.io, CrowdStrike, InsightVM, and ServiceNow CMDB.
Bug Fixes
Background jobs were adjusted to better align with EU working hours. However, because the jobs were started late in the evening, some were not complete by midnight. This resulted in gaps in the metrics charts because some data would fall outside the window of being applicable for reporting on a particular day. Now all jobs start at 1 AM to ensure data can finish processing within the same calendar date and prior to the start of business hours.
When you used the UI to produce an export, the number of vulnerabilities returned in the CSV file might have been 0 even when there were vulnerabilities related to the export criteria.
Findings created by the QualysWAS toolkit had the incorrect scanner vulnerability definition description displayed on the AppSec page. This issue is now resolved.
The data on the Known Malware tab on the Vulnerabilities Details page is now scrollable and is paginated.
API Updates
When you used the Search Assets API endpoint and set the exclude_child_filter parameter to “Assets without Vulnerabilities”, the correct assets were returned, but in the results the vulnerability count for the assets showed 1 even when there were no vulnerabilities for the assets. This issue has been resolved.
February 29, 2024
New Features and Updates
Microsoft Defender Connector Enhancements
There are three major enhancements for Microsoft Defender Connector fixes:
- A new title format for fixes that may include one or more of the following components, such as “Vendor Name”, “KB Number”, “Security ID”, and “Security Release Patch Information”.
- Fixes will be created even when the Security Update Reference URL is unavailable from the connector.
- Fixes with CVEs aggregated.
Bug Fixes
Risk Meters that have All selected for the asset status filter did not show any Top Fix Groups.
When you were on the Vulnerability Details page, if you switched away from the Description tab to another tab such as Notes, when you reloaded the page, it reopened on the Description tab instead of the Notes tab. This issue has been resolved.
February 15, 2024
New Features and Updates
Nightly background job regional alignment
Cisco Vulnerability Management now processes background jobs, such as risk meter refreshes, based on the customer’s region. For example, if the customer is in the EU or AJPC regions, the background jobs now start between 1 AM and 5 AM local time.
Bug Fixes
For vulnerabilities created by the Data Importer, the details and solutions fields are now sanitized. For example, characters such as "<>&" might have displayed in the solutions or details body. This issue has been resolved.
Bitsight toolkit connector tasks might have failed with a No Method error when the connector was processing Web Application Security findings. This issue has been resolved.
When you are on one of the tabs (Assets, Vulnerabilities, Fixes) on the VM Explore page, if you reload the page, it now reopens on the correct tab instead of reverting to the Assets tab.
API Updates
The asset_id parameter was removed from the v2 Update Vulnerability and Bulk Update Vulnerabilities API endpoints.
February 01, 2024
New Features and Updates
Forescout Connector
This native-API-based cloud connector uses the Forescout eyeSight modules to connect and provide visibility across your extended enterprise—without disrupting critical business processes. It ingests asset data from devices (such as IT, OT/ICS, IoT and IoMT), ensuring more comprehensive, powerful, flexible and effective threat detection.
For more information, see the following links:
Rapid7 InsightVM Connector
Cisco Vulnerability Management has a new Rapid7 InsightVM connector. Insight VM is Rapid7’s cloud-based solution that pulls data from their on-premises Nexpose consoles. This release has the following capabilities: Asset, Vuln and Fix data.
For more information, see the following links:
- Rapid7 InsightVM Cloud Connector
- Migrating to the Rapid7 InsightVM from Nexpose
- Nexpose On-Premises Connector
Nexpose Connector and Nexpose API Connector locator update
Cisco Vulnerability Management now ensures that DNS short hostnames are mapped to the hostname field, while FQDNs are exclusively mapped to the FQDN field.
Nightly background job regional alignment
Cisco Vulnerability Management now processes background jobs, such as risk meter refreshes, based on the customer's region. For example, if the customer is in the EU or AJPC regions, the background jobs now start between 11 PM and 3 AM local time.
Bug Fixes
When you clicked on the Alternate Fixes Available button, duplicate fixes might have displayed. This issue has been resolved.
When you clicked on the Export CSV button on a Top Fixes page, the report that was generated might not have contained any fixes. This issue has been resolved.
When you export fixes, in the CSV file, the cells in the CVEs column no longer truncate the list of CVEs.
For vulnerabilities created by the Data Importer, the details body was sanitized while the solution and description fields were not. For example, characters such as "<>&" might have displayed in the solutions body while they were encoded in the details body. This issue has been resolved.
Rate limiting on Checkmarx connectors caused runs to fail with 429 errors. This issue has been resolved.
On the AppSec Explore page, custom searches that contained wildcard characters, and values separated by “OR” statements, might not have returned any results. This issue has been resolved.
On the VM Explore page, after you clicked on the Fixes tab, if you selected 2 or more issues to open a Jira ticket for, after you clicked the Jira issue button, in the Jira Connector page, the issues weren’t separated by commas in the Summary field. The issues are now separated by a comma which keeps the field consistent with the other fields.
On the VM Explore page, you can no longer select all vulnerabilities and then deselect individual vulnerabilities.
API Updates
If you are in the EU region, when you used the VI+ Data Snapshot File API endpoint, you might have received a 500 error. This issue has been resolved.
January 15, 2024
Bug Fixes
If the Tenable.io connector encounters a 522 error during a connector run, it now automatically retries the failed API call.
When you are viewing a fix, if there are alternative fixes available, an “Alternative Fixes Available” button displays. If you click the button, alternative fixes display only for connectors that you have a license for.
Microsoft Defender Connector credential verification failed with valid values. This is now resolved.
The Wiz toolkit task failed with the following error “'first' must be less than or equal to 500” when you used the default value or values over 500 in the wiz_page_size parameter, and the import_type was set to ALL or ISSUES. Now the wiz_page_size has been replaced with vuln_page_size (default 5000) and issue_page_size (default 500).
The Insight Appsec toolkit connector now allows you to use the insight_appsec_region_code parameter for the API hostname. Possible regions include: ‘us’, ‘us2’, ‘us3’, ‘eu’, ‘ca’, ‘au’, and ‘ap’.
On the AppSec > Explore page, if you clicked on the Help link beside “Custom Query String”, the example syntax for the Term Existence Checks was invalid. The example was updated to a valid query string.
API Updates
The Create Vulnerability API endpoint was updated so that you now receive a 422 error if you’ve entered an incorrect date format.
December 15, 2023
Bug Fixes
On the AppSec Explore page, after you start typing text in the Custom Query String field, a red X icon that allows you to quickly clear the field now displays.
On the AppSec Explore page, if you used the space bar on a keyboard to enter empty spaces in the Custom Query String field, when you pressed Enter, a search request was started. Now the Custom Query String field requires text before you can start a search.
You can now close findings that were imported using the Data Importer. For more information, see “Managing the Status of Application Security Module Findings”.
When a user with a custom role that only had permissions to view parent risk meters created a child risk meter under a parent risk meter, or an administrator created a child risk meter under a parent risk meter and assigned both to a custom role, the new child risk meter displayed as both a child and parent risk meter in the user’s dashboard. Now child risk meters display only as child risk meters.
On the VM Explore page, if you used the Tab key on a keyboard to enter empty spaces in the Custom Query String field, when you pressed Enter, a search request was started. Now the Custom Query String field requires text before you can start a search.
Vulnerability filters are available for inactive assets if there are open and closed vulnerabilities attached to the assets.
If you are using the ServiceNow Ticketing Connector, you can enter data in the Short Description and Description fields in your custom template and Cisco Vulnerability Management will use that data to populate the fields that display in the ServiceNow Connector page that displays when you click the ServiceNow Ticket button.
If you created a dashboard view that had a name with more than 255 characters, the name did not wrap and displayed incorrectly on the page. Now the dashboard name is limited to 255 characters and displays correctly.
Now when you are creating a new role, and you enter a risk meter name in the search box, if you delete the text and try to enter a new word to search for while the search is ongoing, the search box works correctly and does not stop responding.
After you made changes on the user profile page, you might have been redirected to the legacy “/users” page instead of the “/user_management/users” page.
When you ran the GitHub code scan toolkit task, errors would occur if you specified an organization instead of an individual repository. A new option has been added to specify organizations to import alerts from.
When you ran the GitHub scan for secrets, a nil value replaced the file path. The issue has been resolved and the errors no longer occur.
The Bitsight toolkit connector could create vulnerabilities with names that had more than 255 characters, but subsequent connector runs failed. This is now resolved.
The risk score for assets that have vulnerabilities from multiple connectors is recalculated based on the remaining vulnerabilities from the remaining connectors. For example, a recalculation occurs when you delete a connector.
December 01, 2023
New Features and Updates
Vulnerability Assessment with Cisco Secure Endpoint – Additional supported Applications
Cisco Secure Endpoint now supports macOS 14, macOS 14.1, Logiciel Intel PROSet/Wireless, WhatsApp, Notepad++ (64-bit x64), and Cisco Webex Meetings.
Bug Fixes
On the Fix tab of the Vulnerability Details page, if the description of the fix was long, it displayed incorrectly.
When you were searching for applications to add to an AppSec Stack, all applications that were available might not have displayed in the list. The list size has been increased so that all available applications display.
When you were on the Top Fixes page, if you clicked the "Cherwell Issue" button to open a ticket, the pop-up window might not have displayed. This issue has been resolved and you can now create tickets using the Cherwell Ticketing connector.
When you were on the VM Explore page, if you clicked the "Cherwell Issue" button to open a ticket, the pop-up window might not have displayed, and the Cherwell Issue button might have disappeared. This issue has been resolved and you can now create tickets using the Cherwell Ticketing connector.
When the Mean Time to Remediate graph was calculated, it included any new vulnerabilities that were already closed when they were imported. Now the graph does not include new vulnerabilities that are imported into Cisco Vulnerability Management with a closed status and that do not have a found_on date specified.
API Updates
Now when you use the v1 Update Finding API endpoint to add additional fields, a 500 error does not occur.
November 14, 2023
New Features and Updates
Virtual Tunnel Client: Release – 1.4.6
For users of the Virtual Tunnel, release 1.4.6 adds a lock option to the UI, and a CVE patch to enhance security. To download the Client, click here.
UI Enhancement
Now when you view the description for a vulnerability on the Solutions tab, the information wraps around instead of requiring you to use a scroll bar to see it.
Bug Fixes
On the Fixes tab in VM Explore page, if you selected a filter and then quickly selected another filter, in the background the filter requests were cancelled so that they could be combined into one request. When this happened, an “Invalid search query” error message displayed at the top of the page even though no error had occurred. The incorrect error message no longer displays.
The Wiz connector toolkit produced a 400 Bad Request error when the import type was set to “all” or “issues”.
In certain scenarios, when you exported a report for assets, vulnerabilities, or fixes, the spreadsheet that was returned might have been empty. Now report spreadsheets contain the correct data.
Now when you use the Client Transfer feature to move a user who has an API key, after the transfer is complete, if an administrator edits the user, a 404 error does not occur.
October 2023
New Features and Updates
Microsoft Defender Vulnerability Management and Microsoft Defender for Endpoint Connector
Cisco Vulnerability Management's integration with Microsoft Defender Vulnerability Management and Microsoft Defender for Endpoint enables you to gain deeper insight into your organization's security posture, identify vulnerabilities, and then take proactive measures to enhance your overall defense against security threats.
This release has the following updates:
✅ The export mechanism is switched from paginated API to vulnerability file export, as recommended by Microsoft.
✅ Fix data is now being ingested from MS Defender.
Important! You must set up Microsoft Azure and change the Fixes permission. Otherwise, the connector runs will fail. For more information, see Setting up Microsoft Azure (as part of Configuring Microsoft Defender).
CSV file update for custom fields
Custom fields are now included in the CSV file when you export findings from the AppSec Explore page.
Export enhancements
- In the UI, you can now pick which fields that you want to include in an export of Assets, Fixes, or Vulnerabilities.
- The Asset ID field is now included as a column when you perform a Fix export from the UI.
- You can now choose the compression type that you want to use when exporting data from the UI. The choices are gzip, zip, or none.
- When picking your fields for Assets, Fixes, and Vulnerabilities, you can now use a Select All or Deselect All button to help you quickly pick which fields you want to export. For more information on exporting, refer to the Exporting data from Cisco Vulnerability Management article.
Notes for Asset details
The Notes field on the Asset Details page is now limited to 50,000 characters.
Vulnerability Assessment with Cisco Secure Endpoint – Additional supported Applications
Cisco Secure Endpoint now supports Citrix Work App, Intel Chipset Device Software, VMware Tools, Cisco AnyConnect Start Before Login Module, Visual Studio 2010 Tools 2010 for Office, Windows 8, Windows 8.1, and Alma Linux 9.
For more information about the supported operating systems and applications, see the Vulnerability Assessment with Cisco Secure Endpoint documentation.
UI Enhancement
Now asset groups with long names wrap and display correctly.
API Updates
You can see the latest changes to the API in the API changelog.
New v2 Findings endpoints
The following new v2 API endpoints are available for Findings: Show, Search, Create, Update, Bulk Update, and Bulk Delete.
Updated v2 Custom Field Definitions endpoints
The v2 API endpoints for Custom Field Definitions now support “finding” as a custom field definition type.
Updated v1 Data Exports endpoints
The v1 API endpoints for Data Exports now support Findings.
Notes parameter update
The Notes parameter for update, bulk_update, and create APIs for assets and vulnerabilities is now limited to 50,000 characters.
Custom field date type
In the V1 Vulnerabilities endpoint, the date type value for custom fields must be an ISO-8601 date-time formatted value (YYYY-MM-DDTHH:MM:SS). Such as 2023-10-10T00:00:00.
Vulnerability and Findings endpoint updates
When you are using the Show Vulnerabilities, Search Vulnerabilities, Search Findings, and Show Findings API endpoints to search custom fields for a date type, the matching custom fields are found, and the appropriate vulnerabilities or findings are found.
API Documentation Update
The API documentation for the Bulk Update Vulnerabilities endpoint incorrectly listed asset_id as a field that could be updated. The documentation was updated to remove asset_id from the list of available fields.
Bug Fixes
- On the AppSec Explore page, if you selected the current Findings that displayed (for example, 10 findings displayed on the page), and updated the status of the Findings, all Findings were updated not just the ones that displayed. Now when you select and update Findings, only the ones that display on the page are updated.
- The Total Findings Risk Scores now match on the AppSec Explore and AppSec Reporting pages.
- For date-type custom fields in both VM and AppSec, the timestamp captured for the date did not match between the Explore pages and the Details pages. Now the VM Explore, Vulnerability Details, AppSec Explore, and Findings Details pages all use the same timestamp when dates are set.
- Now the hosted toolkit doesn’t run out of memory when trying to parse Netsparker API responses.
- Assets that were imported with no vulnerabilities used the global asset inactivity limit instead of the connector-level inactivity limit. Now the asset inactivity limit is set based on the largest inactivity limit of the connector that the asset was imported from.
- An error message no longer displays in the Connector Status Message field on a Connector details page when no error has occurred.
- Now the Qualys WAS connector creates Findings in AppSec instead of Vulnerabilities in VM when the AppSec Findings model is enabled.
- On the VM Explore and AppSec Explore pages, when you click on a filter, the numbers beside the entries are updated immediately and the pages do not require a refresh.
September 2023
New Features and Updates
Cisco Secure Endpoint – Additional supported Applications
Cisco Secure Endpoint now supports Cisco AnyConnect Secure Mobility Client, Microsoft OneDrive, Microsoft Silverlight, Microsoft Teams, and Zoom.
For more information about the supported operating systems and applications, see the Cisco Secure Endpoint documentation.
Toolkit: Cylera Connector
Cisco Vulnerability Management now has a Cylera toolkit connector.
Cylera focuses on securing and managing connected medical devices, IoMT and IoT, and safeguarding patient data that is of paramount importance in the healthcare industry.
The Cylera connector ingests asset, tag, and vulnerability data allowing you to consolidate asset and vulnerability data across your ecosystems in Cisco Vulnerability Management for effective management of risks to your assets. For more information, see the Toolkit: Cylera Connector.
API
You can see the latest changes to the API in the API changelog.
API documentation update
The API documentation was updated to indicate that a file can be a primary locator, and that an application is required when the primary_locator is a file.
Deprecated fields
In the Search Vulnerabilities and Request Data Exports endpoints, the has_known_exploits, has_known_malware, prioritized, and top_exploit fields were deprecated.
Findings parameter update
The V1 findings API requires a `status` parameter when the `closed_at` parameter is passed. The value of the `status` parameter must be one of the valid closed statuses. This implies that both `closed_at` and `status` will be updated. The `closed_at` parameter should be an ISO-8601 date-time formatted value.
Bug Fixes
Cisco Vulnerability Management now creates all assets and applications that come in during a Whitehat Sentinel connector run.
Now if a fix has data associated with it in the database, in the fix export report those fixes do not contain a null value.
If you created AppSec stacks using the API, when you opened the AppSec > Stacks page in the UI, even though the stacks were created successfully, an error message might have displayed. This issue was caused because the limit of the number of stacks that could be displayed on the page was 30. This limit has been increased to 100.
The timeout limit for the Tenable Nessus API connector was increased to allow for more time when downloading large export files.
The application risk meter score now displays only the open findings' scores instead of including the closed ones as well.
Tags that come in during a Qualys connector run are now included in payloads and assets.
You can search for an asset using file_locator and application_locator when a file is the primary_locator.
A check was added to the Download Zipped Vulnerability Data API endpoint so that it now returns the nightly vulnerability data export in the correct format.
On the VI Explore screen, the count badges beside the filter options are now anchored to remain aligned when you resize the browser window.
If you submit a request with the closed_at parameter, it now requires a status parameter to complete an update to a Finding. The status must include one of the closed status options in the request. If you choose to use the status parameter by itself, the closed_at parameter will be updated using the timestamp of the request to populate the value. The closed_at parameter requires the date-time to be specified in ISO 8601 format.
August 2023
New Features and Updates
Virtual Tunnel Client: Release – 1.4.4
For users of the Virtual Tunnel, release 1.4.4 introduces an X-App-Version header to requests to help track app/os/kernal/openvpn versions in log files. To download the Client, click here.
Virtual Tunnel Client: Release – 1.4.5
For users of the Virtual Tunnel, release 1.4.5 fixes an issue that occurred when using proxy configuration that prevented the proper configurations from saving after restarting the VM. To download the Client, click here.
Cisco Secure Endpoint – Additional supported Operating Systems and Applications
Cisco Secure Endpoint now supports macOS13, XCode, Apple Safari, and Google Chrome. For more information about the supported operating systems and applications, see the Cisco Secure Endpoint documentation.
API
You can see the latest changes to the API in the API changelog.
Exporting fixes
- You can now pick which fields are returned when you export fixes. For more information, see the Request Data Export endpoint documentation.
- All undocumented fields are removed from the gzip response file.
- scanner_ids will be an array of strings in the gzip response file.
Historical Mean Time To Remediate by Risk Level endpoint updates
The following two Historical Mean Risk Level endpoints have these more concise names: “Historical Mean Time To Remediate Findings by Risk Level” and “Historical Mean Time To Remediate Vulnerabilities by Risk Level.”
ServiceNow Search Vulnerabilities endpoint update
The ServiceNow Search Vulnerabilities endpoint has a 200K limit for vulnerabilities that are returned when a search ID is provided in the query parameter.
Bug Fixes
When you create a child risk meter with a name that has more than 255 characters, an error message is displayed that informs you that you must edit the name.
Users that have the correct permissions can now edit asset locators successfully.
If you don’t provide a search ID when you’re using the ServiceNow Vulnerability Search endpoint, there is no limit to the number of records returned.
Vulnerabilities that show a state of “Active” in Tenable.io now display as open in Cisco Vulnerability Management.
When you navigate to AppSec > Explore, in the right-hand panel, select the Connector Name and then any connector, only findings from the connector selected are returned.
On the AppSec Explore page, when you search a term with a wildcard, the correct findings are returned if all the other criteria match.
The Cisco Vulnerability Management Jira Ticketing integration now supports Jira 9.0+.
When a Jira connector is using the Kenna Virtual Tunnel, credentials can be updated and saved in the UI.
The Audit Logs endpoint now logs additional event data.
________________________________________
For past release notes, see the Archived Cisco Vulnerability Management Release Notes.
Comments
Article is closed for comments.