Cisco Vulnerability Management Release Notes and Bug Fixes

August 2023

New Features and Updates

Virtual Tunnel Client: Release – 1.4.4

For users of the Virtual Tunnel, release 1.4.4 introduces an X-App-Version header to requests to help track app/os/kernal/openvpn versions in log files. To download the Client, click here.

Virtual Tunnel Client: Release – 1.4.5

For users of the Virtual Tunnel, release 1.4.5 fixes an issue that occurred when using proxy configuration that prevented the proper configurations from saving after restarting the VM. To download the Client, click here.

Cisco Secure Endpoint – Additional supported Operating Systems and Applications

Cisco Secure Endpoint now supports macOS13, XCode, Apple Safari, and Google Chrome. For more information about the supported operating systems and applications, see the Cisco Secure Endpoint documentation.

 API

You can see the latest changes to the API in the API changelog.

Exporting fixes

• You can now pick which fields are returned when you export fixes. For more information, see the Request Data Export endpoint documentation.
• All undocumented fields are removed from the gzip response file.
• scanner_ids will be an array of strings in the gzip response file.

Historical Mean Time To Remediate by Risk Level endpoint updates

The following two Historical Mean Risk Level endpoints have these more concise names: “Historical Mean Time To Remediate Findings by Risk Level” and “Historical Mean Time To Remediate Vulnerabilities by Risk Level.”

ServiceNow Search Vulnerabilities endpoint update 

The ServiceNow Search Vulnerabilities endpoint has a 200K limit for vulnerabilities that are returned when a search ID is provided in the query parameter.

Bug Fixes

When you create a child risk meter with a name that has more than 255 characters, an error message is displayed that informs you that you must edit the name. 

Users that have the correct permissions can now edit asset locators successfully. 

If you don’t provide a search ID when you’re using the ServiceNow Vulnerability Search endpoint, there is no limit to the number of records returned. 

Vulnerabilities that show a state of “Active” in Tenable.io now display as open in Cisco Vulnerability Management. 

When you navigate to AppSec > Explore, in the right-hand panel, select the Connector Name and then any connector, only findings from the connector selected are returned. 

On the AppSec Explore page, when you search a term with a wildcard, the correct findings are returned if all the other criteria match.

The Cisco Vulnerability Management Jira Ticketing integration now supports Jira 9.0+. 

When a Jira connector is using the Kenna Virtual Tunnel, credentials can be updated and saved in the UI. 

The Audit Logs endpoint now logs additional event data. 

 

July 2023

New Features and Updates

Rebranding

Kenna.VM is now Cisco Vulnerability Management, and Kenna Security logos and text references now use Cisco’s naming conventions and logos.

The only impact on functionality is that CSV Exports no longer include the column name “Kenna Fix ID” for Fixes and Top Fix Groups and instead reference this column as "Fix ID". If you are using any scripts to extract this column name, ensure you update them to incorporate this change.

Risk Meter Editing

The edit risk meter button stated “Name/Permissions” even if the user didn’t have the ability to edit the name. Now the button states “Name/Permissions” for administrator users, and “Name” for non-administrator users.

KDI Importer Findings for Kenna.AppSec and Cisco Vulnerability Management 
In Kenna.AppSec, when you use the KDI connector to ingest vulnerability data, the connector creates findings only when the Findings attribute is in the asset payload. 
In Cisco Vulnerability Management, the KDI connector creates findings if the assets payload contained the following attributes:

[:asset][:url]

[:asset][:application]

[:asset][:file]

[:asset][:locator][:url]

[:asset][:locator][:application]

[:asset][:locator][:file]

If you are a Cisco Vulnerability Management (formerly Kenna.VM) customer and want to continue to see findings in VM, contact Support and ask them to enable the Import Legacy Findings setting.

If you are a Kenna.AppSec customer, you can use the Findings attribute in the asset payload to create them.

Kenna Risk Score now Incorporates Exploit Prediction Scoring System (EPSS) Scores

The Kenna Risk Score previously predicted if a vulnerability was Easily Exploited. With the adoption of the latest version of EPSS, the Kenna Risk Score now looks at the probability of a vulnerability having an Active Internet Breach, and factors it into the overall Kenna Risk Score.

Crowdstrike Connector

The Connector now ingests fix and recommendation data from your Crowdstrike scanner, and you will now see fix details for CrowdStrike in your VM UI. To establish the API connection and use the required data mappings, see the Fix Data Mappings section in the CrowdStrike Connection article.  
Note: This supported fix and recommendation data is only for newly created fixes. Currently, it does not update existing fixes, so it is not backwards compatible.

API

You can see the latest changes to the API in the API changelog.

Export vulnerability details

You can now use the API to export vulnerability details. For more information, see the Request Data Export endpoint documentation.

Pick which fields to export for assets and vulnerabilities

You can now pick which fields are returned in asset and vulnerability exports. For more information, see the Request Data Export endpoint documentation.

Custom fields export

When no VM custom fields are defined, vulnerability exports will return custom_fields: [].

Export Details update

When you export details about a vulnerability, the “connector_definition_name” is now “connector_name”.

 

Bug Fixes

The Cisco EULA now links to the Privacy policy instead of the Product Specific Terms. 

When a Tenable.io connector run was performed, it might have intermittently failed because of an SSL error. 

The ServiceNow CMDB connector settings page no longer returns a 500 error when an unresolvable host is set. 

If the name of a child risk meter contained an underscore character (_), the name did not wrap and displayed incorrectly. Now if the name of a child risk meter is long, the text wraps and displays correctly. 

Checkmarx XML payloads no longer fail if a timestamp is unparseable. 

Users might have seen different industries listed on their Mean Time to Remediate and Total Risk Score Over Time graphs. 

 

June 2023

New Features and Updates

Changes to Custom Fields in Cisco Vulnerability Management (formerly Kenna.VM)

Cisco Vulnerability Management now supports the same data types as custom fields in AppSec. In addition to the existing numeric data type, the following data types are supported:

• Date: Supports a searchable calendar date
• Short string: Maximum of 50 characters
• Long string: Maximum of 500 characters
• Dropdown menu: List of static choices that appears when you click on a title
• Attachment: Supported file types are PDF, JPEG, JPG, PNG, and XLSX. Maximum size of 2 MB

For more information about creating custom fields, see Creating a Custom Field.

Vulnerability Endpoints

The vulnerability endpoints in Kenna API V2 now also support custom fields.

Vulnerabilities tab of the VM Explore page

On the Vulnerabilities tab of the VM Explore page, when you click Display, if you have 10 or more fields, a scroll bar appears beside the list, making it easier to scroll through the available fields.

API

You can see the latest changes to the API in the API changelog. 

Rate Limit

The Error documentation has been updated to include more information about the rate limit. For more information, see the API documentation.

Bug Fixes

• Now when vulnerabilities are created in Cisco Vulnerability Management (formally Kenna.VM), only CVEs are included in the Findings sections of the KDI, and they open as findings.
• A custom field created with a long name from the Cisco Vulnerability Management Explore page, now displays with its correct name in the Edit window.
• Vulnerability scores are now rounded to the nearest whole number rather than displaying with a decimal point.
• When the Black Duck Hub Connector sent a GET request for vulnerability reports with a valid authentication token, a 401 error no longer returns. Now, GETs retrieve valid vulnerability reports and then the data is ingested.
• When you set the priority of an asset in a MS Defender Connector run to a value other than the default value of 10, the asset priority no longer resets to the default value on subsequent connector runs.
• The count for the number of records in the stream record count is now accurate.
• When you try to create or edit application locators with a name that already exists, AppSec now informs you that there is a duplicate name, and you can now fix it before the application locators are applied.

June 7, 2023: Special Update

Introducing Vulnerability Assessment with Cisco Secure Endpoint!

Cisco Vulnerability Management (formerly Kenna.VM) is now integrated with Cisco Secure Endpoint. Use it for the following things:

• Do end-to-end Cisco asset data gathering
• Improve vulnerability detection and analysis
• Enhance your reporting

For more information, see the Cisco Security blog post and the Cisco Secure Endpoint  documentation.

May 2023

New Features and Updates

Toolkit: Snyk V2 Connector

The findings of this Connector have multiple identifiers associated to them. Now, when these findings are ingested, the findings ID is split, and then new findings are created for all the unique identifiers. So, the findings are separated, indexed and searchable.

Important: All previous findings will change to a Completed state. A new connector run will reindex findings. If you are tracking a specific finding by an ID, you must re-point to the new identifier. For more information, see the readme.md.

Custom Fields pagination

Added Pagination to the Settings > Custom Fields page. Custom fields are displayed page by page, rather than one long list.

API

You can see the latest changes to the API in the API changelog. 

The following changes have been made to the API V2:

New Vulnerability APIs

We’ve added the following vulnerability APIs, that provide access to custom fields for a vulnerability:

• Show
• Update
• Bulk Update
• Search
• List

Bug Fixes

On the VM Explore page, when you click Display and scroll to the bottom of the page, the Display menu options no longer overlap the main navigation bar at the top of the page.

Previously, when you applied an SLA that had a fix published date as the due date basis to a vulnerability that did not have a fix, a due date was applied.

On the VM Explore page, in the Search help, the example syntax for the Term Existence Check was updated so that it works when it is pasted into the search box.

If there is a timeout enforced, the Tripwire (IP360) connector now renews sessions by setting a shorter lookback to a successful run, resolving the API error, and ingesting the reports (audits).

 

April 2023

New Features and Updates

Amazon Web Services (AWS) Inspector V2: Toolkit Release

The AWS Inspector V2: Toolkit Release is a vulnerability management and scanning service for AWS workloads. It captures vulnerabilities and unintended network exposures. It can scan Elastic Compute Cloud (EC2) instances and Amazon ECR Container images. For detailed information about the AWS Inspector V2, see the README.md in GitHub.

Note: The AWS Inspector V1 (now named Classic) Toolkit connector is supported until a full migration occurs.  

Virtual Tunnel Client: Release – 1.4.3

For users of the Virtual Tunnel, the current release 1.4.3 makes it easier to start, simplifies the UI to reduce confusion, and improves your overall user experience. In addition, there was an issue with network requests when using proxy configurations. This problem is now fixed.

Deduplicate CrowdStrike assets against Wiz assets using the EC2 Instance ID

The Wiz toolkit connector is updated to pull in the EC2 Instance ID. Now the Wiz toolkit connector consumes five points of asset locator information, including the External ID, MAC address, IP address, Hostname and the EC2 Instance ID. This update fosters deduplication capabilities with inbound data sources, such as CrowdStrike, so you can use it to deduplicate CrowdStrike assets against Wiz assets using the EC2 Instance ID. For more information, see Running the Wiz task.

API

You can see the latest changes to the API in the API changelog. 

Pick Your Fields for Asset Exports in the Request Data Export API Endpoint

You can now select the fields to be used for an asset export in the Request Data Export API Endpoint. This update has the following criteria:

• Field selection is specific to the asset model in the Request Data Export endpoint.
• Selecting fields is specific to the API and not supported in the UI.
• You cannot combine field selection with slim exports.

For a complete list of the fields supported, scroll down to the BODY PARAMS section on the Retrieve Data Export page. 

Bug Fixes

The following bugs are fixed:

When creating a risk meter, you can’t specify the roles that can access it

Problem: When you created risk meters (asset groups), you couldn’t select roles that could access the risk meter, because the Roles drop-down list was empty. 

Fix: The Roles drop-down list is now populated, and you can select from it. 

The Updated On date and Last Updated fields displayed different dates

Problem: The Updated On date on the Vulnerability CVE Description detail page, and the Last Updated field on the Vulnerability Intel Explore page were populated from different fields, so they had different dates. 

Fix: The fields now use the “Last Modified Date” information, so they display the same date.  

The error message for failed connector runs didn't provide useful information 

Problem: When a connector run found corrupted files, it failed and returned a generic buffer error that wasn't informative for users.

Fix: Now, when a connector run fails because of corrupt files, the following error message displays: "There was an error running the [Name of connector] connector. Please try again. If you continue to encounter issues, please contact Support."

The Create Vulnerability API didn't update notes correctly

Problem: When you used the Notes parameter in the Create Vulnerability API, the note was also applied to the associated asset.

Fix: Notes are now applied only to the vulnerability that is being created.

The Lacework toolkit syncs fewer records than expected

Problem: The hosted Lacework toolkit imported fewer records than expected.

Fix: All records returned through the API are now processed.

The Lacework connector didn't import all CVE vulnerability details

Problem: The Lacework connector didn't import all the CVE vulnerability details into Cisco Vulnerability Management.

Fix: This connector now imports all CVE vulnerability details.

March 2023

New Features and Updates

Changes to the CrowdStrike Connector

The CrowdStrike Connector using Spotlight supports vulnerability scanners in Kenna. It has its own default locator order, so it does not use the Kenna default locator order. Now, CrowdStrike Asset Data Mapping fields include a new EC2 asset locator to deduplicate data. For more information, see the CrowdStrike Connector.

Hierarchical Risk Meters

All new customers can now create hierarchical risk meters by default. If you are an existing customer and want to have access to this feature, contact Customer Support and request to have it enabled on your account. For more information about hierarchical risk meters, see Getting Started with Hierarchical Risk Meters and Navigating Groups in VM Explore. 

API

You can see the latest changes to the API in the API changelog. 

Exports

Pick your fields for asset exports is added as an option to Request Data Export.

New Vulnerability APIs

These vulnerability APIs enhance existing custom field support and introduce new data types. The new endpoints use V2 as the API URL. To use these APIs, you have to switch to using V2 URLs. The V1 endpoints will be supported for a minimum of 12 months.

Remediation Scores

The remediation scores are added to List Asset Groups API and Show Asset Group API.

The following changes have been made to the Kenna API V1:

Changes to Resources section

Added "Counting Closed Vulnerabilities" blog entry to Resources.

Changes to Request Data Export 
Fixed typos and removed "custom_fields" from input body parameters in Request Data Export.

Changes to Update Asset Group

Updated some parameters in Update Asset Group. Removed "historical" parameter.

Bug Fixes

The following bugs are fixed:

Connector runs using corrupted files fail with generic error message

Problem: When a connector run fails because of corrupt files, it returns the default error message, which doesn’t provide any information about why the error occurred. It should return a more descriptive message.

Fix: When this error occurs, the following error message is returned: "Could not decompress the uploaded file(s) [file_name]. Please ensure the file(s) are .nessus format, uncompressed, or in a valid zip archive. If the error persists after a successful validation, please contact Support."

Links to Risk Meters in the Alert Section return an error

Problem: The problem occurs for alerts that indicate changes in the group risk score. When you click one of these alerts, it goes to the Dashboard and displays an error “Risk Meter Not Found.” It should display the risk meter associated with the alert.

Fix: The risk meter is now displayed.

VI Data Mismatch

Problem: The Updated On date shown on a Vulnerability CVE Description detail page and the Last Updated field on the VI Explore page can display different values because they are sourced from different places.

Fix: The “last modified” date for the CVE is now displayed.

February 2023

General

Remediation Scores Available in Your Test Account

If you have Kenna Premier Tier and have purchased a test account, you can now see Remediation Scores in your test account before you go live to users in production.

Changes to the Tanium Comply File-Based Connector

The way this connector generates asset vulnerability data has improved. Kenna uses this data, along with asset risk data reported by other connectors, to calculate a risk score for the assets in your environment, providing you with enhanced risk posture and security.  

Depending on if you have an On-Prem or Cloud version of Tanium, you may need to use a different method to download the Tanium input file.

For more information, see "Tanium Comply File-Based Connector."

Changes to Rapid7 Nexpose Connector

The Rapid7 Nexpose connector can import hostname and Fully Qualified Domain Name (FQDN) to use in asset deduplication.

To benefit from this improvement immediately, you must clear your asset data, which refreshes your asset deduplication. Contact the Kenna Support team and ask them to clear your asset data. Be sure to say that you want to clear only assets and vulnerabilities and keep connectors and risk meter data.

Note: If you don’t clear your asset data, the duplicate assets persist until they become inactive and are removed from the system.

For more information about how Kenna deduplicates assets, see "Rapid7 (Nexpose or InsightVM) Connectors - API and XML" and "Understanding Locator Order."

Changes to the Qualys WAS Connector

We’ve added support for the following Qualys regions :

• US4
• Qualys AE
• Qualys UK
• Qualys AU

For more information about the Qualys WAS connector, see "QualysWAS Connector."

API

You can see the latest changes to the API in the API changelog. 

The following changes are coming soon.

New Vulnerability APIs

These vulnerability APIs enhance existing custom field support and introduce new data types. The new endpoints use v2 as the API URL. To use these APIs, you will have to switch to using v2 URLs. The v1 endpoints will be supported for a minimum of 12 months.

Remediation Scores

The remediation scores will be added to List Asset Groups API and Show Asset Group
API.

The following changes have been made to the Kenna API V1:

Changes to Retrieve Data Export

The following changes have been made to the Retrieve Data Export API:

• New message with 400 HTTP status code: "Cannot retrieve a failed or cancelled export"
• New message with 400 HTTP status code: "Export Not Found"
• 404 HTTP status code and message has been removed

Changes to the Introduction

The following changes have been made to Kenna Platform API Introduction section and the Guides section:

• Authentication renamed to API Authentication
• HTTP Status codes moved to Errors
• Downloading Export Files and User-Agent moved to Guides

Bug Fixes

The following bugs are fixed:

Sonatype Agent Connector Runs Fail

Problem: The Sonatype connector runs failed due to missing agent file (client_file) uploads. The IP whitelisting process was blocking the agent file uploads.

Fix: The IP whitelisting process now uses the correct customer IP address. We also changed the way Kenna processes IP addresses from X-Forwarded-For headers for clients with SAML enabled.

Error When Viewing Alerts

Problem: When trying to view Alerts, you receive an error. The page can’t load because of a large number of unacknowledged alerts.

Fix: We’ve improved the performance of the Alerts page by making the following changes to it:

• Added pagination (displaying alerts page by page, rather than one long list)
• Added filtering by alert type

Prisma Connector Assets are Not Deleted

Problem: Prisma Connector Assets reach their asset purge setting limit but are not deleted. During the connector run, assets not seen by the connector are inactivated, and the inactive_at date is not set. Deleting an asset depends on the inactive_at date so the asset is not deleted.

Fix: We changed the processing so that when a connector is inactivated, the inactive_at field is populated, and the deletion process works as designed.

Bulk Delete Vulnerabilities API Endpoint Fails

Problem: Bulk delete requests fail with a 504 response. The error occurs because the requests include vulnerability IDs with large numbers of scanner vulnerabilities.

Fix: We improved the performance of the batch processing of bulk delete requests.

Snyk v2 Toolkit Task Does Not Apply Changes

Problem: The projectName_strip_colon setting on the Snyk v2 toolkit task does not apply its changes, resulting in incorrect application_locator values. Incorrect application_locator values can affect the asset selection when the data is imported.

Fix: We corrected the problem in the Snyk v2 toolkit task so that the change is applied.

January 2023

General

Subscription End Date 

An administrator can see the Kenna subscription end date on the License page. For more information about licenses, see Kenna License Entitlement FAQ.

Figure 1: Subscription end date

Changes to Kenna.VM utilization email notifications

An administrator can configure the level of email notifications for Kenna.VM utilization. 

If entitlement enforcement is on, administrators receive email notifications when Kenna.VM utilization is at 80%, 90%, and 100%. Administrators can disable the 80% and 90% email notification on the Alerts page.

Figure 2: Configuring level of notification for asset entitlement usage

To configure the level of email notifications, hover over the gear icon (Settings),and in the menu, click Alerts.

Figure 3: Selecting the Alerts page

Changes to Export

The success banner displays the Export ID when you export from Explore or the Top Fixes page. Use the Export ID to quickly query the status of the export in the API or search the VM Activity table.

Figure 4: Export ID displayed in success banner

Changes to Explore

In Explore, on the Assets tab, you can display Asset ID in the asset list. The Asset ID can be useful when you are using the Kenna API and for the Customer Support Team.

Figure 5: Export ID displayed in Assets list

To show Asset ID in the asset list, click Display, and select the Asset ID checkbox from the list. 

Figure 6: Configuring Asset ID to be displayed

Changes to Crowdstrike

If an asset in Crowdstrike has a Fully Qualified Domain Name (FQDN) or NetBIOS name, the values are imported into Kenna and are used in asset deduplication. 

For more information about how Kenna deduplicates assets, see Crowdstrike Connector and Understanding Locator Order.

Changes to Zero Day Vulnerability Intelligence license indicator

The tooltips for the Zero Days facet have been improved to clarify when the Zero Day Vulnerability Intelligence feature is enabled. 

When you hover over the Zero Days facet, the following message displays when the feature is enabled and there are active zero days:

Figure 7: Message indicating that there are zero-day vulnerabilities (feature enabled)

When you hover over the Zero Days facet, the following message displays when the feature is enabled and there are no active zero days: 

Figure 8: Message indicating there are no zero-day vulnerabilities (feature enabled)

When you hover over the Zero Days facet, the following message displays when the feature is disabled. It means that your organization doesn’t have the Premium Tier license that supports the Zero Day Vulnerability Intelligence feature: 

Figure 9: Message indicating Zero Day Vulnerabilities feature is disabled

API

You can see the latest changes to the API in the API changelog. 

The following changes are coming soon.

Export Status Codes and Messages

The export HTTP status codes and response messages are being standardized and updated.
The following changes are being made to the "Retrieve Data Export" API:

• New message with 400 HTTP status code: "Cannot retrieve a failed or cancelled export."
• New message with 400 HTTP status code: "Export Not Found."
• 404 HTTP status code and message will be removed.

Vulnerability APIs

The vulnerability APIs are moving to version v2, which supports better custom field interaction. You’ll see "v2" in the API URL.

Remediation Scores

The remediation scores are being add to "List Asset Groups" and "Show Asset Group".

Virtual Tunnel

The following improvements are in Virtual Tunnel 1.4.2:

• Improvements to the client-user account creation and management process.
• Verification of Internet connectivity when changing an API key through the UI. If no Internet connection is detected, an error message displays, and the API key is not saved.

• Changes to the way commands are executed to improve security. Remotely delivered commands are executed locally, instead of remotely.

You can download VPN Tunnel 1.4.2 from the Software Download page. 

Bug Fixes

The following bugs are fixed: 

Links on VM Activity page

The VM Activity page displays a list of all exports. The download links on the VM Activity page for Findings were broken. These links have been fixed, and you can download Findings exports.

For more information about exports, see Exporting data from Kenna.

Assets affected by a fix in ServiceNow ticketing description filters assets incorrectly

Child risk meter filtering didn't work for assets affected by a fix in ServiceNow ticketing description. The filter showed all affected assets in the instance, instead of only affected assets within the scope of the child risk meter. Child risk meter filtering works correctly now. 

December 2022

General

Remediation Analytics and Scoring

Please note that Remediation Score is a Kenna Premier Tier feature.

 

The overall Remediation Score is now color coded to provide better context on the scale. 

The score ranges from 0-100 with higher numbers indicating success across the four metrics of the score. As a security program progresses in maturity, it should strive to increase its score.

Figure 1: Remediation Analytics and Scoring

Figure 2: Remediation and scoring description

November 2022

General

Kenna.VM Premier 

Introducing the availability of Kenna.VM Premier, an advanced tier of Kenna’s flagship risk-based vulnerability management (RBVM) platform.  

In addition to the existing features and functionality of Kenna.VM, the Premier tier adds zero-day vulnerability intelligence from Cisco Talos, remediation analytics and scoring, and access to Kenna’s vulnerability intelligence via both a web-based user interface, and API (also known as “Kenna.VI+”).

 

Figure 1: Remediation Analytics and Scoring

Figure 2: Talos zero-day Vulnerability Intelligence

Figure 3: Kenna Vulnerability Intelligence Dashboard (VI Dashboard)

To learn more about Kenna.VM Premier and its new features, go to the following resources: 

• Cisco Security Blog – Introducing the Kenna.VM Premier
• At a Glance One Pager – Benefits of Kenna.VM Premier
• Remediation Score Guide
• Updated Kenna.VM At-a-Glance
• Updated Kenna.VM Data Sheet

Kenna.VM Premier is generally available on the Cisco GPL, EA 3.0, MSLA buying programs, and is planned for the EA 2.0 buying program later this year. For more information on Kenna.VM Premier, please contact your Partner or Cisco Sales specialist.

API

Virtual Tunnel 1.4.1

• Kenna service account has been removed
• Scanner account name changed to client-user
• Base ISO upgraded to Rocky 8.6
• Adjustments to available crypto cipher packages

Virtual Tunnel 1.4.0

The following security enhancements were added to Kenna Virtual Tunnel 

• Adjustment to default SSL handling.
• Security check for hypervisor support for RDRAND/RDSEED number generation.
• Upgraded file hash generation from SHA1 to SHA2.

CSV Export

• File locator field in now supported in the CSV export

VI+

• Show Vulnerability Definitions has been renamed to List Vulnerability Definitions in Kenna VI+ API documentation.

Note: The URL has not changed, only the name.

Bug Fixes

• Kenna users with roles set to allow asset note editing were unable to edit nil value asset notes 
• In Kenna.AppSec, after Findings reached a closed status it’s custom field values were no longer visible on the Finding detail page
• In Kenna.AppSec, Checkmarx findings mapped last_seen to found date rather than the Checkmarx detection date.

October 2022

General

Microsoft Defender for Endpoint TVM Connector

The Microsoft Defender for Endpoint TVM connector leverages the Advanced Threat Protection (ATP) built-in Threat & Vulnerability Management (TVM) data into your Kenna account.

License Entitlement Enforcement

Kenna began enabling license enforcement within the product. Please see the License Entitlement FAQ for further information. 

CVE Score History in VI+

Users can now see changes to Kenna scoring within the CVE Details page as well as via a Show CVE History VI+ API endpoint.

VI+ UI Enhancements

Users can now filter vulnerabilities to focus on those with remote code execution. CVSS 2 exploit, impact, and temporal scores were added to the UI. CVSS 3 vectors and fields were added to the UI. Vulnerability chatter is now visualized on a graph to show changes over time.

VI+ UI Usability Improvements

Users will now experience a more uniform experience between VM and VI with adjustments to font families, sizing, colors, and component alignment within the application. 

API

Trending Vulnerabilities in VI

Users can now see top Trending Vulnerabilities within the new VI Dashboard and filter based on Most Chatter, Risk Score, and Velocity. This information is also available via a new Get Trending Vulnerabilities VI+ API Endpoint. 

Virtual Tunnel 1.3.0

The 1.3.0 release of the Virtual Tunnel allows customers to run on prem with SCSI storage controllers. Find more information here. 

Bug Fixes

• The parameter max_priority on the Search Vulnerabilities API endpoint was not filtering results correctly.
• The VI+ Vulnerability Trends endpoint response contained unclear/stale data.
• Kenna.AppSec custom fields presented both "Clear" and "Save" buttons on dates, but failed to save when attempting to clear.

• The VI+ Data Snapshot endpoint returned old data without the newest exploits/fixes available.
• The Black Duck Hub agent selector was not displaying on the Connectors page edit modal.
• A change on Qualys' end in the scanner_id mapping for CVE-2021-31166 was creating orphaned vulnerabilities.

September 2022

General

Filter Assets without Vulnerabilities

Kenna.VM customers now have a way to see assets that have no vulnerabilities in Kenna.

Navigate to Explore → Asset Filters → expand Additional Filters → select the Assets without Vulnerabilities checkbox.

API

API Changelog

Kenna customers can now see what's new in the API with the API Changelog. If an item requires advanced notification, it will be added to the "Upcoming Changes" section. Note: The upcoming changes section will not display if there are no upcoming changes.

Bug Fixes

• The Search Findings API endpoint was not returning an infinite number of page results and left out search results.
• For some Kenna.AppSec customers, the Findings Timeline on each application's reporting page showedno results.
• In Kenna.VM, Custom Fields with Dates were being inconsistently displayed in the UI.
• Customers that are configured to use SAML, saw 401 responses to calls to the SLA Adherence endpoint made from the home page. An error displayed on the SLA Adherences graph on the Kenna Homepage.
• For Kenna.AppSec Findings customers, the Reporting Total Risk Score Over Time graph did not use Findings data.
• Within the Bulk Update Assets API Endpoint, users were permitted to edit and/or remove the created_at date field on assets. Now, this field is non editable.

August 2022 

General

Updated CVSS Search Terms

Kenna customers are now able to build Risk Meters based on CVSS v2 and CVSS v3 score terms. This is significant for many customers who need to build risk meters based on CVSS v3 scores for auditors and compliance reporting.

The following fields will be supported in the API, Exports and the custom query box in Explore page(new custom query search terms).The existing CVSS slider will be removed.

1. cvss_v2_score
2. cvss_v2_exploit_subscore
3. cvss_v2_impact_subscore
4. cvss_v2_temporal_score
5. cvss_v3_score
6. cvss_v3_exploit_subscore
7. cvss_v3_impact_subscore
8. cvss_v3_temporal_score

Additionally, CVSS v2 base score will no longer be rounded to the nearest whole number. CVSS v2 severity and temporal scores will still be rounded to the nearest whole number as they are today.

Lock Header in Explore

Within the Explore Page, customers can now lock the header so you don’t lose action buttons as you scroll. For now, the header is unlocked by default.

API

API Server Name

Customers can now view their API server name at the top of the Settings → API Keys page in Kenna.

Additionally, there is now a simple API Docs link in the sidebar. To use the API docs, customers must still manually type in your base URL and API key.

 

Bug Fixes

• The Audit Logs Search API endpoint was not returning a consistent amount of data for identical requests.
• For Kenna.AppSec Findings customers, the Reporting Total Risk Score Over Time graph was not using Findings data.
• Within the Bulk Update Assets API Endpoint, users were permitted to edit and/or remove the created_at date field on assets. Now, this field is non editable.

July 2022  

General 

Export Activity 

Kenna users with an Administrator role can now see exports requested by any user within the platform. 

API 

Solutions in the API 

When exporting solutions in the UI, there is a cap on the information exported. In light of this limitation, we expanded the Show Scanner Vulnerability Details API Endpoint to include any available solutions along with the details for a vulnerability.  This endpoint will only provide a response for 1 vulnerability ID at a time.  

Additional Data Export Status in the API 

Within the Check Data Export Status API endpoint, an enqueued status for exports was added to be more consistent with statuses we offer in Export Activity in the user interface.  This provides a more granular status, and it is consistent with statuses we offer in Export Activity in the user interface. 

June 2022 

General

High Risk Vulnerability Density Benchmark 

Users with access to the Kenna Homepage can now see how many open high-risk vulnerabilities they have on critical assets relative to other companies in their industry. This feature builds on the 2 already existing benchmarks on the Kenna Homepage. Benchmarks in Kenna help customers defend their VM program spend and / or lobby to expand or maintain their budget with data. Metrics are also available via the API. 
 
Vulnerabilities in this benchmark are open and have a Kenna score greater than 66.  

Only active assets are considered. You can filter by asset priority. The asset priority buckets are: 

1. Critical: asset priority 8-10 

1. Medium: asset priority 5-7 

1. Low: asset priority 0-4 

1. All Assets 

Kenna.Appsec Custom Fields 

Kenna.AppSec users can now create custom fields on the findings level to bring in loads of great metadata. The available data field types are Date, Numeric, Short and Long Strings, Text Dropdown, and attachments. You can read more by checking out our help article Creating a Custom Field in Kenna.AppSec. 

API

Kenna.VI API Improvements  

• Users can now better refine the data they are requesting via API to return a list of CVEs using a minimum risk score, active internet breach, remote code execution, or whether a CVE is easily exploitable.   
• Users can limit vulnerability definitions by the state of the CVE (published, reserved, or rejected).   
• Users can define which fields to include in the response for the vulnerability definitions endpoints. 

UI Enhancements

Kenna.VM Enhancements 

The Kenna.VM UI had a few small enhancements made to improve the user experience and interactions within the graphs and home page.   

• Risk meters are now alphabetized on the SLA Setup page.  
• Drop-down menus were updated to align styling across graphs.  
• Tooltip colors were updated, and tooltips were realigned for uniform appearance across the application. 

Bug Fixes

• The number of fixes included in the fixes export did not match the count displayed within the VM Activity page for JSON exports. 
• CSV vulnerabilities exports were occasionally failing due to a scroll time out issue. 
• For AppSec Findings customers using AppSec Explore, CSV Exports disregarded application filters and included all findings in the export. 
• Invalid custom field syntax provided to vulnerabilities bulk update API endpoint will either return either a 422 or 500 code or may silently accept bad data, depending on specific syntax used. 
• Ticket creation for both ServiceNow and Jira was failing due to storing incorrectly formatted hostnames in the connector records.  
• When a ServiceNow service ticket was successfully created on a vulnerability, there were occasional long delays with ticket information being populated in the Kenna platform. 
• ServiceNow Ticketing was also omitting the specified template "caller" value when creating tickets. 
• Some users were receiving multiple emails associated with single events in Kenna. 
• Veracode applications with quotes in their name caused the Veracode toolkit to fail. 

__________________________________________________

For past release notes, see the Archived Kenna Release Notes.