Cisco Vulnerability Management Release Notes and Bug Fixes

April 15, 2024

New Features and Updates

Cisco Vulnerability Management Agent Release – 1.3.2069

For users of the Agent, release 1.3.2069 improves Nexpose connector timeout handling, and adds improved security with DynamicUser execution. To download the Agent, click here.

Bug Fixes

An Appsec asset that has a single, remediated finding in Checkmarx now closes in Cisco Vulnerability Management after a connector run no longer finds the asset.

When you cleared out the notes field for a vulnerability, instead of the note value being set to nil it was set to an empty string (" "). As a result, the note field still contained a value, and the vulnerability was returned when you used the UI to perform a search such as "exists:notes". This issue has been resolved.

April 01, 2024

New Features and Updates

The BugCrowd connector is now available in the EU region.

Bug Fixes

When you uploaded an nMap generated output file containing <hosthint> elements to the CVM nMap connector, a parser error might have occurred. This issue has been resolved.

March 15, 2024

New Features and Updates

Duo Universal Prompt

Cisco Vulnerability Management now supports optionally enabling Duo Universal Prompt. For information about setting it up, refer to the information here.

Perform a full run of a connector

Administrators can now perform full connector runs instead of contacting Cisco Support for assistance. Supported connectors are: QualysGuard Vulnerability Management, Qualys WAS, Veracode, Tenable.io, CrowdStrike, InsightVM, and ServiceNow CMDB.

Bug Fixes

Background jobs were adjusted to better align with EU working hours. However, because the jobs were started late in the evening, some were not complete by midnight. This resulted in gaps in the metrics charts because some data would fall outside the window of being applicable for reporting on a particular day. Now all jobs start at 1 AM to ensure data can finish processing within the same calendar date and prior to the start of business hours. 

When you used the UI to produce an export, the number of vulnerabilities returned in the CSV file might have been 0 even when there were vulnerabilities related to the export criteria. 

Findings created by the QualysWAS toolkit had the incorrect scanner vulnerability definition description displayed on the AppSec page. This issue is now resolved. 

The data on the Known Malware tab on the Vulnerabilities Details page is now scrollable and is paginated. 

API Updates

When you used the Search Assets API endpoint and set the exclude_child_filter parameter to “Assets without Vulnerabilities”, the correct assets were returned, but in the results the vulnerability count for the assets showed 1 even when there were no vulnerabilities for the assets. This issue has been resolved.

 

February 29, 2024

New Features and Updates

Microsoft Defender Connector Enhancements

There are three major enhancements for Microsoft Defender Connector fixes:

  • A new title format for fixes that may include one or more of the following components, such as “Vendor Name”, “KB Number”, “Security ID”, and “Security Release Patch Information”.
  • Fixes will be created even when the Security Update Reference URL is unavailable from the connector.
  • Fixes with CVEs aggregated.

Bug Fixes

Risk Meters that have All selected for the asset status filter did not show any Top Fix Groups. 

When you were on the Vulnerability Details page, if you switched away from the Description tab to another tab such as Notes, when you reloaded the page, it reopened on the Description tab instead of the Notes tab. This issue has been resolved.

 

February 15, 2024

New Features and Updates

Nightly background job regional alignment

Cisco Vulnerability Management now processes background jobs, such as risk meter refreshes, based on the customer’s region. For example, if the customer is in the EU or AJPC regions, the background jobs now start between 1 AM and 5 AM local time. 

Bug Fixes

For vulnerabilities created by the Data Importer, the details and solutions fields are now sanitized. For example, characters such as "<>&" might have displayed in the solutions or details body. This issue has been resolved.

Bitsight toolkit connector tasks might have failed with a No Method error when the connector was processing Web Application Security findings. This issue has been resolved.

When you are on one of the tabs (Assets, Vulnerabilities, Fixes) on the VM Explore page, if you reload the page, it now reopens on the correct tab instead of reverting to the Assets tab.

API Updates

The asset_id parameter was removed from the v2 Update Vulnerability and Bulk Update Vulnerabilities API endpoints.

 

February 01, 2024

New Features and Updates

Forescout Connector

This native-API-based cloud connector uses the Forescout eyeSight modules to connect and provide visibility across your extended enterprise—without disrupting critical business processes. It ingests asset data from devices (such as IT, OT/ICS, IoT and IoMT), ensuring more comprehensive, powerful, flexible and effective threat detection.

For more information, see the following links:

Rapid7 InsightVM Connector

Cisco Vulnerability Management has a new Rapid7 InsightVM connector. Insight VM is Rapid7’s cloud-based solution that pulls data from their on-premises Nexpose consoles. This release has the following capabilities: Asset, Vuln and Fix data.

For more information, see the following links:

Nexpose Connector and Nexpose API Connector locator update

Cisco Vulnerability Management now ensures that DNS short hostnames are mapped to the hostname field, while FQDNs are exclusively mapped to the FQDN field.

Nightly background job regional alignment
Cisco Vulnerability Management now processes background jobs, such as risk meter refreshes, based on the customer's region. For example, if the customer is in the EU or AJPC regions, the background jobs now start between 11 PM and 3 AM local time.

Bug Fixes

When you clicked on the Alternate Fixes Available button, duplicate fixes might have displayed. This issue has been resolved.

When you clicked on the Export CSV button on a Top Fixes page, the report that was generated might not have contained any fixes. This issue has been resolved. 

When you export fixes, in the CSV file, the cells in the CVEs column no longer truncate the list of CVEs. 

For vulnerabilities created by the Data Importer, the details body was sanitized while the solution and description fields were not. For example, characters such as "<>&" might have displayed in the solutions body while they were encoded in the details body. This issue has been resolved. 

Rate limiting on Checkmarx connectors caused runs to fail with 429 errors. This issue has been resolved. 

On the AppSec Explore page, custom searches that contained wildcard characters, and values separated by “OR” statements, might not have returned any results. This issue has been resolved. 

On the VM Explore page, after you clicked on the Fixes tab, if you selected 2 or more issues to open a Jira ticket for, after you clicked the Jira issue button, in the Jira Connector page, the issues weren’t separated by commas in the Summary field. The issues are now separated by a comma which keeps the field consistent with the other fields. 

On the VM Explore page, you can no longer select all vulnerabilities and then deselect individual vulnerabilities. 

API Updates

If you are in the EU region, when you used the VI+ Data Snapshot File API endpoint, you might have received a 500 error. This issue has been resolved.

 

January 15, 2024

Bug Fixes

If the Tenable.io connector encounters a 522 error during a connector run, it now automatically retries the failed API call.

When you are viewing a fix, if there are alternative fixes available, an “Alternative Fixes Available” button displays. If you click the button, alternative fixes display only for connectors that you have a license for.

Microsoft Defender Connector credential verification failed with valid values. This is now resolved.

The Wiz toolkit task failed with the following error “'first' must be less than or equal to 500” when you used the default value or values over 500 in the wiz_page_size parameter, and the import_type was set to ALL or ISSUES. Now the wiz_page_size has been replaced with vuln_page_size (default 5000) and issue_page_size (default 500).

The Insight Appsec toolkit connector now allows you to use the insight_appsec_region_code parameter for the API hostname. Possible regions include: ‘us’, ‘us2’, ‘us3’, ‘eu’, ‘ca’, ‘au’, and ‘ap’.

On the AppSec > Explore page, if you clicked on the Help link beside “Custom Query String”, the example syntax for the Term Existence Checks was invalid. The example was updated to a valid query string.

API Updates

The Create Vulnerability API endpoint was updated so that you now receive a 422 error if you’ve entered an incorrect date format.

 

December 15, 2023

Bug Fixes

On the AppSec Explore page, after you start typing text in the Custom Query String field, a red X icon that allows you to quickly clear the field now displays. 

On the AppSec Explore page, if you used the space bar on a keyboard to enter empty spaces in the Custom Query String field, when you pressed Enter, a search request was started. Now the Custom Query String field requires text before you can start a search. 

You can now close findings that were imported using the Data Importer. For more information, see “Managing the Status of Application Security Module Findings”. 

When a user with a custom role that only had permissions to view parent risk meters created a child risk meter under a parent risk meter, or an administrator created a child risk meter under a parent risk meter and assigned both to a custom role, the new child risk meter displayed as both a child and parent risk meter in the user’s dashboard. Now child risk meters display only as child risk meters. 

On the VM Explore page, if you used the Tab key on a keyboard to enter empty spaces in the Custom Query String field, when you pressed Enter, a search request was started. Now the Custom Query String field requires text before you can start a search. 

Vulnerability filters are available for inactive assets if there are open and closed vulnerabilities attached to the assets. 

If you are using the ServiceNow Ticketing Connector, you can enter data in the Short Description and Description fields in your custom template and Cisco Vulnerability Management will use that data to populate the fields that display in the ServiceNow Connector page that displays when you click the ServiceNow Ticket button. 

If you created a dashboard view that had a name with more than 255 characters, the name did not wrap and displayed incorrectly on the page. Now the dashboard name is limited to 255 characters and displays correctly. 

Now when you are creating a new role, and you enter a risk meter name in the search box, if you delete the text and try to enter a new word to search for while the search is ongoing, the search box works correctly and does not stop responding. 

After you made changes on the user profile page, you might have been redirected to the legacy “/users” page instead of the “/user_management/users” page. 

When you ran the GitHub code scan toolkit task, errors would occur if you specified an organization instead of an individual repository. A new option has been added to specify organizations to import alerts from. 

When you ran the GitHub scan for secrets, a nil value replaced the file path. The issue has been resolved and the errors no longer occur. 

The Bitsight toolkit connector could create vulnerabilities with names that had more than 255 characters, but subsequent connector runs failed. This is now resolved. 

The risk score for assets that have vulnerabilities from multiple connectors is recalculated based on the remaining vulnerabilities from the remaining connectors. For example, a recalculation occurs when you delete a connector.

 

December 01, 2023

New Features and Updates

Vulnerability Assessment with Cisco Secure Endpoint – Additional supported Applications

Cisco Secure Endpoint now supports macOS 14, macOS 14.1, Logiciel Intel PROSet/Wireless, WhatsApp, Notepad++ (64-bit x64), and Cisco Webex Meetings.

Bug Fixes

On the Fix tab of the Vulnerability Details page, if the description of the fix was long, it displayed incorrectly.

When you were searching for applications to add to an AppSec Stack, all applications that were available might not have displayed in the list. The list size has been increased so that all available applications display.

When you were on the Top Fixes page, if you clicked the "Cherwell Issue" button to open a ticket, the pop-up window might not have displayed. This issue has been resolved and you can now create tickets using the Cherwell Ticketing connector. 

When you were on the VM Explore page, if you clicked the "Cherwell Issue" button to open a ticket, the pop-up window might not have displayed, and the Cherwell Issue button might have disappeared. This issue has been resolved and you can now create tickets using the Cherwell Ticketing connector. 

When the Mean Time to Remediate graph was calculated, it included any new vulnerabilities that were already closed when they were imported. Now the graph does not include new vulnerabilities that are imported into Cisco Vulnerability Management with a closed status and that do not have a found_on date specified.

API Updates

Now when you use the v1 Update Finding API endpoint to add additional fields, a 500 error does not occur. 

 

November 14, 2023

New Features and Updates

Virtual Tunnel Client: Release – 1.4.6

For users of the Virtual Tunnel, release 1.4.6 adds a lock option to the UI, and a CVE patch to enhance security. To download the Client, click here.

UI Enhancement

Now when you view the description for a vulnerability on the Solutions tab, the information wraps around instead of requiring you to use a scroll bar to see it. 

Bug Fixes

On the Fixes tab in VM Explore page, if you selected a filter and then quickly selected another filter, in the background the filter requests were cancelled so that they could be combined into one request. When this happened, an “Invalid search query” error message displayed at the top of the page even though no error had occurred. The incorrect error message no longer displays. 

The Wiz connector toolkit produced a 400 Bad Request error when the import type was set to “all” or “issues”. 

In certain scenarios, when you exported a report for assets, vulnerabilities, or fixes, the spreadsheet that was returned might have been empty. Now report spreadsheets contain the correct data. 

Now when you use the Client Transfer feature to move a user who has an API key, after the transfer is complete, if an administrator edits the user, a 404 error does not occur. 

October 2023

New Features and Updates

Microsoft Defender Vulnerability Management and Microsoft Defender for Endpoint Connector

Cisco Vulnerability Management's integration with Microsoft Defender Vulnerability Management and Microsoft Defender for Endpoint enables you to gain deeper insight into your organization's security posture, identify vulnerabilities, and then take proactive measures to enhance your overall defense against security threats.

This release has the following updates:

✅ The export mechanism is switched from paginated API to vulnerability file export, as recommended by Microsoft.

✅ Fix data is now being ingested from MS Defender.

Important! You must set up Microsoft Azure and change the Fixes permission. Otherwise, the connector runs will fail. For more information, see Setting up Microsoft Azure (as part of Configuring Microsoft Defender).

CSV file update for custom fields

Custom fields are now included in the CSV file when you export findings from the AppSec Explore page.

Export enhancements

  • In the UI, you can now pick which fields that you want to include in an export of Assets, Fixes, or Vulnerabilities. 
  • The Asset ID field is now included as a column when you perform a Fix export from the UI.
  • You can now choose the compression type that you want to use when exporting data from the UI. The choices are gzip, zip, or none.
  • When picking your fields for Assets, Fixes, and Vulnerabilities, you can now use a Select All or Deselect All button to help you quickly pick which fields you want to export. For more information on exporting, refer to the Exporting data from Cisco Vulnerability Management article. 

Notes for Asset details

The Notes field on the Asset Details page is now limited to 50,000 characters. 

Vulnerability Assessment with Cisco Secure Endpoint – Additional supported Applications

Cisco Secure Endpoint now supports Citrix Work App, Intel Chipset Device Software, VMware Tools, Cisco AnyConnect Start Before Login Module, Visual Studio 2010 Tools 2010 for Office, Windows 8, Windows 8.1, and Alma Linux 9.

For more information about the supported operating systems and applications, see the Vulnerability Assessment with Cisco Secure Endpoint documentation.

UI Enhancement

Now asset groups with long names wrap and display correctly. 

API Updates

You can see the latest changes to the API in the API changelog.

New v2 Findings endpoints

The following new v2 API endpoints are available for Findings: Show, Search, Create, Update, Bulk Update, and Bulk Delete.

Updated v2 Custom Field Definitions endpoints

The v2 API endpoints for Custom Field Definitions now support “finding” as a custom field definition type.

Updated v1 Data Exports endpoints

The v1 API endpoints for Data Exports now support Findings.

Notes parameter update

The Notes parameter for update, bulk_update, and create APIs for assets and vulnerabilities is now limited to 50,000 characters. 

Custom field date type

In the V1 Vulnerabilities endpoint, the date type value for custom fields must be an ISO-8601 date-time formatted value (YYYY-MM-DDTHH:MM:SS). Such as 2023-10-10T00:00:00.

Vulnerability and Findings endpoint updates

When you are using the Show Vulnerabilities, Search Vulnerabilities, Search Findings, and Show Findings API endpoints to search custom fields for a date type, the matching custom fields are found, and the appropriate vulnerabilities or findings are found. 

API Documentation Update

The API documentation for the Bulk Update Vulnerabilities endpoint incorrectly listed asset_id as a field that could be updated. The documentation was updated to remove asset_id from the list of available fields. 

Bug Fixes

  • On the AppSec Explore page, if you selected the current Findings that displayed (for example, 10 findings displayed on the page), and updated the status of the Findings, all Findings were updated not just the ones that displayed. Now when you select and update Findings, only the ones that display on the page are updated.
  • The Total Findings Risk Scores now match on the AppSec Explore and AppSec Reporting pages.
  • For date-type custom fields in both VM and AppSec, the timestamp captured for the date did not match between the Explore pages and the Details pages. Now the VM Explore, Vulnerability Details, AppSec Explore, and Findings Details pages all use the same timestamp when dates are set.
  • Now the hosted toolkit doesn’t run out of memory when trying to parse Netsparker API responses.
  • Assets that were imported with no vulnerabilities used the global asset inactivity limit instead of the connector-level inactivity limit. Now the asset inactivity limit is set based on the largest inactivity limit of the connector that the asset was imported from.
  • An error message no longer displays in the Connector Status Message field on a Connector details page when no error has occurred.
  • Now the Qualys WAS connector creates Findings in AppSec instead of Vulnerabilities in VM when the AppSec Findings model is enabled.
  • On the VM Explore and AppSec Explore pages, when you click on a filter, the numbers beside the entries are updated immediately and the pages do not require a refresh.

September 2023

New Features and Updates

Cisco Secure Endpoint – Additional supported Applications

Cisco Secure Endpoint now supports Cisco AnyConnect Secure Mobility Client, Microsoft OneDrive, Microsoft Silverlight, Microsoft Teams, and Zoom

For more information about the supported operating systems and applications, see the Cisco Secure Endpoint documentation.

Toolkit: Cylera Connector

Cisco Vulnerability Management now has a Cylera toolkit connector. 

Cylera focuses on securing and managing connected medical devices, IoMT and IoT, and safeguarding patient data that is of paramount importance in the healthcare industry. 

The Cylera connector ingests asset, tag, and vulnerability data allowing you to consolidate asset and vulnerability data across your ecosystems in Cisco Vulnerability Management for effective management of risks to your assets. For more information, see the Toolkit: Cylera Connector.

API

You can see the latest changes to the API in the API changelog.

API documentation update

The API documentation was updated to indicate that a file can be a primary locator, and that an application is required when the primary_locator is a file. 

Deprecated fields

In the Search Vulnerabilities and Request Data Exports endpoints, the has_known_exploits, has_known_malware, prioritized, and top_exploit fields were deprecated.

Findings parameter update

The V1 findings API requires a `status` parameter when the `closed_at` parameter is passed. The value of the `status` parameter must be one of the valid closed statuses. This implies that both `closed_at` and `status` will be updated. The `closed_at` parameter should be an ISO-8601 date-time formatted value.

Bug Fixes

Cisco Vulnerability Management now creates all assets and applications that come in during a Whitehat Sentinel connector run. 

Now if a fix has data associated with it in the database, in the fix export report those fixes do not contain a null value. 

If you created AppSec stacks using the API, when you opened the AppSec > Stacks page in the UI, even though the stacks were created successfully, an error message might have displayed. This issue was caused because the limit of the number of stacks that could be displayed on the page was 30. This limit has been increased to 100. 

The timeout limit for the Tenable Nessus API connector was increased to allow for more time when downloading large export files. 

The application risk meter score now displays only the open findings' scores instead of including the closed ones as well. 

Tags that come in during a Qualys connector run are now included in payloads and assets. 

You can search for an asset using file_locator and application_locator when a file is the primary_locator. 

A check was added to the Download Zipped Vulnerability Data API endpoint so that it now returns the nightly vulnerability data export in the correct format. 

On the VI Explore screen, the count badges beside the filter options are now anchored to remain aligned when you resize the browser window. 

If you submit a request with the closed_at parameter, it now requires a status parameter to complete an update to a Finding. The status must include one of the closed status options in the request. If you choose to use the status parameter by itself, the closed_at parameter will be updated using the timestamp of the request to populate the value. The closed_at parameter requires the date-time to be specified in ISO 8601 format. 

 

August 2023

New Features and Updates

Virtual Tunnel Client: Release – 1.4.4

For users of the Virtual Tunnel, release 1.4.4 introduces an X-App-Version header to requests to help track app/os/kernal/openvpn versions in log files. To download the Client, click here.

Virtual Tunnel Client: Release – 1.4.5

For users of the Virtual Tunnel, release 1.4.5 fixes an issue that occurred when using proxy configuration that prevented the proper configurations from saving after restarting the VM. To download the Client, click here.

Cisco Secure Endpoint – Additional supported Operating Systems and Applications

Cisco Secure Endpoint now supports macOS13, XCode, Apple Safari, and Google Chrome. For more information about the supported operating systems and applications, see the Cisco Secure Endpoint documentation.

 API

You can see the latest changes to the API in the API changelog.

Exporting fixes

  • You can now pick which fields are returned when you export fixes. For more information, see the Request Data Export endpoint documentation.
  • All undocumented fields are removed from the gzip response file.
  • scanner_ids will be an array of strings in the gzip response file.

Historical Mean Time To Remediate by Risk Level endpoint updates

The following two Historical Mean Risk Level endpoints have these more concise names: “Historical Mean Time To Remediate Findings by Risk Level” and “Historical Mean Time To Remediate Vulnerabilities by Risk Level.”

ServiceNow Search Vulnerabilities endpoint update 

The ServiceNow Search Vulnerabilities endpoint has a 200K limit for vulnerabilities that are returned when a search ID is provided in the query parameter.

Bug Fixes

When you create a child risk meter with a name that has more than 255 characters, an error message is displayed that informs you that you must edit the name. 

Users that have the correct permissions can now edit asset locators successfully. 

If you don’t provide a search ID when you’re using the ServiceNow Vulnerability Search endpoint, there is no limit to the number of records returned. 

Vulnerabilities that show a state of “Active” in Tenable.io now display as open in Cisco Vulnerability Management. 

When you navigate to AppSec > Explore, in the right-hand panel, select the Connector Name and then any connector, only findings from the connector selected are returned. 

On the AppSec Explore page, when you search a term with a wildcard, the correct findings are returned if all the other criteria match.

The Cisco Vulnerability Management Jira Ticketing integration now supports Jira 9.0+. 

When a Jira connector is using the Kenna Virtual Tunnel, credentials can be updated and saved in the UI. 

The Audit Logs endpoint now logs additional event data. 

 

July 2023

New Features and Updates

Rebranding

Kenna.VM is now Cisco Vulnerability Management, and Kenna Security logos and text references now use Cisco’s naming conventions and logos.

The only impact on functionality is that CSV Exports no longer include the column name “Kenna Fix ID” for Fixes and Top Fix Groups and instead reference this column as "Fix ID". If you are using any scripts to extract this column name, ensure you update them to incorporate this change.

Risk Meter Editing

The edit risk meter button stated “Name/Permissions” even if the user didn’t have the ability to edit the name. Now the button states “Name/Permissions” for administrator users, and “Name” for non-administrator users.

KDI Importer Findings for Kenna.AppSec and Cisco Vulnerability Management 
In Kenna.AppSec, when you use the KDI connector to ingest vulnerability data, the connector creates findings only when the Findings attribute is in the asset payload. 
In Cisco Vulnerability Management, the KDI connector creates findings if the assets payload contained the following attributes:

[:asset][:url]

[:asset][:application]

[:asset][:file]

[:asset][:locator][:url]

[:asset][:locator][:application]

[:asset][:locator][:file]

If you are a Cisco Vulnerability Management (formerly Kenna.VM) customer and want to continue to see findings in VM, contact Support and ask them to enable the Import Legacy Findings setting.

If you are a Kenna.AppSec customer, you can use the Findings attribute in the asset payload to create them.

Kenna Risk Score now Incorporates Exploit Prediction Scoring System (EPSS) Scores

The Kenna Risk Score previously predicted if a vulnerability was Easily Exploited. With the adoption of the latest version of EPSS, the Kenna Risk Score now looks at the probability of a vulnerability having an Active Internet Breach, and factors it into the overall Kenna Risk Score.

Crowdstrike Connector

The Connector now ingests fix and recommendation data from your Crowdstrike scanner, and you will now see fix details for CrowdStrike in your VM UI. To establish the API connection and use the required data mappings, see the Fix Data Mappings section in the CrowdStrike Connection article.  
Note: This supported fix and recommendation data is only for newly created fixes. Currently, it does not update existing fixes, so it is not backwards compatible.

API

You can see the latest changes to the API in the API changelog.

Export vulnerability details

You can now use the API to export vulnerability details. For more information, see the Request Data Export endpoint documentation.

Pick which fields to export for assets and vulnerabilities

You can now pick which fields are returned in asset and vulnerability exports. For more information, see the Request Data Export endpoint documentation.

Custom fields export

When no VM custom fields are defined, vulnerability exports will return custom_fields: [].

Export Details update

When you export details about a vulnerability, the “connector_definition_name” is now “connector_name”.

 

Bug Fixes

The Cisco EULA now links to the Privacy policy instead of the Product Specific Terms. 

When a Tenable.io connector run was performed, it might have intermittently failed because of an SSL error. 

The ServiceNow CMDB connector settings page no longer returns a 500 error when an unresolvable host is set. 

If the name of a child risk meter contained an underscore character (_), the name did not wrap and displayed incorrectly. Now if the name of a child risk meter is long, the text wraps and displays correctly. 

Checkmarx XML payloads no longer fail if a timestamp is unparseable. 

Users might have seen different industries listed on their Mean Time to Remediate and Total Risk Score Over Time graphs. 

 

June 2023

New Features and Updates

Changes to Custom Fields in Cisco Vulnerability Management (formerly Kenna.VM)

Cisco Vulnerability Management now supports the same data types as custom fields in AppSec. In addition to the existing numeric data type, the following data types are supported:

  • Date: Supports a searchable calendar date
  • Short string: Maximum of 50 characters
  • Long string: Maximum of 500 characters
  • Dropdown menu: List of static choices that appears when you click on a title
  • Attachment: Supported file types are PDF, JPEG, JPG, PNG, and XLSX. Maximum size of 2 MB

For more information about creating custom fields, see Creating a Custom Field.

Vulnerability Endpoints

The vulnerability endpoints in Kenna API V2 now also support custom fields.

Vulnerabilities tab of the VM Explore page

On the Vulnerabilities tab of the VM Explore page, when you click Display, if you have 10 or more fields, a scroll bar appears beside the list, making it easier to scroll through the available fields.

API

You can see the latest changes to the API in the API changelog

Rate Limit

The Error documentation has been updated to include more information about the rate limit. For more information, see the API documentation.

Bug Fixes

  • Now when vulnerabilities are created in Cisco Vulnerability Management (formally Kenna.VM), only CVEs are included in the Findings sections of the KDI, and they open as findings.
  • A custom field created with a long name from the Cisco Vulnerability Management Explore page, now displays with its correct name in the Edit window.
  • Vulnerability scores are now rounded to the nearest whole number rather than displaying with a decimal point.
  • When the Black Duck Hub Connector sent a GET request for vulnerability reports with a valid authentication token, a 401 error no longer returns. Now, GETs retrieve valid vulnerability reports and then the data is ingested.
  • When you set the priority of an asset in a MS Defender Connector run to a value other than the default value of 10, the asset priority no longer resets to the default value on subsequent connector runs.
  • The count for the number of records in the stream record count is now accurate.
  • When you try to create or edit application locators with a name that already exists, AppSec now informs you that there is a duplicate name, and you can now fix it before the application locators are applied.

June 7, 2023: Special Update

Introducing Vulnerability Assessment with Cisco Secure Endpoint!

Cisco Vulnerability Management (formerly Kenna.VM) is now integrated with Cisco Secure Endpoint. Use it for the following things:

  • Do end-to-end Cisco asset data gathering
  • Improve vulnerability detection and analysis
  • Enhance your reporting

For more information, see the Cisco Security blog post and the Cisco Secure Endpoint  documentation.

May 2023

New Features and Updates

Toolkit: Snyk V2 Connector

The findings of this Connector have multiple identifiers associated to them. Now, when these findings are ingested, the findings ID is split, and then new findings are created for all the unique identifiers. So, the findings are separated, indexed and searchable.

Important: All previous findings will change to a Completed state. A new connector run will reindex findings. If you are tracking a specific finding by an ID, you must re-point to the new identifier. For more information, see the readme.md.

Custom Fields pagination

Added Pagination to the Settings > Custom Fields page. Custom fields are displayed page by page, rather than one long list.

API

You can see the latest changes to the API in the API changelog

The following changes have been made to the API V2:

New Vulnerability APIs

We’ve added the following vulnerability APIs, that provide access to custom fields for a vulnerability:

  • Show
  • Update
  • Bulk Update
  • Search
  • List

Bug Fixes

On the VM Explore page, when you click Display and scroll to the bottom of the page, the Display menu options no longer overlap the main navigation bar at the top of the page.

Previously, when you applied an SLA that had a fix published date as the due date basis to a vulnerability that did not have a fix, a due date was applied.

On the VM Explore page, in the Search help, the example syntax for the Term Existence Check was updated so that it works when it is pasted into the search box.

If there is a timeout enforced, the Tripwire (IP360) connector now renews sessions by setting a shorter lookback to a successful run, resolving the API error, and ingesting the reports (audits).

 

April 2023

New Features and Updates

Amazon Web Services (AWS) Inspector V2: Toolkit Release

The AWS Inspector V2: Toolkit Release is a vulnerability management and scanning service for AWS workloads. It captures vulnerabilities and unintended network exposures. It can scan Elastic Compute Cloud (EC2) instances and Amazon ECR Container images. For detailed information about the AWS Inspector V2, see the README.md in GitHub.

Note: The AWS Inspector V1 (now named Classic) Toolkit connector is supported until a full migration occurs.  

Virtual Tunnel Client: Release – 1.4.3

For users of the Virtual Tunnel, the current release 1.4.3 makes it easier to start, simplifies the UI to reduce confusion, and improves your overall user experience. In addition, there was an issue with network requests when using proxy configurations. This problem is now fixed.

Deduplicate CrowdStrike assets against Wiz assets using the EC2 Instance ID

The Wiz toolkit connector is updated to pull in the EC2 Instance ID. Now the Wiz toolkit connector consumes five points of asset locator information, including the External ID, MAC address, IP address, Hostname and the EC2 Instance ID. This update fosters deduplication capabilities with inbound data sources, such as CrowdStrike, so you can use it to deduplicate CrowdStrike assets against Wiz assets using the EC2 Instance ID. For more information, see Running the Wiz task.

API

You can see the latest changes to the API in the API changelog

Pick Your Fields for Asset Exports in the Request Data Export API Endpoint

You can now select the fields to be used for an asset export in the Request Data Export API Endpoint. This update has the following criteria:

  • Field selection is specific to the asset model in the Request Data Export endpoint.
  • Selecting fields is specific to the API and not supported in the UI.
  • You cannot combine field selection with slim exports.

For a complete list of the fields supported, scroll down to the BODY PARAMS section on the Retrieve Data Export page. 

Bug Fixes

The following bugs are fixed:

When creating a risk meter, you can’t specify the roles that can access it

Problem: When you created risk meters (asset groups), you couldn’t select roles that could access the risk meter, because the Roles drop-down list was empty. 

Fix: The Roles drop-down list is now populated, and you can select from it. 

The Updated On date and Last Updated fields displayed different dates

Problem: The Updated On date on the Vulnerability CVE Description detail page, and the Last Updated field on the Vulnerability Intel Explore page were populated from different fields, so they had different dates. 

Fix: The fields now use the “Last Modified Date” information, so they display the same date.  

The error message for failed connector runs didn't provide useful information 

Problem: When a connector run found corrupted files, it failed and returned a generic buffer error that wasn't informative for users.

Fix: Now, when a connector run fails because of corrupt files, the following error message displays: "There was an error running the [Name of connector] connector. Please try again. If you continue to encounter issues, please contact Support."

The Create Vulnerability API didn't update notes correctly

Problem: When you used the Notes parameter in the Create Vulnerability API, the note was also applied to the associated asset.

Fix: Notes are now applied only to the vulnerability that is being created.

The Lacework toolkit syncs fewer records than expected

Problem: The hosted Lacework toolkit imported fewer records than expected.

Fix: All records returned through the API are now processed.

The Lacework connector didn't import all CVE vulnerability details

Problem: The Lacework connector didn't import all the CVE vulnerability details into Cisco Vulnerability Management.

Fix: This connector now imports all CVE vulnerability details.

________________________________________

For past release notes, see the Archived Cisco Vulnerability Management Release Notes

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

0 comments

Article is closed for comments.