Kenna Release Notes – Kenna FAQ

Q3 2018 Release Notes

Q3 saw some exciting improvements to the platform, as well as a new Threat Feed and several new and improved Connectors.

Role Based Access Controls are now available to administrators to create custom permissions for their users from a list of present permission groups. These can be found under User Roles from the Settings menu when selecting "Custom Access".

Microsoft Superseded Patches are now supported in Kenna. Any fixes that are superseded by another patch will be rolled up to the most recent patch.

Custom Field Sort is available now on the Explore page.

Updated Connectors:

Bugcrowd - now importing remediation advice in the Scanner Fixes field
WhiteHat - now displaying the Severity field
OWASP ZAP - improved data import quality
Qualys - improved data import quality

New Connectors:

Tanium Comply (in beta test phase)
Cherwell Ticketing (in beta test phase)
Acunetix

As always, if you're interested in beta'ing a connector, just contact your Customer Success Engineer or other Kenna Security support person!

New Threat Feed - Proofpoint Emerging Threats Intelligence has been added as a threat feed to Kenna's Predictive Modeling Technology. Your vuln scoring now includes data points from Proofpoint, among other best in class threat feeds.

Q2 2018 Release Notes

Several API enhancements. See API changelog.
Application Risk Module launched.
Exploit Predictions launched.
AppSec Top Fixes added.

Q1 2018 Release Notes

Several API enhancements. See API changelog.
Filter vulnerabilities by running kernel via Qualys connector.
Custom vulnerability risk score override.
New BugCrowd connector launched.
Customize SLA Policies based on found dates, creation dates, or published dates.
Imperva WAF connector launched.
WhiteHat Source connector launched.
OWASP ZAP connector launched.
BlackHat exploit kits now monitored and tracked.
Proofpoint Emerging Threats intelligence added.
New Risk Accepted Over Time chart.
New False Positive Over Time chart.

Q3/4 2017 Release Notes

Several API enhancements. See API changelog.
New CSV Uploader
Asset details page now filters vulnerabilities by status

Summer 2017 Release Notes

Several API enhancements. See API changelog.
Bulk editing of Asset owners in Home.
Support for Fortify On Demand formats via the Fortify connector.
New BlackDuck connector launched.
New Outpost24 Outscan connector in beta.
Support for custom values in ServiceNow ticketing connector.
Support for ServiceNow CI ID as an asset identifier in Kenna.
Support for multiple IP's per asset in ServiceNow CMDB connector.
Support for new WebInspect format.
New Malware Exploitable filtering and info on vulnerabilities.
Support for multiple templates in ServiceNow Ticketing connector.
Asset operating systems updated by OpenVAS connector.
Support the tracking of vulnerability statuses of the same vulnerability on multiple ports of a single asset.

Spring 2017 Release Notes

Several API enhancements. See API changelog.
Scanner scores are now available in the Vulnerabilities tab on the Home page.
Dashboard 2.0 is here!
ServiceNow CMDB Connector beta release. Contact your Customer Success Manager for access.
Asset IDs added to Top Fixes exports
New "Include All Assets" filter on the Home page.

Winter 2017 Release Notes

Number of Fixes added to Risk Meter summaries in dashboard & reports
Remedy Connector launched for Remedy On Demand and on-premise
Jira connector now supports Jira 7 and Jira Cloud
Checkmarx connector launched
New Alert: Connector Failure
Notes field now included in CSV exports

Fall 2016 Release Notes

ServiceNow connector now supports custom tables
Kenna now supports CWE identifiers in addition to WASC-TC and CVE
Nexpose and Qualys connectors now create individual entries for "informational" vulnerabilities
Subscribe to reports
All file based connectors now support .zip uploads
SAML support is here!
Several API enhancements. See API changelog

Summer 2016 Release Notes

Launched new SLA Settings to automatically set due dates for vulnerabilities.
Launched new Alerting feature!
Added separate connector for Qualys WAS
Auto-tag assets with application name from Qualys WAS
Search on "vulnerability_found" dates in Home. More search syntax here.
Link to vulnerabilities list in Home from both Top Fixes Vulns Affected and Fixes tab Vulns Affected
Added current Risk Meter score, risk reduction score, operating system to Top Fixes CSV
Display alternative Fixes for a vulnerability from Fixes tab or Top Fixes
Added ip address restrictions on access of Kenna instances
Added ability to perform a negative search on fix published date
Changed Top Fixes CSV export format to one asset/fix per line
Several API enhancements. See API changelog
Added D2 Elliot exploits to platform and Easily Exploitable filter

Spring 2016 Release Notes

Edit Risk Meter Groups criteria using the pencil icon from the Home page
Several API enhancements. See API changelog
Edit Risk Meter Group names from the Dashboard using the pencil icon
Added "Send via Email" to Top Fix Groups
Added ability to sort Fixes by number of vulnerabilities addressed in Fixes tab
Added ServiceNow & Jira integrations to Top Fix Groups
Top Fix Groups: We've added a list of top fixes by risk reduction for each Risk Meter
Support for Auto-Close of vulnerabilities imported from McAfee VM
Added a Consequence tab for Fixes to display the potential risk of not fixing a vulnerability
Support for Qualys hierarchal tags
Added ability to search on Fix Published dates. Example: fix_published:<2015-11-01
Accept .fpr file uploads with the Fortify connector
Display Qualys protocol information along with ports in Asset details page
CVE description added to the Vulnerabilities API end point
Include Solution information in ServiceNow tickets
Re-activate inactive assets that are found by a scanner
Increased password complexity requirements

Winter 2016 Release Notes

"grey out" Risk Accepted and False Positives in vulnerability grid on Home
Vulnerability grid on Home is now sorted by Score (high to low)
Added several new search functions including: scanner_id, absence of service ticket, and leading wildcards. See doc for more details.
Added Risk Meter score to Vulnerabilities tab in Home.
ServiceNow Connector Updates:

Support for ServiceNow templates
Populate tickets with Scanner IDs

Tenable SecurityCenter tags now imported by connector.
Several API enhancements. See API changelog.
Role Based Access Control - Details here.
Reporting 2.0 - Details here.
Automatically inactivate assets based on "last seen" date using Asset Settings menu.
New Nessus Importer connector to import scan info without running a new scan.
Vulnerability due dates associated with individual vulnerabilities.
Filter for Remote Code Execution vulnerabilities in Home page.
Added ability to perform a re-scan of a vulnerability using Nexpose connector.
Added support for Qualys EC2 asset tracking method.
Added support for Qualys Canadian platform.

Summer 2015 Release Notes

API Updates

There were several updates made to our RESTful API. See API doc for changelog.

Qualys Connector Updates

Ability to pull in PCI flag value of Qualys vulnerabilities and filter on it.

Security Center Connector Updates

Ability to pull in “Risk Accepted” vulnerabilities from Security Center and store them with a Risk Accepted status in Kenna.

UX Updates

Persistent setting preferences in datagrid display (Home page). Ability to hide asset tags when viewing assets and vulnerabilities tabs in Home page.

New Integration

We launched our ServiceNow integration allowing Kenna users to generate and track service tickets directly from Kenna.

Winter 2015 Release Notes

Added Massive Bulk Edit Operations on Vulnerabilities.
Added Risk Accepted vulnerability state.
Added False Positive vulnerability state.
Discovered dates now displayed in the vulnerabilities table in Home.
Closed dates now displayed in the vulnerabilities table in Home.
Ability to filter on vulnerable ports in Home.
Support for Nessus 6.
New Dashboard Compare tab displays vulnerabilities trending by operating systems and tags.
API Updates: There were several updates made to our RESTful API. See API doc for changelog.

Q4 2014 Release Notes

Add Massive Bulk Edit Operations on Assets.
New OpenVAS Connector.
New McAfee Vulnerability Manager Connector.
Display and sort assets by Risk Meter score.
Add ability to send Fixes via email.
New Type Ahead searching of asset tags.
Zero Day Vulnerability flagging of assets.
Ability to download fixes to csv.

Summer 2014 Release Notes

New Simplified Changelog Format

Filter vulnerabilities by locator type.
Add color scales to Risk Meter hover: Hovering over a Risk Meter exposes the green, yellow, red color scale.
Beyond Security connector: Kenna now integrates with BeyondSecurity vulnerability scanner.
Qualys certificate authentication: Qualys connector now works with Qualys certificate authentication.
Expose references, CVE's and assets for each “fix” in Fixes tab.
Dell CTU threat data now included and correlated with vulnerabilities.
Threat Trends: Dashboard now includes ThreatTrends pane including successful exploit and attack data across all of our threat sources.
Qualys WAS connector: Kenna Qualys connector now pulls associated Web Application Scan data from Qualys.
Fine grained scan scheduling: When scheduling Nessus scans through Kenna you can specify exact time of scan.
Individual RM asset scores displayed in asset table: Each asset in asset table includes color coded risk meter score for that asset.
Filtering of Fixes view: When filtering vulnerabilities or assets, only the Fixes for those vulnerabilities and assets are displayed in Fixes tab.
Include scanner ID’s in Omniview vulnerability table: ID's from scanner vulnerabilities can be displayed in Vulnerabilities tab.
TypeAhead suggestions for tags.
API Updates: There were several updates made to our RESTful API. See API doc for changelog.

March & April '14 Release Notes

Dell SecureWorks Integration

Kenna now offers full integration with Dell SecureWorks. SecureWorks customers have Single Sign On between the Counter Threat Platform and their Kenna instance. All asset information synched in Kenna can be imported into the SecureWorks Counter Threat Platform.

Web Application Attack Correlation

Kenna now tracks web application attacks from over 50,000 web sites and correlates those attacks with your open vulnerabilities in order to prioritize remediation on those that are under a large volume of attack.

Additional Fields Included in Data Exports

We've added additional fields to vulnerability exports. The additional attributes include custom fields, active internet breaches, and easily exploitable vulnerabilities.

API Updates

We continue to add more functionality to our RESTful API. The latest updates allow for automating your vulnerability management program with file upload and connector run capabilities. The majority of API updates were to the Connectors end point. You can find a list of our API updates here.

January & February '14 Release Notes

Deactivate Assets

Kenna now has the ability to deactivate assets within your account. This allows users to filter these deactivated assets out of their asset and vulnerability views and not include any of these stats within your dashboard metrics. Just like tagging and prioritizing, you can deactivate assets in bulk using our bulk editing menu that appears after selecting multiple assets.

IP Address Range Searching

A common operation requested by our users has been searching assets by IP ranges. With this newly added search syntax you can now look for groups of assets by IP range. The search syntax is specific, for example, to search a range from 192.168.1.1. - 192.168.100.100 use the following search: ip_address_locator:[192.168.1.1 TO 192.168.100.100]

User Interface Redesign

Our New User Interface Provides All Data in a Single View.

You've probably noticed this one but we have completely overhauled the user experience. With our new interface we have combined assets, vulnerabilities, and patches into a single, filterable and searchable view. All of the filters in the right hand sidebar will filter your view against all of these and include a Risk Meter score. Creating asset groups and Risk Meters for the dashboard are all within a click of this new omni-view. You can read the full details here.

Perimeter Scanning

With the help of our partners at Qualys, Kenna now offers perimeter vulnerability scanning that is fully integrated within the application. You can kick off perimeters directly from our sign up process or by creating a perimeter scanning connector using the Connectors tab.

December '13 Release Notes

Vulnerable Ports

For several connectors including Nessus and Qualys, Kenna now tracks vulnerable ports. Once a connector run is complete, you can filter your vulnerabilities by vulnerable ports from within the Vulnerabilities tab. This can be helpful in several use cases. One example: If you have multiple web services running on an asset and receive an SSL vulnerability, you can track this vulnerability to the vulnerable service running.

If a vulnerable port is detected, that port will also be added to the asset in the Assets tab as an open port.

Qualys Dynamic Asset Tags

In addition to Qualys Asset groups, Kenna will now automatically create new asset tags when a dynamic asset tag is discovered within Qualys. This will allow users to filter and report on these dynamic asset tags within Kenna, as well as create Asset Groups and associated Risk Meters for their dashboard.

Nexpose Site Tags

Our Rapid7 Nexpose connector will now automatically tag assets with their Nexpose Site Name as they are synched into Kenna. This will allow users to filter and report on these site tags within Kenna, as well as create Asset Groups and associated Risk Meters for their dashboard.

Performance Improvements

We've deployed tremendous performance improvements largely due to our new search and indexing infrastructure. In December we migrated our search and indexing over to Elastic Search primarily for performance reasons. With Elastic Search the Vulnerabilities tab loads on average 50+ times faster than previously and the Assets tab loads on average 30+ times faster than before. The differences are obvious and we think you'll be pleased. We're not done though, watch for more performance increases coming soon to a production environment near you.

Nexpose Auto-Close

On the heels of launching auto-close for Nessus, Kenna now supports auto-close for Nexpose as well. This works for both the Nexpose XML and Nexpose API connectors. Kenna will now monitor the differences in your scan outputs from Nexpose and automatically close vulnerabilities that are no longer detected, making it much easier to track state of your vulnerabilities over time.

Expanded Port Filtering

Last month we began tracking vulnerable ports and allowing users to filter on the top 10 vulnerable ports and top 10 open ports across their environment. This month we expanded the filtering and reporting capabilities to include all vulnerable and open ports.

On-Premise Jira Support

Through our virtual tunnel appliance, we now support on-premise Jira integration with Kenna. You'll need to deploy your virtual tunnel appliance on your network where it will have access to your Jira server and make sure you check the "use Virtual Tunnel" option within your Jira connector configuration. For more information on our Virtual Tunnel appliance please contact support@kennasecurity.com.

More API Improvements

We continue to make enhancements to the API. Some of the recent improvement include a partner API for managing client accounts and SSO integration. For a full least of API features and changes please see our API documentation: https://api.kennasecurity.com.

November '13 Release Notes

Nessus Auto-Close

The latest versions of the Nessus XML and API connectors produce deltas and auto-close vulnerabilities no longer found. The connector analyzes which assets were scanned with which plug-ins to determine whether or not the asset is still vulnerable to specific vulnerabilities. If they are found to have gone away, our connector will now auto-close them in Kenna for centralized tracking throughout the vulnerability lifecycle.

To learn more, see our blog post on Nessus Auto-Close.

October '13 Release Notes

Risk Meter Dashboard

The Risk Meter dashboard provides an at-a-glance view of security risk across organizational assets. With the new dashboard, you can now save a Risk Meter based on asset groups to view at any time within your dashboard page. New asset groups are automatically saved to the dashboard for later viewing. You can also create asset groups directly from the dashboard just by clicking on the New Risk Meter button.

The Risk Meter Dashboard provides this view of security risk across any group of assets.

Asset and Vulnerability Groups

Saved search has been modified to allow for the creation of asset and vulnerability groups. These groups can be created through any of the filters, tags, and searches used in the assets and vulnerabilities tab. All Asset Groups are automatically saved to the Risk Meter Dashboard as noted above.

To save an Asset or Vulnerability group just perform a filter or search against your assets or vulnerabilities and then click Save. You will be prompted to name the asset or vulnerability group. You can then view the group at any time with the link provided in the upper right of the sidebar.

Filter Assets by Connector

You can now filter your assets by connectors. This can be used to quickly tag all assets coming in from a given connector or creating asset groups by connector. You'll find the connector filter in the sidebar of the Assets tab.

Qualys Tag Importing

In addition to Qualys asset groups, Kenna now automatically imports Qualys asset tags and tags those same assets. This allows for greater continuity between your Kenna and Qualys asset structure. This update does not yet include Qualys dynamic tags which will be added in a later release.

More API Improvements

September '13 Release Notes

Risk Meter

The Risk Meter is an asset-based measure of the security risk a group of assets poses to an organization. Our proprietary algorithm is based on the following signals:

Adjusted CVSS: We adjust the scores with an algorithm which ensures that CVSS is a better indicator of the probability of a breach.
Exploit Analytics: Does a vulnerability have known exploits or breaches and are they being observed in the wild? Is this vulnerability a popular target?
Asset Priority: How critical is the asset to your infrastructure? You can modify this priority in bulk or individually.

The Risk Meter will give you an at-a-glance look at your risk across a select group of assets. As you filter your assets your Risk Meter score is dynamically updated. To view the Risk Meter just navigate to the Assets tab.

Dynamic Patch Reports

As part of the launch of the Risk Meter, we now have a dynamically updated patch report to match each Risk Meter. As you filter or search against your assets, the Risk Meter score will update to reflect those assets and the patch report will include the patches and advisories related to the assets within the current view. The patch report itself is sorted in order of risk reduction prioritizing the patches that will have the greatest effect on your environment.

You can view the new dynamic patch reports within the Assets tab located directly under the Risk Meter.

More API Improvements

We continue to make enhancements to the API. Some of the recent improvement include primary_locator's to asset responses, asset id's to vulnerability responses, definition data to vulnerability responses and much more. For a full least of API features and changes please see: https://api.kennasecurity.com.

Qualys Asset Tag Import

In addition to Qualys asset groups, we now automatically import Qualys asset tags and tag your new assets with those tags. This allows users to maintain a structure they have established within Qualys and then expand on it with additional tags and meta data. The QualysGuard connector will automatically pull in these tags with your new assets.

August '13 Release Notes

Nessus API Connector - Command & Control
We added a connector for Tenable Nessus that takes advantage of the Nessus API. This connector is in addition to both our Nessus XML connector and the Security Center connector.

With this newest connector Kenna users can schedule the importing of vulnerabilities and assets on a daily, weekly or monthly basis. Our Nessus users can also schedule and kick off scans with their Nessus scanner directly from Kenna. By combining this new functionality with our virtual tunnel, you can ensure all of your on-premise scan reports are loaded automatically into your instance of Kenna.

New Asset Filtering & Searching

New facets have been added to the Assets tab. You can now filter your assets by Service Names, Open Ports, Service Protocols, Service Products, Connector Names, and Connector Types.

We recently wrote a blog post on some examples of using the service and port filtering in combination with nmap scans. Check it out and let us know what you think.

Multi-Tag Roles
We received a lot of requests from our users in expanding our role-based access controls to allow for multiple tags to be assigned to a role. Well you asked and we delivered.

With multi-tag roles, you can take advantage of existing structure setup in your scanners to grant access to specific assets as they show up in Kenna to only those who need it. This gives our users the ability slice up their reporting and dashboards by many tags while still managing a smaller amount of roles by grouping tags within them.

Qualys EU Platform Support
Our Qualys connector integration has been extended to support the Qualys EU platform. The connector works just as before but now gives you the option to authenticate to both the US and EU Qualys platforms.

API Improvements
In addition to several performance improvements made to our API we have also added new data such as returning all tags associated with an asset when pulling asset data via the API. You can find more details about these changes and all of our API functionality at api.kennasecurity.com.

Expanded Virtual Tunnel Capabilities
We expanded the connectors our Virtual Tunnel works with to include the new Nessus API connector, the Nexpose API connector, the Jira connector, and the Qualys connector.

Our virtual tunnel is a virtual appliance that allows for connectivity between your Kenna instance and your on premise tools.