Kenna Release Notes and Bug Fixes

December 2021 Release Notes

Kenna API Docs

The Kenna API docs were just updated and have a number of new benefits! 

  • Categories of endpoints are alphabetized for easier searching.
  • Each endpoint has its own page, organized into drawers that drop down. No more scrolling through the whole page! When you want to look at another endpoint, you need to click into it.
  • System Role Users are able to add their API Key/X-Risk-Token with the "Try It!" button and see working code examples in any number of different codes including curl, Node, Ruby, PHP, Python and more!
  • Anyone who has previously bookmarked an old endpoint will be redirected to the top of the new API Docs page.
  • This change means we can deliver high quality and timely updates to the API Documentation.


New Toolkit Connectors for the AppSec Findings Model

  • JFrog Xray Toolkit Connector - Software composition analysis solution that continuously performs vulnerability scanning of open source binaries for security and license compliance risks. See JFRog.
  • Netsparker Toolkit Connector - The only tool that found 100% of vulnerabilities w/ 0 false positives in a 3rd-party test. Detect 8,700+ vulnerabilities & risks. Minimize false positives. Streamline remediation. Trusted by 15,145+ users. Flexible & robust API. 2-way integrations. See Netsparker
  • NTT (formerly Whitehat) Sentinel Toolkit Connector - Sentinel Dynamic platform rapidly and accurately finds vulnerabilities in your websites and web applications. This best-in-class SaaS platform is ready to scale to meet any demand. See NTT Sentinel.
  • Qualys WAS Toolkit Connector - Qualys Web Application Scanning (WAS) is an all-in-one cloud solution for all your web apps – providing continuous web app discovery, detection of vulnerabilities and misconfigurations, virtual patching, and quarantining. See Qualys WAS.



ServiceNow has certified the newest release of the Kenna.VM ServiceNow app on Quebec and Rome. This edition adds a filter that allows a customer to ingest a subset of information based on the Kenna risk score.


Bug Fixes

  • Findings counts for specific Apps were not correct in AppSec Explore for those using the findings model.


November 2021 Release Notes

General UI

Hierarchical Risk Meters via API

Hierarchical risk meters can now be created via the API and we have a script for this on our github! The script will take a csv of descendant risk meters and add them to a parent.

Warning Message Before Deleting Users
Last month we released the warning message regarding deletion of shared dashboard views and more details can be found below. This month it was updated so that the message only shows when an admin is attempting to delete a user that actually has shared dashboards.


We now have three new Toolkit Connectors:

  • BugCrowd - Bugcrowd reduces risk with coverage powered by our crowdsourced cybersecurity platform. Go beyond vulnerability scanners and traditional penetration tests with trusted security expertise that scales — and find critical issues faster.
  • Wiz - Wiz scans every resource across your entire cloud stack and multi-cloud environment using a 100% API approach that deploys in minutes.
  • Burp Suite - The web vulnerability scanner behind Burp Suite's popularity has more to it than most. Burp Scanner uses PortSwigger's world-leading research to help its users find a wide range of vulnerabilities in web applications, automatically.

Bug Fixes

  • Asset and vulnerability counts were inconsistent in child/descendant risk meters.

  • Nexpose connectors were failing when they saw unmapped vulnerability definitions.

October 2021 Release Notes

General UI

Multiple Roles Per User Increase

Last month, we released Multiple Roles Per User. Users were allowed to assign up to 5 roles per user. Now the limit has been increased to 10 roles per user!

New Warning Message Before Deleting Users

For users that have shared dashboard views, the following warning message will be displayed: 

"Warning! Deleting a user will remove all of their Dashboard Views.

Are you sure you want to delete NAME?

This is a permanent action and cannot be undone. If you desire to retain Dashboard Views created and shared by this user, consider resetting their User ID and Password rather than deleting the user. Read more."



Kenna.VI+ App in ServiceNow Store

The Kenna.VI+ app is now live on the ServiceNow application store for Quebec and Rome releases.  

Bug Fixes

  • For VI+ customers, we were returning all fixes associated with a given CVE rather than only returning fixes containing URLs & product information, resulting in unhelpful data.
    When attempting to delete a role with no users assigned, an error message was popping up suggesting there were users assigned.
  • Customers using DUO 2FA were being sent to bad pages.
  • Tags containing commas were very difficult to delete.
  • The KDI was not accepting multiple WASC IDs per scanner vulnerability, causing the connector run to fail.
  • The Nessus API connector was not functioning with the Kenna Agent.
  • The Teneble SC connector was not properly logging out at the end of the connector run causing customer to run out of API sessions over time. Now the connector logs out after each run.
  • For customers with the "Asynchronous Asset Export" setting turned on, assets were not being exported from child risk meters.
  • Some customers using vulnerability-based risk meters were seeing assets appear in groups where no vulnerabilities matched the risk meter filters.

September 2021 Release Notes

General UI

License Usage Page

Customer admins can now check their license usage from the Kenna Platform. The new license page indicates what products customers are licensed for (VM & AppSec) as well as how much of the license is being used. Customers will also be able to see their Organization ID used by Cisco as a company identifier. Navigate to the upper right-hand corner and select the dropdown menu. Once the dropdown appears, click on the sub-menu of "Licenses". 



Multiple Roles Per User (MRPU)

MRPU has completed its staged rollout. Previously, a user could only be assigned one roll. This change should reduce the administrative burden in managing roles. Customer admins now have the ability to assign up to five Multiple Roles Per User. Please refer to the help page for detailed examples and explanation.

Alert Options for Subscription Expiration (VM, AppSec, VI, VI+)

Users may now subscribe to receive email or in-app alerts for VM, AppSec, VI and VI+ subscriptions that are about to expire (48 hrs notice) and that are expired.



Mac Address Normalization

Mac Address Normalization is now available for existing customers and there will be a separate email to all Admins about getting this turned on. You can read about how it works at the bottom of this article on Understanding Locator Order.


Remediation Guidance

Remediation Guidance is now displayed as a default field on the Finding Details page! This information supports remediation efforts. This field maps to the "solution" field on the vuln_def record in the KDI. 


AppSec Findings Locator View

AppSec findings now support Locator view on AppSec Explore showing findings for File or URL locators when selected from Summary of Findings. Previously a customer would be re-directed to the Findings detail view when they selected a File or URL locator from the summary of findings view. Now that behavior has changed to direct the customer to the individual findings view showing all findings when a locator is selected in the summary view. See attached screenshots below for selecting the locator from Summary of findings and being directed to the individual findings view showing all findings for that specific selected locator.

Here, the user clicks on the link to . . .



. . . which brings the user to this detail page showing all findings for that locator.



Kenna.VM in ServiceNow Store

The Kenna.VM App in the ServiceNow store has been certified on the ServiceNow Quebec release.


Bug Fixes

  • Read only users were unable to edit dashboard views that they owned.
    Asset exports did not have a column for image_id or container_id.
  • Fix emails were missing a list of affected assets when the "apply to all" button was selected for the search terms to apply to all assets in Explore.
  • When using the CSV Vulnerability (with Details) export from the UI, if a given vulnerability had only a single scanner vulnerability open but one (or more) closed scanner vulnerabilities as well, the Details column in the export included details for all of scanner vulnerabilities (open AND closed). Now it will not include close vulnerability details.
  • Both Total Risk Score Over Time (TRSOT) and Mean Time to Remediation (MTTR) graphs on the
  • Home page lagged one day behind the current date.
  • Scanner Vulnerability identifiers were shown in both upper and lowercase in Explore but queries required the lowercase scanner_ids to return results.
  • For Exodus Customers: Zero-Day EIP-2013-0021 was removed from the Exodus feed but still existed in Kenna as a zero-day vulnerability definition. The vulnerability definition has been removed.
  • Top Fix groups Affected Assets counts were not aligning with the count of assets associated with a fix in a risk meter.

August 2021 Release Notes


Improved Connector Run Error Messages 

This is an ongoing project where error messages will continue to be improved through iterations of this project. If a connector run fails, users will see more comprehensive error messages designed to reduce frustration, improve resolution time and enable customers to self resolve in as many instances as possible without having to contact support. 

Two specific areas have been improved: 

    1. Precise & Consistent Descriptions - Error messages are no longer generic and will identify the application that is posting the error and alert the user to the specific problem, rather than a vague generality. Error messages will use consistent verbiage across various connector sources, reducing confusion around the meaning of any given error message. 
    2. Clear Next Steps - The error message will provide clear solution steps and/or exit points. If the next steps involve calling technical support, the word “Kenna” has been removed in order to not confuse customers which may need to call an MSSP.

MAC Address Normalization for New Customers

As of August 11, 2021, we will normalize mac addresses for any newly signed up customer. Conflict between vendors' representations of mac address cause mismatch/duplication of assets. Kenna can now normalize incoming mac addresses and improve deduplication of assets in Kenna. Read more on this at the bottom of this article on Understanding Locator Order.

This release does NOT impact existing customers - existing customers will be included in a phase 2 rollout targeted for September 2021. 

Connector-level Custom Ordered Locators for the Crowdstrike Connector  

Previously, Custom Ordered Locator configured at the connector-level for the Crowdstrike connector was being ignored. The Crowdstrike connector would always use the Kenna default locator order. Now the Crowdstrike connector uses the following order by default. If the order is changed, the Crowdstrike connector will use the custom order instead.

The Crowdstrike connector default is:

  1. external_id_locator
  2. ec2_locator
  3. netbios_locator
  4. external_ip_address_locator
  5. hostname_locator
  6. url_locator
  7. file_locator
  8. fqdn_locator
  9. ip_address_locator
  10. database_locator
  11. application_locator
  12. mac_address_locator


Enhanced Text Searching for AppSec Findings 

Previously AppSec findings text search could support only an exact match on the vulnerability ID or full name. Text search in findings now allows users to search on key date ranges, applications, locators and now supports wildcard searches! In order to use this feature, a customer must be using the AppSec findings model. Open the search help box from within the platform to review your search options!


Bug Fixes

  • Previously, when the "NOT" modifier ( '-' ) was placed next to a vulnerability search field, the expected behavior was reversed - the field:value pair was included. This fix restored the expected behavior so that now when a '-' is used next to a vulnerability search field, the search excludes said field:value pair. 
  • The True Risk feature of descendant Risk Meters has been fixed so that the number of vulnerabilities shown on the True Risk page is the same as the number of vulnerabilities shown on the reporting page in the "N Vulnerabilities" link. Additionally, the number of assets on the True Risk page reflects the correct number of assets for the vulnerabilities shown.
  • The "Active Assets and Open Vulnerabilities Over Time" graph on the reporting page was including inactive assets for certain risk meters. From the end of June through August customers may see that the "Active Assets and Open Vulnerabilities Over Time" graph has an increase in assets due to inactive assets being included. However, going forward customers will only see active assets included in the "Active Assets and Open Vulnerabilities Over Time" graph. 
  •  Service Now description and short description fields were fixed to properly populate vulnerability information and the integration has been fixed.
  • Validation and an error message has been added to the bulk update API endpoint for vulnerabilities to prevent users from updating vulnerabilities with invalid or blank statuses.
  • A job that sends emails on newly identified malware was fixed and emails have resumed.
  • The fix_title_keyword parameter when used to create a descendant risk meter has been fixed so that descendants inherit this parameter.


July 2021

Feature Releases

Name Description

Audit Logs for Toolkit Use

Customers now have visibility into which task is using the toolkit. The toolkit uses User-Agent in the HTTP header, and therefore activity will be logged.

Example: user_agent:Kenna Toolkit - veracode_asset_vulns 

Findings Filter in AppSec Explore

Findings can now be filtered on created date in AppSec Explore.

Updated Prisma Connector External ID Locator

For an asset with either a CONTAINER_ID or IMAGE_ID, the Prisma Connector no longer maps to EXTERNAL_ID automatically. This is a Prisma/Twistlock connector behavior change.

On the Asset Detail page, the presentation of fields (EXTERNAL ID, CONTAINER ID, IMAGE ID) has been updated to truncate the ID string and offer a “copy to clipboard” action button to get the full ID string. The reason for this UI change is to better present the very long IDs (often more than 256 characters) within limited horizontal space than to allow for the string to continue off the screen.image001.png


Bug Fixes

  • An issue was discovered when clicking the "Search for Scanner IDs" link in the vulnerabilities tab of Explore. If scanner_id contained spaces, a search term with improper syntax was populated.
  • Now if the scanner_id displayed in the vulnerabilities tab is a clickable link, it populates a search term with acceptable syntax.
  • Email alerts for malware were not sending.
  • Clearing data from a field on an asset was not removing the data.
  • The KDI was failing all payloads if the only locators specified for an asset were image or container_id.
  • The "Reset Filters" button in Explore was removing filters but not search queries. Now both the filters and search box are cleared.
  • Invalid queries were being validated and showed an Update/Save button, but no Risk Meter would be created. Now invalid queries cannot be saved.
  • Scanner Vulnerability identifiers were shown in both upper and lowercase in Explore but queries required the lowercase scanner_ids to return results. There are now two fields  (scanner_id: and scanner_unique_id:) which are case sensitive

June 2021

Feature Description

KDI Mac Address Validation Changes 

We have removed format validations and added a 30-character maximum length validation to the Mac Address field in the KDI. 

The benefits of these changes are:

  • The KDI will exhibit similar behavior to other connectors.

  • The 30 character maximum length validation on the mac address field will prevent users from inputting long strings of bad data into Kenna.

Search by 'role name' in User Settings UI

Customers can search by role name in the user settings UI. Previously the search was limited to searching by User name or e-mail ID.

Key Points
  •  Customers will now be able to search by Role Name in addition to the already available search by Name of user or E-mail in the User Settings UI.
  •  The Search bar has been widened to include the "entire role name".
  • The functionality for role name search mirrors that of the currently available "Name or E-mail" search and also allows for prefix based Search (for eg. If searching for a role name with a word  "webgoat" if the user types in "goat" the roles matching the keyword "goat" will be returned").image2021-6-16_19-10-17.png
Handling of older assets not recently seen during Kenna Connector Runs Assets which are outside of the set retention and purge periods will not be imported during connector runs. You can read more about this in our updated Asset Purge Period Setting article.

VI+ Updates 

1. Now customers can search for CVEs by Qualys KB Id (QID) to find all associated CVEs.

  • Functionality is for VI+ clients only
  • The endpoint accepts a comma separated list of QIDs, via the qids query parameter
  • If more than 10 QIDs are submitted, results are returned for the first 10 QIDs
  • If given an unknown QID, result will be empty
  • Results will be grouped by QID - example of the response will be in the API docs


2. We added a link to the specific source of a given exploit to the "Show Vulnerability Definition" response.

Prisma Cloud Connector Updates

1. ALAS Findings

Prisma Cloud Connector ALAS (Amazon Linux Advisory Services) findings were previously being presented in Kenna as informationals and the associated CVEs were not being scored.  There can be a 1:1 relationship with CVE or a 1:Many relationship with a CVE, similar to QIDs.  We now present the proper scoring for the CVEs associated with the ALAS finding. Please note that the Prisma Cloud scanner does not identify which specific CVE is or is not present on the asset, therefore we show all the associated CVEs. 

2. Prisma Informationals

We added support for Prisma ID Security warnings to the Prisma Cloud Connector so that Kenna brings these in as informationals. Many vulnerabilities are publicly discussed or patched without a CVE ever being assigned to them. While monitoring open source vulnerabilities, the PAN team identifies vulnerabilities you need to be aware of, and assigns PRISMA IDs to them whenever applicable.

For example, let’s review PRISMA-2021-0020. A user found a bug in the Python package click and opened an issue through its open source repository in GitHub. PAN research team found this issue and determined it explains a valid security vulnerability. Although no CVE was assigned to this vulnerability, our team promptly assigned it a PRISMA identifier, and analyzed the correct range of affected releases. Affected customers were alerted of this vulnerability despite the lack of any public vulnerability identifier.
If a CVE is ever assigned to a same PRISMA vulnerability, the CVE takes over and the PRISMA entry is fully replaced by it.



May 2021

Feature Description

Kenna VI+ API Changes:

  • Change to the Show Vulnerability Definitions Endpoint
  • New Show Malware Hashes Endpoint 
Popular Malware exploitable CVEs were collecting large numbers of malware hashes which could create very large responses when querying the "Show Vulnerability Definitions" API endpoint and sometimes caused 504s. For all CVEs, we removed malware hashes and replaced them with a malware count field in the response to that endpoint. A new "Show Malware Hashes" endpoint was created where you can query those CVEs to get the hashes. 

Home Page Changes

  • Client-Scoped Homepage
  • New Bulk Update Permissions Endpoint


All widgets on the Home Page now reflect full customer data regardless of role. This change will not affect System Roles of Admin, Normal, and Read Only.

Data made unavailable to a Custom Role will be greyed-out and the user will not have access to click. For example, on the "Today's Risk Meter Scatter Plot" Custom Roles can click on "Not Accessible" to see unaccessible risk meters represented as grey dots.

Admins have the ability to enable/disable home page access for any custom access role. A new endpoint was created to Bulk Update Permissions for custom user roles.

Further details are available on the Kenna Home Page article.

New Asset Purge Period Setting

A new feature is available which will automatically purge inactive assets according to a timeframe selected by the customer administrator.

Currently the feature is available to all customers in test and production instances.  Customers are required to choose a retention period by July 1st, 2021. If a retention period has not been chosen by July 1st, Kenna Security will default to the following settings:

  • Production Accounts - 180 day retention period
  • Test Accounts - 30 day retention period

Further details are available on the Asset Purge Period article.

Improved Connector Error Messaging 2.0


Following last month's release, error messages continue to be improved as an ongoing effort to build a database of potential errors and corresponding comprehensive error messages to display to the customer. 

Two specific areas have been improved: 

  1. Precise & Consistent Descriptions - Error messages are no longer generic and will identify the application that is posting the error and alert the user to the specific problem, rather than a vague generality. Error messages will use consistent verbiage across various connector sources, reducing confusion around the meaning of any given error message. 
  2. Clear Next Steps - The error message will provide clear solution steps and/or exit points. If the next steps involve calling technical support, the word “Kenna” has been removed in order to not confuse customers which may need to call an MSSP.
Client Setting to Increase the Asset Export Limit in the UI

There is a new client setting called “Async Asset Export” that can be enabled in client environments. When enabled, this setting will increase the UI asset export limit to 500k (from 100k) by changing the export to process in the background and send the user an email to download the file as a GZIP (this is similar to the process for Vulnerability and Fix exports from the UI).

This setting is turned off by default. When it is not enabled the UI, asset exports in the client's environment will continue to have the 100k limit and download directly in the browser as a CSV.

Added Image ID and Container ID to KDI

For a customer who wishes to use the KDI for a container scanner that doesn't have a connector yet, we added container and image locators in order to map the ingested data for image or container assets.  

April 2021

Feature Description

Risk Meters:

Dashboard Views and Faster Risk Meter Creation

Improved Risk Meter Drop down for Dashboard Views

Users now see enriched information in the Risk Meter drop down when creating and modifying Dashboard Views.

  • Risk Meter score
  • Risk Meter color coding
  • HRM hierarchy (first-level child and sibling Risk Meters)

It is also possible to add the child Risk Meters to Dashboard Views without adding parent Risk Meters.


Optimized Risk Meter Creation

Risk Meter creation speeds markedly improved in both the UI and API.


Improved Error Messaging

Improved Connector Run Error Messages

Users now see more comprehensive error messages designed to reduce frustration, improve resolution time, and enable self-resolution of issues in as many instances as possible without the need to contact support.

From the Connectors page or Home page, you see detailed messages that identify the application that is posting the error and alert the user to the specific problem. The message also provides clear solution steps and/or exit points.

Note: The error message indicates if/when users should reach out to support after following the suggested troubleshooting steps.

Bug Fixes:

Unassigned Roles Deletion and Search Queries Streamlined

Deleting Unassigned Role

Unassigned roles that returned an error message when attempting to delete can now be deleted.

Search Queries

Some search query results were impacted by the order of the query, which returned inconsistent results. Users will now find search queries return the same results regardless of the order of the query.

March 2021

Feature Description

Risk Meters:

User Role Creation

Improved Risk Meter Drop down for User Role Creation

Improved the Risk Meter drop down menu for creating or editing User Roles. Now you can use type-ahead in the Search bar.


You can click the arrow to expand child hierarchy.




Export Vulnerabilities with Full Solutions from the UI

You can now see a column for 'Short Solution' and a column for 'Solution', which has the full scanner solution.




Vulnerability Exports Limit Increase to 500K with Details from the U

For the existing vulnerability export with details, an increase in the limit from 100k to 500k vulnerabilities with details was implemented.


Important: These export features must be turned on by request by your customer success team. If you do not engage regularly with a CSM or a CSE, please contact support if you want these turned on.


Prisma Cloud Compute Edition (PCCE)

Search By Image

Ability to search by asset identifier for images ingested from the Prisma Cloud Connector and the containers that are running them.



Changes to Alternate Fix Button Location and Vuln CSV Export Column

Alternate Fix Button Location

Users do not need to scroll down the page to see the Alternate Fixes Available button in Explore.


Vuln CSV Export Column

The previously named 'Solution' column has been renamed to 'Short Solution' to better describe the content. The column named 'Solution' now reflects the full scanner solution.

Note: If you are using a script that references these column, please take note and make sure you are pulling the data you intend.

February 2021

Feature Description

VM Explore:

Search Result

Search result speed improvement in Risk Meter when using the All Groups drop-down in the top left of the VM Explore page.




Remote code execution (RCE) added to the Kenna.VM and Kenna.VI+ client-facing API.

In addition, Kenna.VI+ API has popular targets added to it.



Prisma Cloud Compute Edition (PCCE)

Scheduled Scans

Scheduled Scan functionality has been added to PCCE connector.

Registry/Repo Information

Ability to present Registry and Repo Tag information for each of the scanned images. It prepends the word registry or repo to the tag for easier identification as seen in the image below:



Pop-ups Fix

Previously, when you reached the bottom and continue scrolling, the content of the pop up did NOT scroll and got cut off. Now, after reaching the bottom of the dropdown you can continue scrolling.



January 2021

Feature Description

Hierarchical Risk Meters:


  • Users that have created child risk meters can export that data from the UI.
  • Use the same button in the front-end to export parent or child risk meters.

Note: Exporting children from the API is not a part of this release, but will be a part of the work to support HRM in the API.


Audit Logs:


The Audit Logs feature in GCP has the same functionality as Audit Logs in AWS and allows clients to pull down data regarding user-initiated events that happen in the client’s instance of the Kenna application and the Kenna API.

It also allows clients visibility into user behavior in their Kenna instance so they can be responsive to any breaches and/or nefarious behavior.

For more information on Audit Logs or how to configure this feature, please refer to the below information:


Search Capability

Ability to search by container ID for clients using Prisma Cloud Compute Connector.




For past release notes, please refer to this archived page. 

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request



Article is closed for comments.